Applies to: Everyone, especially Google Chrome and Firefox users.
Update: This applies to Firefox users too. Although the message and images look slightly different. If you use Firefox you can read their announcement here.
Loading web pages…
When you go to a web page, it is either loaded over a secure connection… or not.
If you are typing in sensitive data (Credit/Debit Cards, passwords, bank details…) then you should check it is secure before you type it and submit it.
You can tell web pages which have been loaded over a secure connection by looking for a padlock icon in the address bar.
This is how the Inner Circle home page looks in Chrome on Windows, December 2016.
It is loaded over a secure connection, look for the padlock.
NB: Sometimes not all pages on a website are sent over a secure connection. If you are asked for sensitive details then you should check for the padlock on that page.
What is Google Chrome changing in January 2017?
In January 2017 Google Chrome is changing how it highlights pages:
Secure Pages will now look like this:
Note that both have the green padlock. Some websites tell you the name of the company rather than saying “Secure”. This is up to each website owner to decide if they want to do this.
Not Secure pages will now look like this:
When you load a not secure web page, the address bar will look like one of these examples:
List of not secure pages which will trigger the “Not secure” message
- Password box on the page
- Credit/Debit Card form on the page
Other not secure web pages will show like the first of the two not secure examples.
How does this affect you
This is just another handy way to be alerted if a web page is transmitting sensitive data over an not secure session. If a web page is asking for a password or other sensitive data and the address bar looks like either of the options in the ‘not secure’ screenshot above then you should stop and contact the company in question, give them a ring. Never give credit card details in an email or over an ‘not secure’ web page.
But Mike, the Helpful Books (helpfulbooks.co.uk) website doesn’t have a padlock!?
UPDATE Feb 2017: We have now turned on a secure connection for all visitors to https://www.helpfulbooks.co.uk. Read on to find out our thoughts about the process.
True! And we are working on this. We don’t have any pages on our site which ask for or transmit Credit Card details but we are fully aware of the importance of moving towards a more secure web. It is about 3rd on my list of things to do in the new year, right after fixing the pages which don’t work.
Why can’t you just turn the secure connection on?
I wish we could, and we are very close to being able to, but we have multiple pages which cause errors. The other reason is that our current implementation doesn’t work on Windows XP. We had over 100 visitors using XP on helpfulbooks.co.uk last month 🙁 . If you know an XP user please let them know they need to update their computer, we can help you help them.
Update Jan 2017: All pages are now fixed and we have turned on the secure connection for everyone! :). Sadly Windows XP users using some browsers (IE or Chrome) won’t be able to access our website. If you know someone with Windows XP let them know they should upgrade, send them a copy of this page.
Can I try helpfulbooks.co.uk over a secure connection?
You can! Go here https://www.helpfulbooks.co.uk/ and see if you can spot all the pages which return an error… OK, they are not obvious pages.
Will every page on your website be secure?
Yes! Well that’s the plan anyway, it makes everything just that little bit more secure and to be honest makes our lives easier too.
Update Jan 2017: Yes, all content will be served over a secure connection.
I have another question.
Just pop your question in the comments below and I will do my best to answer you as best as I can.
* No Journal Post about security is complete without mentioning XP use, sorry! Don’t worry it will be Windows Vista use soon… bring on April 2017!
[Advanced] Got a craving to see what all the different https error messages look like, check out https://badssl.com/