{"id":16799,"date":"2023-05-09T10:30:00","date_gmt":"2023-05-09T14:30:00","guid":{"rendered":"https:\/\/www.thesslstore.com\/blog\/?p=16799"},"modified":"2023-05-30T12:01:11","modified_gmt":"2023-05-30T16:01:11","slug":"google-to-replace-the-padlock-icon-in-chrome-version-117","status":"publish","type":"post","link":"https:\/\/www.thesslstore.com\/blog\/google-to-replace-the-padlock-icon-in-chrome-version-117\/","title":{"rendered":"Google to Replace the Padlock Icon in Chrome Version 117"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\" id=\"h-farewell-lock-symbol-google-chrome-will-retire-the-padlock-icon-as-the-next-step-in-making-https-the-default-for-all-websites\">Farewell, lock symbol: Google Chrome will retire the padlock icon as the next step in making HTTPS the default for all websites.<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Billions of people around the world associate a padlock icon with a secure, trusted website. But that\u2019s about to change \u2014 Google Chrome has announced they will be <a href=\"https:\/\/blog.chromium.org\/2023\/05\/an-update-on-lock-icon.html\">discontinuing the padlock icon<\/a> starting around September 2023.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This change isn\u2019t because Google no longer thinks HTTPS is important, though \u2014 in fact, it\u2019s the opposite. Google expects every website to have HTTPS <em>by default<\/em>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Why is Google removing this well-known security lock symbol? And what does this padlock icon change mean for your organization, website security, and the cyber security industry as a whole?<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Let\u2019s hash it out.<span id=\"newline\"><\/span><\/p>\n\n\n<span style=\"--tl-form-height-m:150.25px;--tl-form-height-t:121.4583px;--tl-form-height-d:121.4583px;\" class=\"tl-placeholder-f-type-shortcode_12753 tl-preload-form\"><span><\/span><\/span>\n\n\n<h2 class=\"wp-block-heading\" id=\"h-what-s-happening-chrome-to-put-the-padlock-icon-in-the-rearview-mirror\">What\u2019s Happening? Chrome to Put the Padlock Icon in the Rearview Mirror<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">As the <a href=\"https:\/\/www.w3counter.com\/globalstats.php\">world\u2019s most popular web browser<\/a>, Google Chrome is \u201cmov[ing] towards a web that is secure-by-default.\u201d<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This means that HTTPS (i.e., the hypertext transfer protocol secure) should be considered the default security baseline for all websites. Historically, the padlock icon represented this concept in web browsers. The problem? The icon has consistently been misconstrued by users as representing a <em>safe<\/em> website rather than a <em>secure<\/em> one. (No, those terms aren\u2019t synonymous; we\u2019ll speak more about that later.)<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This is why the Google Chrome Security Team announced in a May 2023 Chromium blog post its departure from the traditional padlock icon \u2014 a lock icon that\u2019s been associated with website security for the last 40 or so years. The change will take effect with Chrome version 117 (estimated to be released in September).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The padlock will be phased out for both computer and mobile users:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>On computers, the browser will show a visually generic \u201ctune\u201d icon instead of the padlock<\/li>\n\n\n\n<li>On Android devices, the browser will transition to displaying its new tune icon, and<\/li>\n\n\n\n<li>On Apple iOS devices, the padlock icon (which isn\u2019t clickable) will disappear entirely.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Websites that use HTTP will continue to be flagged as \u201cNot Secure\u201d by Google Chrome. Google expects that all websites should have HTTPS. You might say that HTTPS is the \u201cbare minimum\u201d expected. No HTTPS? Your users will be warned that your website is \u201cNot Secure.\u201d<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-what-the-padlock-icon-will-become-in-chrome-117\">What the Padlock Icon Will Become in Chrome 117<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">So, <strong>what will Chrome display instead of the padlock icon?<\/strong> See for yourself:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"312\" height=\"312\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/05\/tune-to-replace-padlock-icon-google-chrome.png\" alt=\"A screenshot of Google Chrome's new tune icon, which will replace the existing padlock icon starting with Chrome browser version 117. Image source: Chromium.org.\" class=\"wp-image-16802\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/05\/tune-to-replace-padlock-icon-google-chrome.png 312w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/05\/tune-to-replace-padlock-icon-google-chrome-300x300.png 300w\" sizes=\"auto, (max-width: 312px) 100vw, 312px\" \/><figcaption class=\"wp-element-caption\"><em>Image caption: This new tune icon will replace the existing security padlock icon in the Google Chrome browser starting with Chrome version 117. Image source: Chromium.org.<\/em><\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">\u2026 Okay. Interesting. Here\u2019s what it\u2019ll look like in the browser\u2019s address bar when Chrome 117 launches in the fall:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"776\" height=\"1024\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/05\/google-chrome-replaces-padlock-icon-feature-776x1024.png\" alt=\"An example of what the new replacement for the padlock icon in Chrome's browser will look like. Image source: Chromium.org.\" class=\"wp-image-16803\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/05\/google-chrome-replaces-padlock-icon-feature-776x1024.png 776w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/05\/google-chrome-replaces-padlock-icon-feature-227x300.png 227w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/05\/google-chrome-replaces-padlock-icon-feature-768x1013.png 768w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/05\/google-chrome-replaces-padlock-icon-feature.png 940w\" sizes=\"auto, (max-width: 776px) 100vw, 776px\" \/><figcaption class=\"wp-element-caption\"><em>Image caption: A screenshot of the new tune browser icon that is set to replace the padlock icon in Chrome in September 2023. Image source: Chromium.org.<\/em><\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Hmm. It\u2019s not much to write home about, as the saying goes. But why is Google bothering to go through the trouble of replacing a symbol that\u2019s been around for 30+ years?<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Why Change the Padlock Icon? To Continue Moving Toward HTTPS Security as the Default<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The Google Chrome Security Team says the move is based (in part) on the results of its browser UI security study, which showed that the overwhelming majority of users don\u2019t \u201cget\u201d what the lock icon represents. <a href=\"https:\/\/research.google\/pubs\/pub51481\/\">Google\u2019s online study<\/a> of 1,880 users showed that 89% of respondents misconstrued the padlock\u2019s meaning. According to the Chromium update:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"wp-block-paragraph\"><em>\u201cReplacing the lock icon with a neutral indicator prevents the misunderstanding that the lock icon is associated with the trustworthiness of a page, and emphasizes that security should be the default state in Chrome.\u201d<\/em><\/p>\n<\/blockquote>\n\n\n\n<p class=\"wp-block-paragraph\">Fair enough, particularly when you consider that <a href=\"https:\/\/w3techs.com\/technologies\/details\/ce-httpsdefault\">82.6% of websites use HTTPS as the default protocol<\/a>. This means that four in five websites have SSL\/TLS certificates installed \u2014 the majority of which use only the lowest level of identity verification (i.e., domain validation).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">While this new icon is generic and leaves something to be desired visually, we understand where Google is coming from because many users don\u2019t recognize the crucial difference between a safe and secure website. From a security standpoint, this is a crucial delineation we often talk about here at Hashed Out.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Users Need to Know the Difference: Safe \u2260 Secure<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Secure<\/strong> means your data is transmitted securely via an encrypted connection. However, unless you know the verified identity of the person on the other end of that connection, it isn\u2019t safe or trustworthy. After all, a bad guy could easily steal your data if they have the private key that decrypts your encrypted communications. You need another layer of security for trustworthiness: verified digital identity.<\/li>\n\n\n\n<li><strong>Safe<\/strong> means that you know the verified digital identity of the entity on the other end of that connection and that you can trust them to treat your data appropriately. This identity validation is done by the certificate authority (CA) that issues the SSL\/TLS certificate for the website.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Bottom Line: HTTPS Is the \u201cNorm\u201d For All Websites<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">In the old world, HTTP wasn&#8217;t the default. HTTPS was special, and so it was rewarded with the padlock icon. In the new world, every website is expected to have HTTPS. It\u2019s just &#8220;table stakes.\u201d As the Chrome team says:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"wp-block-paragraph\"><em>\u201cWhen HTTPS was rare, the lock icon drew attention to the additional protections provided by HTTPS. Today, this is no longer true, and HTTPS is the norm, not the exception, and we&#8217;ve been evolving Chrome accordingly. [\u2026] We\u2019re excited that HTTPS adoption has grown so much over the years, and that we\u2019re finally able to safely take this step, and continue to move towards a web that is secure-by-default.\u201d<\/em><\/p>\n<\/blockquote>\n\n\n<span style=\"--tl-form-height-m:861.156px;--tl-form-height-t:899.625px;--tl-form-height-d:899.625px;\" class=\"tl-placeholder-f-type-shortcode_12653 tl-preload-form\"><span><\/span><\/span>\n\n\n<h2 class=\"wp-block-heading\">Final Thoughts: Strong Website Security Needs Verifiable Identity (Not a Lock Icon)<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The Chrome Security Team\u2019s announcement assures that the browser will continue identifying insecure websites by slapping \u201cinsecure\u201d labels on them. But when you consider that virtually anyone can get their hands on a <a href=\"https:\/\/www.thesslstore.com\/products\/cheap-ssl-certificates.aspx\">domain validation (DV) SSL\/TLS certificate<\/a>, simplifying informing that a website uses HTTPS on its own doesn\u2019t mean much. There needs to be something extra to provide another layer of security and verification to prove a website is secure, <em>safe<\/em>, and <em>trustworthy<\/em>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This is why it\u2019s going to be more important than ever to assert your digital identity on your website using <a href=\"https:\/\/www.thesslstore.com\/products\/high-assurance-certificates.aspx\">organization validation (OV)<\/a> or <a href=\"https:\/\/www.thesslstore.com\/extended-validation-ssl-certificates.aspx\">extended validation (EV) SSL\/TLS certificates<\/a>. Companies increasingly find themselves combatting phishing scams, <a href=\"https:\/\/www.thesslstore.com\/blog\/email-spoofing-101-how-to-avoid-becoming-a-victim\/\">email spoofing<\/a>, and other fraud-related issues. Knowing this, as the industry progresses toward HTTPS as the default, it\u2019s imperative that companies use trustworthy digital certificates that bring verifiable digital identity to the table. &nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Farewell, lock symbol: Google Chrome will retire the padlock icon as the next step in making HTTPS the default for all websites. Billions of people around the world associate a&#8230;<\/p>\n","protected":false},"author":17,"featured_media":16805,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":"","tve_updated_post":"","tve_custom_css":"","tve_user_custom_css":"","tve_globals":{},"tcb2_ready":0,"tcb_editor_enabled":0,"tve_landing_page":"","_tve_header":"","_tve_footer":""},"categories":[13107,17,10200],"tags":[13232,181],"class_list":["post-16799","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-beyond-hashed-out","category-industry-lowdown","category-monthly-digest","tag-padlock-icon","tag-security-indicators","post-with-tags"],"views":21228,"jetpack_featured_media_url":"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/05\/google-chrome-replaces-padlock-icon-feature-v2.jpg","_links":{"self":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/16799","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/comments?post=16799"}],"version-history":[{"count":0,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/16799\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media\/16805"}],"wp:attachment":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media?parent=16799"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/categories?post=16799"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/tags?post=16799"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}