Google Will Mark All That Websites Unsecured, Which are Using HTTP!

Use of HTTPS will be a must for all websites from 2017. Recently Google has declares that from the starting of 2017, Google Chrome will start warn internet users by giving them a warning of “Unsecured Connection”. It will happen when user will visit that website, which is not using HTTPS. This rule will be applicable for all that websites, which are transmitting credit card details and passwords. According to a report of security researchers, there are 40% websites which are transmitting Credit Card Details and Passwords of users through a HTTP using websites. It will be a beneficial initiative from Google Chrome to save the Credit Card details of internet users from cyber crooks.

Why Google Will Do This?

It seems like, breaching a database is an easy task for hackers now a days. If websites are using HTTPS protocol, the sensitive information of users is 60% safe from hackers. Rest of 40% depends on the development skills of developers and security skills of server admins. Google will show warnings in URL bar, just before url of that website which is not using HTTPS. Internet users are ignoring legitimate security warnings and it motivates the hackers to perform different type of attacks to steal sensitive information of users.

As we often wrote in our blog posts, a little mistake may lead all your business to a huge risk. The details of personal accounts are also a subject of confidentiality. Google Chrome will show a security warning in URL bar in form of a text, "Your Connection to this site is not private”. Emily Schechter (Member of Chrome Security Team) wrote in one of her blog post, hackers can modify information of a website which is using HTTP protocol. Hackers may change information of website as per their benefits, before reaching to the browser. If Google Chrome will alert the users regarding this security threat, users will not share their sensitive information. Some Security Researchers are saying, the term “Not Secure” will not look that much genuine. According to them. Google should use “Not Encrypted” instead of “Not Secure”.

If a website is using HTTPS protocol. It doesn’t mean, it is secure form other threats. Having a HTTPS padlock in url bar, doesn’t make a website secure. Hackers may use, HTTPS protocols on fake websites as well, to manipulate the users of a legitimate websites. HTTPS only provides data encryption at transport layer. It doesn’t mean, website is secure from all the major attacks, such as SQL Injection, XSS Attack and Remote Code Execution etc.

Websites, which are processing credit card details are very sensitive. On the other hand, users expect more privacy from browsers for a number of websites. According to a stats repot of Google, Users often use incognito mode of browser to open these websites. Google will warn all these websites about this security issue. It seems like, Google want to set HTTPS as its default protocol, but Google Chrome officials are not clear about it.