What Does the Padlock in Your Address Bar Mean?
Visit any website, and a padlock icon is almost guaranteed to appear in your address bar. This small padlock may lead you to believe that a website is safe or secure—in reality, the padlock icon doesn’t mean much. It simply indicates that a website was loaded through HTTPS, rather than HTTP.
Old HTTP connections were fairly easy to intercept, especially on public Wi-Fi. The HTTPS standard was introduced in the 90s as a more secure alternative to HTTP. It encrypts your connection, making it more difficult for bad actors to spy on your web activity or send malware to your computer.
Until recently, HTTPS was a bit niche. It was mainly used by websites that handled sensitive information, such as banking websites. That’s why Netscape introduced the padlock icon—this icon guaranteed that your connection was secure.
But a secure connection does not mean that a website is trustworthy. Anyone can build a website with HTTPS certification, even hackers and other bad actors. In fact, most phishing websites use HTTPS.
And this is where the confusion begins. Almost all websites now use HTTPS, but in a recent study, Google found that only 11% of people know the meaning of the padlock icon. Some people have no idea what it means, while others incorrectly assume that it’s a sign of trustworthiness.
For this reason, Google is trying something new. It plans to remove the padlock icon from Chrome. Going forward, users will be warned if they visit an old-fashioned HTTP page, but they won’t see any feedback when visiting an HTTPS website. We assume that other browsers will follow in Google’s footsteps.