Google Cracks Down on Internet Security with Major Changes

Google is making significant changes to digital certificate security on the web, as announced in its Security blog. The tech giant will no longer trust certificates from two prominent security firms, Entrust and AffirmTrust, due to repeated security lapses and compliance failures.

Digital certificates are crucial for online security as they authenticate and secure data on websites. They are often targeted by hackers, making their security paramount. Google’s decision comes after observing that Entrust and AffirmTrust have failed to meet improvement commitments, comply with regulations, and make measurable progress in addressing publicly disclosed incidents.

Google Cracks Down on Internet Security with Major Changes

Starting October 31, 2024, Chrome users will receive warnings about untrusted connections when visiting sites using certificates from Entrust and AffirmTrust. Users will see this warning regarding TLS server authentication certificates upon updating to Chrome 127+ and encounter the ERR_CERT_AUTHORITY_INVALID error when accessing these sites. Some well-known sites using Entrust include merrilledge.com, moneygram.com, and ey.com.

To check if a connection is secure, Chrome users can click the “Tune” icon on the left of the address bar, select “Connection is secure,” and then check the certificate validity. If the organization field under the “Issued By” heading does not list Entrust or AffirmTrust, the site is secure.

Google advises website owners to transition to a new publicly trusted Certificate Authority (CA) before the deadline to avoid any disruption. This move could set a precedent for future actions by Google regarding other products and services.

Despite the broad implications of this decision, it’s worth noting that enterprise customers will still have the option to continue trusting Entrust if they choose. This flexibility aims to accommodate businesses that rely heavily on Entrust’s services.

See Also: Google DeepMind Launches V2A: Next-Gen Audio for Video Creation

This isn’t the first time Google has intervened in the security practices of certificate authorities. In 2015, Google issued an ultimatum to Symantec regarding unauthorized HTTPS certificates issued by its employees. Such actions highlight Google’s commitment to maintaining stringent security standards across the web.

Website owners concerned about the upcoming changes should act swiftly to ensure their sites remain trusted by Chrome users. Moving to a new CA will not only prevent disruption but also enhance overall security.

For users, there are additional ways to boost security in Google Chrome, such as encrypting passwords and staying vigilant about certificate warnings. These measures, combined with Google’s proactive stance on security, contribute to a safer browsing experience for everyone.

Google’s crackdown on Entrust and AffirmTrust underscores the importance of robust digital certificate management in safeguarding online data. By holding CAs accountable, Google aims to strengthen internet security and protect users from potential threats.