The security team behind Google’s Chrome browser has announced that extended validation (EV) certificates on websites will no longer be visible in the latest version of Chrome.
EV certificates, which were introduced in 2007, display a company’s name alongside the padlock symbol in the address bar of a browser. The original intention was to provide users with an extra level of trust on top of the normal encryption that SSL certificates provide.
EV certificates have already been removed from Safari and will be removed from the latest versions of Chrome and Firefox soon. Chrome 77 is set to be released in September and EV certificates will no longer be visible in the browser. Users will still be able to access information about the domain by looking at the Page Info dialogue box when they click the padlock in the browser.
Visible trust indicators
There has been speculation about whether users actually notice the company’s name and padlock in the browser as opposed to the normal padlock and SSL certificate (indicated by https). There are several visible trust indicators with EV certificates, but most are considered to be ineffective as most users don’t even notice them.
Are users making secure choices when they see the bar? Google carried out an extensive survey which found that 85% of users saw nothing strange about a Google page with a fake URL as they thought that Google was a secure company. So they trusted the page merely because the contents looked familiar, rather than checking if the site had a security certificate or not.
A brief history
Google’s Chrome browser started to penalise non-https websites in July 2018, flagging them as ‘not secure’. Many companies then chose to adopt either SSL certificates or EV certificates in order to make their websites more secure for site visitors.
Users are able to tell if a website is secured with an SSL by seeing the padlock and https listed in the address bar. This makes it easier to spot a suspicious website before you pass any sensitive information to a potential fake website. SSL certificates are essential in encrypting sensitive data that is being transferred between the browser and the server, meaning you should always ensure you have an up-to-date certificate in place with your hosting provider.
SSL certificates provide sufficient security information for users and EV certificates just associate the name of the company with the website page, rather than adding extra levels of security.
Read more about the research into EV certificates here.
SSL or EV? Let us know your thoughts about the security certificates by tweeting us @Hyve!