Google is working to make HTTPS forms more secure for the users in Chrome 86

HTTPS or HyperText Transfer Protocol Secure is the secure version of HTTP. It is a web protocol over which data is sent between a browser and the website that the user is connected to. The 'S' at the end of HTTPS stands for 'Secure'. It means all communications between your browser and the website are encrypted and completely secure.

Despite many sites adopting HTTPS worldwide, there are still many pages that show HTTP content. Google has been trying to turn all of them to HTTPS but now, Chrome is going to bring in some changes that will warn the users about insecure forms in the upcoming Chrome 86.

Some forms are on HTTPS, but they do not submit on the HTTPS. These are known as ‘mixed forms’ and they are quite dangerous from the security point of view. They make the users’ system vulnerable to attacks because the information submitted on these mixed forms can be easily viewed by attackers, and then they can allow hackers to read or change sensitive form data.

Previously, Google browser used to have a lock icon in the address bar for the sites that had mixed forms. But now, Google has removed this lock icon too because people still did not understand the threat these forms, and sites posed to them. Google found it an ineffective means for communicating the risks that are associated with submitting data in these insecure mixed forms.

So, from Chrome 86 onwards, Chrome is going to provide an aggressive warning about these mixed forms. Autofill in these forms will be completely disabled, so that will be the first red flag that the user will be shown and will be prompted to stop proceeding with that form and site. However, the built-in password manager will remain functional, but it will offer to provide unique passwords so that the users are refrained from reusing their credentials, as a safety measure.

Even if the user still does not stop, then another warning will be given. It will be a text underneath the field, saying that ‘this form is not secure. Autofill has been turned off.’ And then there will another warning page which will again inform the user with all the potential risks. But it will give the user two options to choose either ‘Go back,’ or ‘Send Anyway.’

The user will then have a completely informed choice to make whether to tread on the risky paths or to go back quietly.

Chrome encourages all the website developers to fully migrate forms on their sites to HTTPS for the safety and protection of their users.




Read next: Google Chrome to Get Bluetooth UI and Touch ID Payments

Featured photo: REUTERS/Dado Ruvic

No comments:

Post a Comment