How to Deal with the “Not Secure” Warning on Google Chrome

Featured Not Secure Lock for Chrome

Starting with Chrome 68, Google put all non-HTTPS sites in a negative category called “Not Secure.”┬áSites carrying this warning label, Google says, are vulnerable to snooping by others. Without its characteristic padlock,┬áChrome no longer considers any web page safe enough.

This is especially true when you want to share login and payment information. The actual problem occurs when the site is labeled “Dangerous” with a huge red sign. That should make it completely off-limits for any kind of browsing.

google-info-page-not-secure-sites

Ever since the new SSL standards were enforced by Chrome, it left end users confused. Many are not sure if they want to totally avoid the flagged web pages. Even a site like ESPN is carrying the “not secure” badge at the moment. It somehow feels like overreach if you visit such a site frequently.

ESPN not secure warning

How to Remove the Error? Prefix the Web Pages with https

Chrome’s solution for removing the error is to simply prefix “https” in the address bar. That should, theoretically, force the web server to redirect to a secure SSL connection. However, it does not always really work. This is because several leading websites have not bothered implementing the new protocol. From an end user perspective, visiting the site might not offer any risk at all.

time-not-secure-error

The truth is that just because there is a “not secure” badge does not always mean that the site is actually insecure. See the section on “informed risk” for more.

How to Force Web Pages to Enforce SSL

With an extension called KB SSL Enforcer, it is possible to force the web pages to redirect the user to SSL. In most cases along with avoiding seeing the warning, you can also surf more securely under SSL protocol.

kb-ssl-enforcer-official-website

The new SSL rules only have to be enforced as shown below. Again, it may not work with all websites because they might not have any provision to redirect their HTTP pages to HTTPS.

kb-ssl-enforcer-test

Taking an Informed Risk

If you want to proceed with caution regardless of the “Not Secure” error, just take an informed risk and surf without worries. While it’s good to have Google looking out for you, not all web administrators are out there to steal your information.

Let’s face it. These are regular HTTP web pages that have always been around, and it might be safer than what Google says.┬áTechnical reasons for SSL errors include expired SSL certificates, errors in images, CSS, JavaScript and other errors, mismatched TLS and so on.

whynopadlock-test

If you simply want to know whether the website is good enough for casual surfing, there is a web tool called Whynopadlock.com that gives you the entire picture. In the above example a chat site is shown to be passing SSL connection but may have an outdated TLS program. Not all sites need to enforce HTTPS for actual security.

Conclusion

There are many advantages of SSL websites. They not only encrypt your browsing information from third parties but also ISPs that can only look at the main page. A “Not Secure” warning really is reassuring for a regular surfer, especially when payments are involved.

In genuine cases it could seriously mean the site has been compromised. No one likes it when “other people are able to see or change the information you send or receive through a site.”

However, at the moment, it still does not mean that HTTP sites are always unsafe. At the end of the day, it is a matter of choice and you must use discretion.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox