Browser Warning Icon on Insecure Web Forms
Google and Mozilla have released their helpful and hurtful (for developers) upgrades. These upgrades are to improve the overall security on the Internet...
Chrome 56 and Firefox 51 will be displaying a message in the address bar that a page is insecure if it has password or personally identifiable information fields (such as credit card). If you have not seen these updates, then check for updates in your Web Browser(s) (usually accomplished by pressing options > Help > About {browser name}).
Please note: There are other security updates in this browser update for each browser; therefore, avoiding the upgrade is not a good idea, because it will leave you vulnerable.
In case anyone (even I did) gets any ideas to place a password or personal info field on a HTTP page and allow it to be submitted over a secure (HTTPS) connection. However, this is, in practice, unsafe, as hackers and eavesdroppers can track the information sent into the request and obtain the information anyway.
Apparently, this is only the beginning of what's planned. Eventually, both browsers will display a "Not Secure" message beside/adjacent password fields and other fields that should be secured to protect private information. In addition, Mozilla will plan to use the padlock with red line through it for every HTTP page, and Google will include Not Secure message in the address bar for every HTTP page as well.
Noted on their help page here
How do you remove this message from your website's pages? Mozilla says, "In order to host content over HTTPS, you need a TLS Certificate from a Certificate Authority. Let’s Encrypt is a Certificate Authority that can issue you free certificates."
OTHER REFERENCE NOTES:
Google has published this guide:
Please discuss this below to let us know what techniques you are using to improve your own site, or let us know your thoughts on this endeavor by these big two browsers.
| You may have observed the following icon in Firefox: |  |
| How about this icon saying "Not Secure" in Chrome: |  |
Please note: There are other security updates in this browser update for each browser; therefore, avoiding the upgrade is not a good idea, because it will leave you vulnerable.
In case anyone (even I did) gets any ideas to place a password or personal info field on a HTTP page and allow it to be submitted over a secure (HTTPS) connection. However, this is, in practice, unsafe, as hackers and eavesdroppers can track the information sent into the request and obtain the information anyway.
Apparently, this is only the beginning of what's planned. Eventually, both browsers will display a "Not Secure" message beside/adjacent password fields and other fields that should be secured to protect private information. In addition, Mozilla will plan to use the padlock with red line through it for every HTTP page, and Google will include Not Secure message in the address bar for every HTTP page as well.
Mozilla wrote:Firefox will display a lock icon with red strike-through red strikethrough icon in the address bar when a login page you’re viewing does not have a secure connection. This is to inform you that if you enter your password it could be stolen by eavesdroppers and attackers.
Noted on their help page here
How do you remove this message from your website's pages? Mozilla says, "In order to host content over HTTPS, you need a TLS Certificate from a Certificate Authority. Let’s Encrypt is a Certificate Authority that can issue you free certificates."
OTHER REFERENCE NOTES:
Google has published this guide:
Google wrote:HTTPS is easier and cheaper than ever before, and enables both the best performance the web offers and powerful new features that are too sensitive for HTTP. Check out our set-up guides to get started.
Please discuss this below to let us know what techniques you are using to improve your own site, or let us know your thoughts on this endeavor by these big two browsers.