Matters pertaining to ones online security should not be taken lightly. Most of the services we used to access in the past from brick and mortar institutions have moved to online platforms. Why visit your Bank branch yet there is internet banking? You need a passport, log into the eCitizen portal and carry out your application. Apparently, the government has also started trials on digital passports have your biometric info in a bid that it claims will limit cases of identity theft.
Vehicle ownership and transfer has officially made its way to the TIMS portal. Now you also have to file your tax returns solely from an online portal. Matters pertaining to filling manual application forms are yesterdays. Today, it is all about the convenience that comes with new technology. Why visit a physical store yet you can shop in any one of the e-commerce storeās that give you the option of either paying with your credit or debit card. Some even support our very own mobile wallet, M-Pesa.
Unfortunately, this convenience comes with a risk attached to it. Ignorance from a number of individuals also does not help to sustain this situation. All the online portals have one thing in common. They require you to create a username and a password so as to access your account.
How many times have you checked the security of a webpage before inputting your login credentials? Do you understand the difference between a HTTP connection and a HTTPS connection? You should get yourself acquitted with them else you are vulnerable to hacking.
Fortunately, Google and Mozilla are implementing new measures to warn users about websites vulnerable to hacking. The latest Google Chrome browser version 56 and Mozilla Firefox browser version 51 will alert users if they are trying to submit sensitive information over insecure HTTP connection rather than the safer HTTPS protocol.
HTTP uses an open, unencrypted connection between you and the website youāre visiting that could be intercepted by anyone monitoring traffic between you and the site. Thus it is never a good idea to share login or credit card information over an HTTP connection.
The non-secure labelling will occur on pages delivered over HTTP that include forms that have password fields. Chrome has gone a step further and will also label a HTTP connection insecure if it has credit card fields. The non-secure labelling will occur in form of warnings in the address bar to explicitly indicate that the connection is not secure. Where Firefox will use a padlock icon with a red line striking it through to indicate that a connection isn’t secure, Chrome will explicitly put “Not secure” in the address bar. Google intends to eventually include the “Not secure” message in the address bar forĀ allĀ pages delivered over HTTP, whether they contain passwords or not.
āStudies show that usersĀ do not perceiveĀ the lack of a āsecureā icon as a warning, but also that users become blind to warnings that occur too frequently.
In following releases, we will continue to extend HTTP warnings, for example, by labelling HTTP pages as ānot secureā in Incognito mode, where users may have higher expectations of privacy. Eventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS.ā
-Emily Schester, Chrome Security Engineer
Labelling a webpage as insecure is only one way. The webpage developers and online portal managers have to implement two-factor authentication. It does not hurt at all to do so. It will even show that they value the security of their clients. We cannot end without saying that VPNs also add a layer of security to our traffic whenever we browse. Security ultimately starts with you.