May 5 – The padlock icon that indicates the presence of website security is largely unrecognized outside of the tech and cyber security communities. That’s why Google is planning to retire it from Chrome later this year.
On Tuesday, the search giant stated that the lock icon will be replaced with a new icon, as part of a wider user-friendly redesign of the browser.
Behind the lock icon change
Google says that according to a study conducted in 2021, only 11% of participants actually understood why the lock icon existed.
The icon first appeared in the 1990’s, following Netscape’s introduction of HTTPS; the protocol that allows users to safely send sensitive data, including banking information, across the web via encryption.
The lock, of course, signaled that a given website was secure. When HTTPS was uncommon, and people needed to know about whether or not a website had elevated data protection mechanisms in place, the lock icon proved useful.
However, Google now believes that some users may mistakenly perceive the lock logo as a full indicator of trust or reliability – a dangerous assumption in the age of phishing landing pages and fake websites.
The new icon choice
The lock will be replaced with a variant of the “tune” icon, which is often used to represent control menus. Proponents say that the symbol doesn’t mislead users into believing that a website is trustworthy. In addition, it has the added benefit of encouraging users to explore security and connection settings, according to Google.
The tune icon won’t have any further capabilities, and will continue to mark plaintext HTTP as insecure on all platforms.
Google’s icon redesigns
In 2016, Google changed its lock icon in minor ways – removing colors from the icon to give a more neutral look. In 2021, the company also planned an icon replacement (selecting a downward pointing arrow). The upcoming replacement is expected to occur in early September of this year.
For more information, please click here. Lastly, to receive more cutting-edge cyber security news, best practices and analyses, please sign up for the CyberTalk.org newsletter.