Google’s recent update to the browser warns users when websites aren’t automatically protecting their communication.
The increased number of “Not Secure” messages you’re seeing is likely the result of a recent Chrome update. Although it may have seemed like things changed overnight, Google has been on a steady march since 2016to improve connection security for those using its Chrome browser.
But first, some background: Many sites still use the older Hypertext Transfer Protocol (HTTP) to exchange information with a web browser — even though the data passed back and forth is visible to those who knew how to intercept it. By comparison, sites asking for sensitive data like credit-card numbers generally use the Hypertext Transfer Protocol Secure (HTTPS) instead, as it encrypts, protects and authenticates communications between the website and the user’s browser.
Google is part of an increased security push to make these encrypted connections the default standard for websites. In 2017, the company updated Chrome to start labelling web pages with password and credit-card fields still using HTTP connections as “Not Secure” in order to raise awareness about data security. (The New York Times site began to shift to HTTPS connections in early 2017.)
Earlier this year, Google warned it would begin marking all sites not using HTTPS as “Not Secure.” The company began doing so on July 24 with an update to the Chrome browser — which has led to increased warnings when you visit a site using the older protocol.
Sites using HTTPS have received security certificates from trusted authorities to verify their identities, but the certificates themselves can have different validation levels, some of which are easier (and cheaper) to get than others. To stay safer online, make sure you know the company you are communicating with, and encrypt your own connection with a virtual private network and other tools to protect your data further.