Keeping sensitive data safe from inappropriate access and disclosure is of the utmost importance. It is as well important for users to find out what sensitive data they are handling and what steps are needed to protect it.
For this reason, Mozilla & Google are taking new steps to warn internet users about sending sensitive data to websites vulnerable to hacking.
In the latest updates to the Chrome and Firefox web browsers (versions 56 and 51, respectively), users will be told if they’re submitting sensitive information over insecure HTTP connections — rather than the safer HTTPS protocol.
As noted by Chrome security engineer Emily Schechter, the old approach simply isn’t noticed by most users. “Studies show that users do not perceive the lack of a ‘secure’ icon as a warning, but also that users become blind to warnings that occur too frequently,” wrote Schecter last September.
“In following releases, we will continue to extend HTTP warnings, for example, by labelling HTTP pages as ‘not secure’ in Incognito mode, where users may have higher expectations of privacy. Eventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS.”