Google and Mozilla are taking new steps to warn internet users about websites vulnerable to hacking. Their web browsers, Chrome and Firefox, have started describing some HTTP connections as insecure as they continue the industry-wide push to promote encrypted HTTPS.
Starting Chrome 56 and Firefox 51, users will be warned if they're submitting sensitive information over HTTP which is seen as an insecure connection, rather than the safer HTTPS protocol.
For Firefox that pushed the attempt first, Mozilla has added a gray lock icon with a red strike through on HTTP pages with forms that ask usernames and passwords, like for example the login page. Clicking on the lock will show users: "Logins entered on this page could be compromised." Previously, the browser just showed a no lock icon.
In Chrome 56, Google is more prominent in showing the warning. Not only HTTP pages that ask for usernames or passwords, it will also warn users if the page's form asks sensitive information like credit cards.
On the other hand, if the a website's page uses HTTPS, both will show the usual green lock that indicates secured connection.
Neither Google and Mozilla had explicitly label HTTP connections as insecure in previous versions of their browsers.
Because non-secured icon as warnings weren't prominent, studies has shown that users do not perceive them as something they need to pay attention to. They have become somehow blind to warnings shown on web browser's address bar.
Usually, websites implement HTTPS only to pages that have forms on them, but leaving the rest of the pages delivered in HTTP. While this is indeed secure, it offers only a minor advantage because pages delivered by HTTP can be readily modified by eavesdroppers. Hackers could simply choose to submit forms to their destination of choice using HTTP, instead of the intended HTTPS location.
HTTP uses an open connection between the user and the website's server they are visiting. Because the connection isn't encrypted, eavesdroppers can intercept any sent data by monitoring the traffic between the user and the server. For that reason, it's never a good idea to submit any sensitive information on pages that use HTTP.
As of January 30, Mozilla stated that 50 percent of websites use HTTPS, a steady rise since November 2015 which was under 40 percent. However, there are still many websites out there that don't use the secure HTTPS protocol yet.
By warning users about potential risks more prominently, both Google and Mozilla as two most popular browsers, can encourage developers of HTTP websites to switch to HTTPS.
Having a website using HTTPS can contribute to many things. Besides security, the website can show its professionalism and care to its users. The search giant Google has also put more emphasis on websites that use HTTPS on their pages.