Reminder: Google switches to HTTPS by default tomorrow



[ad_1]

This site may generate affiliate commissions from the links on this page. Terms of use.

As of tomorrow, Google Chrome will start notifying users who visit unencrypted websites that their traffic is flowing to an unsecured location. This is a transition that we have already covered several times this year, and although this may seem like a minor change, let people know that they are not scared by the passage of "secure" messaging to "unsecure" messaging. important – especially since some sites that do not currently deploy HTTPS will probably need some time to do so.

Today, browsers are warning users that sites are secure with a green lock logo. After tomorrow, users will be notified that the sites are not secure and secure, and that they will be notified by various messages from browser providers. The change is shown below:

Security researcher Troy Hunt is working on a site called WhyNohttps.com, which he intends to launch this week. He plans to gather a list of the biggest websites that do not support HTTPS yet in the hope of shame to adopt a safer standard. CloudFlare noted that despite a wider adoption in recent months, the majority of Top 1M's most popular sites online are still not secure and do not offer HTTPS by default.

For those of you who are unaware, the "https" extension of HTTP means that it is "HTTP". a website is secured with the help of Transport Layer security or TLS encryption. HTTPS protects against intruder attacks, eavesdropping, and tampering with data from websites. That's the feature that Lenovo broke with its Superfish scandal many years ago, and is generally considered fundamental to the whole issue of browser security. And even if not all sites need HTTPS, the availability of free encryption certificates from groups like LetsEncrypt (a nonprofit organization founded by the EFF) facilitates the adoption of the standard. without having to spend a lot of money.

Chrome is the first browser to go through this step with HTTPS, but we expect MS and Mozilla to follow both of them. The Google web page to avoid the "Not secure" ranking in Chrome is available here. Although somewhat dated (some links on the page date from 2016), it seems to offer some useful information to avoid unsecured ratings, including the need to use the native HTTPS rather than embedding a framework. HTTPS connection on an HTTP page. As the site says: "Finally, Chrome will display an unsafe warning for all pages served over HTTP, whether or not the page contains sensitive input fields, even if you adopt one of the most targeted resolutions. above, you should consider migrating your site to use HTTPS for all pages. "

[ad_2]
Source link