Chrome "Not secure" warning: FAQs

Overview

When using Chrome version 68 or later, some users may see a "Not secure" warning in the address bar:

Information

Why am I seeing the words "Not secure" in my Chrome address bar when I visit certain webpages?

Version 68 and above of the Chrome browser will display a "Not secure" warning in its address (URL) bar on any webpage that is HTTP instead of HTTPS — that is, on any page that hasn't been secured through a technology called SSL/TLS.

Does Google have an official page about this warning?

Yes. These Chromium blog posts explain this change and gives illustrated examples:

Does this apply to the University of Oregon homepage or other UO websites?

Yes, this will affect some UO websites. The university uses several different platforms for hosting websites, and the answer to this question depends on the platform.

At one end of the spectrum, websites that use UO Blogs (https://blogs.uoregon.edu), a WordPress-based web publishing service, are already all secured via HTTPS, so the "Not secure" warning will not appear on those pages.

At the other end of the spectrum, the UO Class Schedule (classes.uoregon.edu) is currently available only via HTTP, so a warning will appear if you visit that site.

Many UO websites currently fall somewhere in between: You can access them via either HTTP or HTTPS. For example, both of the following URLs will take you to the UO Information Security homepage:

Does this mean the UO websites are not secure?

UO websites will be just as secure after Chrome starts issuing these warnings as they were before. The university's web forms that require secure input were secured years ago. The big change is that Chrome will now warn its users about all unsecured pages, regardless of the content of the pages or their forms.

Does this mean I should ignore the "Not secure" warning?

No. We highly recommend being attentive to security warnings like this. They are intended to protect you and your data.

In this situation, we recommend using the HTTPS version of URLs when available. For example, use https://uoregon.edu instead of http://uoregon.edu. That way, you'll visit the more secure version of the website in question.

What is the university doing to ensure the security of UO websites?

For many UO websites, the ultimate solution requires upgrading our infrastructure so that these websites are accessible by HTTPS only. That way, all data sent from those websites will be encrypted as it travels on the network. Work on this upgrade is underway and is expected to be completed in winter term (early 2018).

How can I ensure I'm visiting UO websites securely in the meantime?

Make sure you're using the HTTPS version of URLs when possible. For example, use https://uoregon.edu instead of http://uoregon.edu. This works for many, but not all, UO websites, as noted above.

What is SSL?

SSL (Secure Sockets Layer) is a standard technology for providing a secure communications link over a computer network. Websites use SSL — or a later technology, TLS (Transport Layer Security) — to ensure that data moving between a user's web browser and the website she is visiting remains private.

If a website has "HTTPS" in its URL, that means it uses SSL or TLS to protect any data you enter in your browser when that data is sent to the website for processing.

I have more questions. Is there someone I can contact for help?

Yes! Please contact the Information Services Technology Service Desk.

Details

Article ID: 39983
Created
Mon 10/2/17 10:06 AM
Modified
Tue 7/24/18 10:58 AM