We live in the era of online payments and registrations. Thousands upon thousands of forms are being filled in on the internet every day. It is an integral part of our life. So much so the average user rarely thinks about the security of personal data being sent or becomes ‘blind’ to the warnings displayed too often. While most of the larger companies provide their clients with a secure encrypted HTTPS connection – every now and then you can still stumble upon a form in HTTP. This could lead to a serious data leakage – from a password on a forum to your social security or credit card number being stolen. Both Google and Mozilla integrated more prominent HTTP warnings in the recent updates for their respective browsers.
This feature was already implemented in the beta version of the latest Mozilla browser but with the last week’s official release of Firefox 51 it became available to a much larger number of users. From now on every time you come across an HTTP page asking for a password you will see a grey padlock crossed with a red strike. If you click on the padlock you’ll see a warning: “Logins entered on this page could be compromised.” This is a much welcomed change as previous versions of Firefox simply lacked such a feature – displaying a green padlock for protected HTTPS connections and no notification for HTTP whatsoever.
The Chrome team has taken a similar but a somewhat more explicit approach. The browser displays an information icon with a note “Not secure” in case of a not trustworthy HTTP connection. This warning appears not only for HTTP sites asking for login or password information (like in the latest Firefox) but also whenever you are to provide your credit card details. This is just another step in preventing personal data leakage for Google Chrome users. Further plans include displaying such a warning in incognito mode and eventually labeling all HTTP pages as not secure.
The measures taken by both Mozilla and Google should encourage web-developers to stop using unsafe HTTP protocols altogether, especially while handling sensitive information. As for now you are expected to monitor the safety of your online transactions yourself. Avoiding ‘shady’ pages and using HTTPS whenever possible should help.