Half-secure not good enough for Chrome users says Google

'Confusing' yellow security triangle binned on imperfectly-secured pages

Google has stepped up its effort to make Web site security a little more comprehensible to ordinary users, farewelling the yellow triangle nobody understands.

While the decision falls under the “and it's a good thing too” heading for security experts, there's no doubt it will cause some angst among people whose sites include both secure and insecure elements (images, for example, are often served sans-encryption even when everything else on a page is HTTPS).

Put simply, the Chocolate Factory reckons the difference between “insecure” and “almost secure” isn't worth highlighting, so sites with “minor errors” in HTTPS will simply show as insecure, from Chrome 46 onwards.

“Removing the yellow “caution triangle” badge means that most users will not perceive a warning on mixed content pages during such a migration. We hope that this will encourage site operators to switch to HTTPS sooner rather than later”, the Google security blog post notes.

“We’ve come to understand that our yellow “caution triangle” badge can be confusing when compared to the HTTP page icon, and we believe that it is better not to emphasise the difference in security between these two states to most users.

“For developers and other interested users, it will still be possible to tell the difference by checking whether the URL begins with 'https://'.”

If nothing else, the move demonstrates that presenting security information to punters isn't peripheral, and isn't easy.

Google's had various shots at working out the “best” way to identify secure sites during 2015. Back in February, Mountain View researchers complained that most SSL warning mechanisms habituated users to clicking “OK” on anything they don't understand. ®


Biting the hand that feeds IT © 1998–2017