Chrome HTTP ‘Not Secure’ Label Going Red

by

Login form in Chrome browser with 'Not Secure' label changing from grey to red as text is typed

Chrome 70 released in October 2018 display a red ‘Not secure’ label when entering text on a website that doesn’t have HTTPS certificates.

This is only 1 month after Chrome 69 dropped the green ‘Secure’ label from websites, displaying only a grey padlock for websites with an HTTPS certificate.

Google is making these updates to change the accepted common behaviour of web browsers displaying a positive indication for a secure website (the green ‘Secure’ label), to assume a website should always be secure and display a warning if it isn’t (the grey or red ‘Not secure’ label).

SSL Certificates

An SSL certificate allows information sent through the internet between a website and a browser viewing it to be encrypted so it cannot be read in between. This is important when for example you are sending information such as credit card details or a password. It is just as important when a website is sending information to the browser to be viewed.

When a website has an SSL certificate, it identifies the website address (e.g. www.rubidyn.com) to the browser and the address bar in the browser displays https:// instead of http://.

The SSL certificate has an expiry date and details of who issued the certificate. The browser checks these details and if it has expired, the issuer is not recognised (you can’t just make your own), or the issuer is not trusted or some other reason it thinks it may not be safe, the browser will display the ‘Not secure’ label or similar indication you should be careful.

Have You Upgraded To HTTPS?

In the blog for Chrome 69 there is a screenshot of ABC website still using HTTP. They have since added a secure certificate and using HTTPS and avoided the ‘Not secure’ label.

If your website is still using HTTP then it is overdue for a certificate to be added like ABC has done, to prevent the ‘Not secure’ label. Google intend to eventually display the red ‘Not secure’ label for all websites without an SSL certificate.

Rubidyn have SSL certificates available for most budgets, starting with budget focused Domain validated certificates.