Google will remove the “Secure” indicator in September
Eventually Google plans to remove the padlock icon from its UI, too.
In a blog post made on Thursday, Google announced that it will be removing the “Secure” indicator from its address bar in September with the release of Chrome 69. This is a move that was desperately needed.
HTTPS usage on the web has taken off as we’ve evolved Chrome security indicators. Later this year, we’ll be taking several more steps along this path. Users should expect that the web is safe by default, and they’ll be warned when there’s an issue. Since we’ll soon start marking all HTTP pages as “not secure”, we’ll step towards removing Chrome’s positive security indicators so that the default unmarked state is secure. Chrome will roll this out over time, starting by removing the “Secure” wording and HTTPS scheme in September 2018 (Chrome 69).
As we have stated before, the “Secure” indicator in Google’s UI was never a good idea. Though it was well-intentioned, proposed as a way to incentivize switching to HTTPS, it has instead made phishing websites more effective by adding a “secure” label in the address bar despite the site’s nefarious nature. Phishing has never been more rampant. Now it seems that Google has gotten enough buy-in to remove the indicator, which should help deal a blow to phishers the world over.
The new UI will look like this:
If you’ll notice Google has also eliminated the protocol at the beginning of the URL. It used to start with “https://…,” that will now be omitted.
Emily Schecter, a Google Product Manager handling Chrome Security (and one of the authors of today’s Chromium blog post), recently gave a keynote that discussed some of the reasons Google has decided to drop the protocol and simplify what it displays in Chrome’s address bar. You can watch it below.
Additionally, starting in Chrome 70, which will release in October, Google will begin adding a more intense “Not Secure” indicator whenever you start entering text into an HTTP page.
It’s likely that Mozilla and the other browser vendors will follow suit in the coming months.
This new neutral UI means that Extended Validation will be only the kind of SSL certificate that receives any kind of indicator. And who knows how long that will stick around for. Many non-CA members of the CAB Forum have been discussing removal of the EV indicator for years.
As always, we’ll keep you posted as more develops.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018in Hashing Out Cyber Security
How to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chromein Everything Encryption
Re-Hashed: How to Fix SSL Connection Errors on Android Phonesin Everything Encryption
Cloud Security: 5 Serious Emerging Cloud Computing Threats to Avoidin ssl certificates
This is what happens when your SSL certificate expiresin Everything Encryption
Re-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Messagein Hashing Out Cyber Security
Report it Right: AMCA got hacked – Not Quest and LabCorpin Hashing Out Cyber Security
Re-Hashed: How to clear HSTS settings in Chrome and Firefoxin Everything Encryption
Re-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithmsin Everything Encryption
The Difference Between Root Certificates and Intermediate Certificatesin Everything Encryption
The difference between Encryption, Hashing and Saltingin Everything Encryption
Re-Hashed: How To Disable Firefox Insecure Password Warningsin Hashing Out Cyber Security
Cipher Suites: Ciphers, Algorithms and Negotiating Security Settingsin Everything Encryption
The Ultimate Hacker Movies List for December 2020in Hashing Out Cyber Security Monthly Digest
Anatomy of a Scam: Work from home for Amazonin Hashing Out Cyber Security
The Top 9 Cyber Security Threats That Will Ruin Your Dayin Hashing Out Cyber Security
How strong is 256-bit Encryption?in Everything Encryption
Re-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3in Everything Encryption
How to View SSL Certificate Details in Chrome 56in Industry Lowdown
PayPal Phishing Certificates Far More Prevalent Than Previously Thoughtin Industry Lowdown