While there’s wide HTTPS adoption today, HTTP content on secure pages still persists. Google has been working to stamp that out, and Chrome is now turning its attention to and warning about insecure forms. “These ‘mixed forms’ (forms on HTTPS sites that do not submit on HTTPS) are a risk to users’ security and privacy,” says Google in a blog post. “Information submitted on these forms can be visible to eavesdroppers, allowing malicious parties to read or change sensitive form data.” 9to5Google reports: The Google browser today removes the address bar’s lock icon from sites with mixed forms. However, this proved to deliver an “unclear” experience that “did not effectively communicate the risks associated with submitting data in insecure forms.” Starting in version 86, due to hit stable in October, Chrome will provide a more aggressive warning about insecure forms. Autofill will be disabled, but the built-in password manager will continue to offer “unique passwords.” The company argues it’s safer than reusing credentials. Next, the form will show red warning text underneath the field: “This form is not secure. Autofill has been turned off. The last measure will throw up a full-page warning communicating the potential risks. It gives users an option to cancel the action, but there will be a “Send anyway” button.
Read more of this story at Slashdot.
Source:
https://tech.slashdot.org/story/20/08/18/0033257/chrome-86-will-warn-users-about-insecure-forms-on-https-pages?utm_source=rss1.0mainlinkanon&utm_medium=feed