Subject: New Site Security Indicators In Chrome

to: security-dev@chromium.org

Posted by the Chrome Security Enamel team

To help users make security decisions, Chrome indicates site security with an icon in the address bar.  Starting in Chrome 52 on Mac desktop, and in Chrome 53 on other platforms, the security icons are redesigned to make it easier for users to tell how secure their connection to a site is, and whether the site is dangerous or deceptive.

deathly-hallows-2.png

The new icons use a distinct combination of color and shape for each security state. The states are modeled after ISO iconography standards: the circle-i for information, and the triangle for caution. We’re sticking with the lock for secure HTTPS. 

The distinctly shaped icons yield several improvements. They are more universally recognized, and more accessible — not all people associate green with safety or red with risk (or can see the difference between red and green!) They are also more scalable, as they remain legible for smaller screen sizes.

We plan to add the dangerous security state icon on malicious and deceptive sites that are flagged by Google Safe Browsing. These icon improvements are the first step in an overhaul of how Chrome communicates connection security state.

We conducted extensive user research to choose these indicators, and we’ve shared our results in a peer-reviewed scientific paper. If you’re a developer who needs to communicate connection security, we encourage you to use the same icons from Material Design to convey the same security states as Chrome, and to secure your site with HTTPS if you have not done so already.