Your choice of browser can easily impact your security, as each handles how it informs you whether or not your connection is encrypted differently. This is especially important to recognize, especially when the Chrome browser will soon run counter to the advice users have received for quite some time.
How Chrome is Shaking Up the Conventional Advice
There are two different kinds of websites that use hypertext transfer protocol to deliver content. The first, HTTP, lacks the security that the “S” in HTTPS signifies. If your URL does include HTTPS, it means that the data that you input into the website is protected by encryption measures, keeping it safe from any prying eyes. Historically, this meant that best practices demanded that a user check for a padlock icon in the URL to be sure their browsing was secure.
However, Google is finally acting on a promise to take the opposite tack and instead label those websites that haven’t taken the time to encrypt their communications with their host server. The hope is that this will pressure websites to adopt HTTPS, especially seeing that Chrome is the most commonly-used browser. This approach has been lauded by security pros.
What Other Browsers are Doing
The remaining three of the big four browsers, Safari, Firefox, and Edge, also have plans to change things about their approach to security, but not all of them have plans to flip the script entirely.
Firefox - While Firefox will very likely follow in Chrome’s footsteps at some point, as of right now it still subscribes to the “confirming the page is secure” approach. However, Firefox also alerts the user if a HTTP page contains a login form by displaying a padlock with a strike-through in the URL, and by adding a warning that displays when the cursor moves over one of the fields. There are also plans to make all HTTP pages display the strike-through padlock, no login forms required.
Safari - As of yet, Apple has stuck with tradition, in that they will confirm that a website’s connection is secured through a digital certificate and encryption. However, it is also important to recognize that Apple has also taken additional steps to ensure security, albeit different ones. For example, if a user is on an HTTP page and tries to input login credentials or other sensitive data, the browser will alert them in a similar way as Firefox will, alerts popping up both at the field in question and in the URL bar.
Edge - Again, like Apple, Edge only informs a user when a page is protected, although there is the option to access additional information that explains that the user’s connection isn’t encrypted and could therefore pose some risk. However, this does not extend to input fields on HTTP sites, so you will not be warned before inputting sensitive information into these fields.
In today’s day and age, it is crucial that your business remains secure. Paying attention to the security of the websites you frequent is just one part of that. For assistance with the rest of your cybersecurity, reach out to BNMC at 978-482-2020.