The Chrome lock icon is on its way out. When Really Simple SSL started many years ago, more than 50% of the Chrome page loads did not use HTTPS. On a broader spectrum, the web was not encrypted by SSL/TLS for even less than that, topping a mere 14% in 2013. This year Chrome is expecting a stable coverage of 99% of page loads to be over HTTPS. But why is the lock being replaced?
The padlock icon instills a false sense of security
After a 2021 study about the padlock icon specifically, it seemed the padlock icon instilled a broader sense of security and trustworthiness that should be appointed to the icon.
We found that the majority of respondents (89%) had misconceptions about the padlock’s meaning. While only a minority (23%-44%) referred to the padlock icon at all when asked to evaluate trustworthiness, these padlock-aware users reported that they would be deterred from a hypothetical shopping transaction when the padlock icon was absent.
Specifically, the padlock icon only denotes a secure connection but does not mean the website is secure. For this, you would need more than HTTPS – Security Headers, Hardening, Vulnerability Detection, etc.
The change should not induce any false sense of security but should trigger a user to find more information and seek control over more settings relating to security, but also privacy, and other browser settings.
So what’s next?
Meet the new ‘tune’ icon, which will be available in Chrome 117 somewhere in September. If there are connection issues, Chrome will still give direct feedback in the address bar or in the browser window.
We recommend Really Simple SSL users that relied on the padlock icon for information about HTTPS connection to use our SSL Health check in the plugin itself. To improve security for your website, there’s Really Simple SSL Pro
SSL Health check in Really Simple SSL