macOS and iOS: New Website Warnings (and What They Mean)

Reaching for Apple Security

One of the most awesome changes in macOS High Sierra 10.13.4 and iOS 11.3 is how Safari behaves when you’re trying to enter information into an insecure page. Before this update, you had to be careful to look in the Safe Search field if you were about to log in to a website; green text and a little lock icon meant you were using an encrypted site.

Green Text in Safari URL Bar showing secure site

But with both of the newest versions of its operating systems, Apple has introduced can’t-miss red text to warn you when you’re about to type login or credit card info on unencrypted pages, like so:

New Red Text in Safari on the Mac indicating a website isn't secure

New Red Text in Safari on iOS indicating a website isn't secure

That’s a pretty obvious hint that you should think about what you’re doing. In my case here, I’m about to log into a sports-related forum, so I’m not all that concerned. But if you’re on what you assume is your banking website or, say, one that you think is the Gmail sign-in page, notice this red text. Let the paranoia run through you. Pay freakin’ attention, and by that I mean stop and don’t log in. You may be on a site that’s pretending to be the one you wanted, and if that’s the case, entering your username and password could be bad! Especially if you’re using the same password on other sites. Bad bad bad.

I’m really glad Apple’s taken this step; anything that could stop someone from falling for a nefarious website’s tricks is helpful, I think. Yay for progress!

One thought on “macOS and iOS: New Website Warnings (and What They Mean)

  • Have to be a little bit careful to differentiate between an encrypted connection and an authenticated connection.

    This Safari feature mentioned above only relates to whether the site is presented over https and therefore prevents “man in the middle” capture of your entered details.

    It is quite possible for a phisher to send you to a site like my-untrusted-bank.com that has a valid SSL certificate but is pretending to look like my-trusted-bank.com

    Extended Validation (EV) certificates are an attempt to help with the authenticated/verified ownership, as represented by the green name, but we haven’t yet got to the point of browser warnings when a site certificate doesn’t have EV.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.