Does "Not Secure" mean HTTP?

What exactly Not Secure means ? Does it means HTTP only website ?

"Not secure" in Chrome means that the site isn't using HTTPS.

What are all possible reasons for site being Not Secure ?

To get the exact error above, it's just when a site doesn't use HTTPS. However, you can get a similar not secure error if the site's certificate is invalid or if there isn't HTTPS over the whole page.

Is it OK to have an Account Login Site asNot Secure ?

No, this is not ok - if somebody can intercept a login request, they can see the user's login credentials. IBBoard made a good point in the comments - having a login site without HTTPS which is on the internal corporate network isn't as dangerous as it being a public site where it can be accessed from your home PC. It's still not secure but the only people who can really MiTM the connection are the company system administrators (assuming the network is setup correctly).

Do Cookies have something to do regarding site as being not secure ?

If the site isn't using HTTPS, this means cookies are sent in the clear. This could cause issues when the cookies contain sensitive data such as tokens, which can lead to session hijacking.

What are possible ways to make this site as Secure and How can I inform the responsible ones to make it Secure ?

By using HTTPS with a valid certificate, Chrome will mark the site as "Secure". However, as stated by Edu, even a website with a valid certificate can be non-secure if is also serving non-secure content such as HTTP images. Mixed content (Having HTTP items in HTTPS pages) is considered non secure. If you're concerned about the security of this login site, I'd express your concerns to the IT department and see what they can do about it.


Does not secure mean HTTP

Yes, at the moment there are rules about which sites using http will show as not secure, which are available here.

Why would this site show at not secure

There are 2 main options:


To be precise: “Insecure” refers to your connection to the server, not necessarily the server itself. It could be that a server offers http as well as https connections. Ideally, it would then redirect any http access to https. If it does not you need to specify the https: protocol explicitly in the URL. Talk to your sysAdm in this case.

Tags:

Tls

Chrome

Related

Is it safe to store a JWT in sessionStorage? Why do compromised web sites often take you through multiple URL redirections? Is it possible to find a buffer overflow in WordPress? What is the purpose of associated authenticated data in AEAD? Do SPF records apply to all subdomains? Oauth2 vs APIKey in a server to server communication What are the toughest SSH daemon settings in terms of encryption, handshake, or other cryptographic settings? Tons of vulnerabilities are found on tcp/0 port using vulnerability scanners Can you directly view a malicious PDF on Linux? Is there a security advantage or risk in removing disabled user accounts? My school wifi asks to 'trust' a certificate on Iphone's, does it this allow them to view SSL traffic? Protecting encrypted data in case of SQL injection

Recent Posts