Technology Training

Scan the above QR code to download and install our App on your Android or iOS device.

What does the padlock in my browser's
address bar mean?

Sometimes that little padlock in your browser’s address bar changes colour, gets an extra symbol layered on top of it, or turns into text. Its basic function is pretty obvious: a normal padlock means the site is safe, while a warning symbol or message means it’s not safe, right? Actually, it’s a bit more complex than that, since the padlock only shows you whether your connection to the site is encrypted with HTTPS and doesn’t provide much insight at all into whether the site itself is legitimate and/or completely secure.

What the secure padlock tells you

Chrome/Chromium, Firefox, Microsoft Edge & Safari all have have slightly different versions of the “safe” padlock, 
but they’re all telling you basically the same thing: this site has received an SSL certificate and is encrypting the data it sends you and the data you send back using HTTPS. That means anyone intercepting your traffic won’t be able to see what you’re doing on the site,
which is especially important when you’re doing things like entering credit card numbers or personally identifiable information.

In a word, a normal padlock icon lets you know that you’re safely connected to the correct site.

What the “secure” padlock doesn’t tell you


 

For those of you not up to speed on SSL certificates, they’re digital proofs that the site you’re visiting was registered with a certificate
authority by the person or company that owns the site. These entities can opt to pay for a more expensive certificate (an “Extended
Validation” or “EV” certificate) that checks to make sure they really are who they say they are (e.g., Amazon.com is owned by the Amazon.com corporation), but pretty much anyone can get their hands on a normal SSL certificate for free
without proving anything beyond their ownership of the site.

So while your connection to the site is safe from prying eyes, the site could easily be run by someone sketchy who will take all your safely-transmitted data and do whatever they want with it. Even if the website is being honestly run, though, an encrypted connection means nothing if one of the parties receiving the data is compromised. HTTPS only covers data while it’s being transmitted, so if it gets to the other end and gets stored on a server with poor security or some other fatal flaw, it’s vulnerable.

 

Bottom line: the padlock means you’re on a safe connection, not a safe website.

All those other padlock symbols

While pretty much every browser uses some form of a closed gray padlock to denote an encrypted connection,
different browsers show you different icons depending on what issues they detect on the site you’re visiting.
Here are a few you should know:

Chrome

The “Not Secure” padlock
message replaces the padlock when you’re on an HTTP page or something else is
amiss. You can click on the message for more details. If you start typing on an
HTTP page, it’ll turn red to emphasize that the data you’re entering might not
be transmitted securely.

Firefox

Firefox’s “Not Secure” message comes in the form of two different symbols: a yellow triangular
warning symbol displayed over the padlock (yellow triangle)
and a red bar crossing out the padlock (Red bar)
These both mean that the site is insecure, but in slightly different ways:

  • The yellow triangle 
     can mean two things: either the website is partially encrypted (meaning it
    uses HTTPS but some of the content is coming from an HTTP connection and
    could be manipulated), or the certificate authority isn’t trusted (meaning
    the site is using encryption, but its certificate seems shady).
  • The red bar 
    means the site is being delivered over an insecure connection (like HTTP),
    and you shouldn’t send any sensitive information.

If you’d like to dig into exactly what the warning is telling you, Firefox provides a detailed breakdown if you click the padlock.

Edge

Security padlock Edge address bar

While this may change once Edge goes Chromium, Edge’s current system is to display the outline of a padlock 
when the connection is secured, a filled green padlock when the site is using an extended validation certificate, and an “i” 
when the connection has some sort of problem, such as with an HTTP connection or mixed HTTP and HTTPS content.

Safari

Safari’s padlock icon 
like Edge’s, will turn green (Security Padlock Safari Greenif there’s an extended validation certificate. If the connection is not
encrypted, you’ll see a “Not Secure” message instead.

The changing faces of the padlock

For quite a long time, most browsers made the padlock a pleasant green color as an indication that the site you were visiting was
standing out from the rest by following good security practices. Now, however, HTTPS has basically become the standard, 
with over fifty percent of the top million sites using it, and the lock has gone gray to indicate that sites that
use it aren’t really that special – they’re just upholding the standard.

In the future, Chrome may actually remove the padlock altogether and only notify users when the site is insecure, as a good
webpage should be using HTTPS anyway. Even if your page doesn’t process any sensitive information,
Google’s search algorithm rewards sites that use encryption, so it’s in every site owner’s best interest to set up an SSL certificate
It might not be a user’s first instinct to check for a padlock, but if they ever see something odd or a warning message in the address bar, 
they’ll probably think twice before entering any information.

Is it safe to go on an unsecure website?

 

What Does It Mean When a Website Is Not Secure?

So, what does it mean when a website is not secure in today’s world? Most web browsers alert users if they view insecure web 
pages by displaying a “Not Secure” warning. This indicates the web page is not providing a secure connection to visitors. When your browser connects to a website, it can either use the secure HTTPS or the insecure HTTP protocol. If a site’s URL begins with HTTP,
it means the connection is insecure, which triggers the “Not Secure” warning.

What Happens If a Site Isn’t Secure?

When a website says not secure it can have serious consequences, especially if it is an eCommerce site. Insecure websites are 
vulnerable to cyberthreats, including malware and cyberattacks. If your site falls victim to a cyberattack, it can impact the site’s
functioning, prevent visitors from accessing it, or compromise your customers’ personal information. In addition, a cyberattack can
damage your company’s reputation and cost you customers.
Research shows if your customers’ confidential information gets compromised, 65% of them won’t return to your site.
Along with the loss of customers comes a loss of revenue, which can be especially devastating to small businesses.

How to Secure Your Site

There are a few ways to secure a site when a website says” not secure”.
One important way to secure your website is by installing an SSL certificate. This establishes a secure connection for visitors and
changes your URL to begin with HTTPS, indicating your site is trustworthy.

In addition, it’s crucial to partner with a reputable cybersecurity provider offering website security solutions. These include automated 
These include automated malware scanning and removal, vulnerability patching to address weaknesses in your site, and a
web application firewall WAF, to block malicious traffic