A HTTPS-based website is a safer way to protect users from possible security attacks, the security director at Google has said, emphasising that major South Korean search engines do not support this system.
“Top websites in (South) Korea that don’t support HTTPS are Naver and Daum. It’s not just a problem for (South) Korea but a challenge for the world and the developers,” said Parisa Tabriz.
Tabriz heads the team who protects Google Chrome and its billions of users from criminal hackers, Yonhap news agency reported.
Google began adding security warnings for websites that do not use strong encryptions beginning in 2017, putting a clear “Not secure” warning next to online websites that use unencrypted HTTP connections rather than encrypted HTTPS connections.
Tabriz said HTTP websites, which account for nearly half of the world’s websites, are vulnerable to attacks that Google calls in security terms, “man in the middle.”
“Encryption will give the security we need. HTTPS does not solve all security problems, but it provides a foundation for this,” she said.
As to some complaints that Google’s HTTPS policy may be expensive and time-consuming, the security expert said switching to HTTPS is not easy but necessary.
“It is just a misconception that there is cost. It was true 10 years ago, but cost is no longer true for today,” the Iranian-American hacker who protects Google said.
“Without the HTTPS, there is no privacy. We also published a transparency report,” she said, adding that HTTPS websites have steadily increased during the past one year with Google’s effort.
As for general security, she advised Internet uses not to reuse or use the same password for different websites since hackers know this, and they will attack the weakest website to obtain personal data.
“Don’t login on shared computers and verify your account security setting,” she added.