Chrome’s SSL Lock Update: What it Means for you
The only thing that’s constant is change. This time that consistency spread to Chrome’s lock icon in the website address bar. Google has decided it’s time to remove the SSL lock icon and change it to something more in tune with what it actually represents.
Specifically, they’re going with the “tune” icon, which they feel is much less misleading than the lock icon. You may be thinking: “Why fix something that’s not broken?” A reasonable question to ask.
While the lock icon wasn’t broken and won’t be completely taken away, it won’t be the signal to show that a website is ‘safe’. Not completely anyway. We’ll explain what the lock icon changes mean and what Google’s trying to achieve with it.
What is the SSL lock icon?
So that we’re all on the same page, this is what the SSL lock icon looks like.
It’s been around since the 1990s. At the time of its introduction (and still) they used it to show that there was a secure link between a web server and web browser. It showed that the data transfer was (and still is) secure.
Basically, every time your browser requested data to load a website, that data would have to move from your IP to a server somewhere. That’s a long way for data to travel, and cyber criminals figured out how to steal the data while in transit.
The addition of SSL changed the game because it encrypted the data so even if it was stolen it could never be deciphered. To show that it was encrypted, they used the lock icon.
If you’d like to learn a bit more about how the SSL system works and why it’s important, take a look at our blog on why you should always use an SSL.
SSL lock icon misconception
The folks at Google conducted some research in 2021 and figured out that most users don’t understand what the lock actually represents. The participants were also not too sure what it meant for their browsing safety.
In 2021 they found that only 11% of the study participants knew what the lock icon actually meant. The misunderstanding of what it means could actually cost people their data, and may have cost thousands already.
The lock icon is generally seen as a sign of safety and security. While that is the case, it’s only true when it comes to the data in transit.
Data is in transit when it moves between your web browser and a web server.
It has little to do with a website specifically. This is the misunderstanding that ends up costing people because scam and phishing websites can also use SSL.
What does the tune icon update mean for you?
The major impact the tune icon update will have on your browsing experience is that you won’t be as complacent.
Like we mentioned, scammers also use SSL certificates on their websites to make it more appealing and trustworthy. That’s how they get you.
Google’s plan with the tune icon is to use something more neutral in terms of security. To quote them the tune icon:
- Does not imply “trustworthy”
- Is more obviously clickable
- Is commonly associated with settings or other controls.
Another thing people usually overlook is that you can click the lock (or tune) icon. It shows some information and controls for a website.
Once the tune icon is fully rolled out, you’ll find the lock icon inside it. It’ll still show that a website is using an SSL certificate. Again, this doesn’t mean a website is safe, just that the data transfer is encrypted.
A website without an SSL, or simply HTTP will still receive its insecure notification. That’ll be across all platforms.
Google implemented the change in September 2023, but are still working on fine-tuning it. You should expect it to pop up in the coming months.
A note for iOS users is that the lock icon will be discontinued altogether. The reason for this is that the icon wasn’t clickable in the first place, so they can’t place it inside the tune icon like they would on desktop or Android.
How to know if a website is secure now?
If we’re being honest, the lock was never supposed to mean that a website is secure. The good thing is that the tune update will address this. The not-so-good news is that you’ll have to learn what a safe or secure website looks like now.
If all this talk on website security is making you think about your own website safety, check out these 18 ways to secure your website. Don’t worry, they’re simple additions and things you can train yourself to do so you don’t fall into a phishing or scammer’s trap.
To bring this all around, one of the ways is to check if a website has an SSL certificate. Many scam websites do have one, yes, but that’s a good place to start looking if you’re unsure about a website. Besides checking for an SSL, look for:
- An unusual URL
- Missing information and spelling errors
- Damning reviews
- Unusual payment methods
- The cost of what they’re selling is too good to be true
- A website checker review on said site.
It won’t be any one thing specifically, but a couple of things out of place should make you second guess the site.
Google’s tune icon update ushers in a new and less complacent look at website and browsing security. While they make every effort to make browsing on Google a safe experience, we could all do a little security work to protect ourselves.