By Brandon Bailey
San Jose Mercury News
MOUNTAIN VIEW, Calif.
One of the world’s most powerful Internet companies is using its leverage to prod other websites into adopting a key safeguard against malicious hackers who try to steal Internet users’ passwords or eavesdrop on their online activity.
Google said its popular Internet search engine will start assigning a higher priority to websites that use a kind of encryption known as HTTPS, in a move that was welcomed by experts who say it’s a significant step toward increasing security and privacy on the Web.
“I don’t expect the Internet to change overnight, but over the next few months and years, more and more websites will see this as something they must do,” said Kevin Mahaffey, chief technology officer at Lookout, which makes security programs for mobile devices.
The move comes just days after a disturbing report that a Russian hacker gang has amassed a stockpile of 1.2 billion Web users’ names and passwords from around the world.
Experts say HTTPS encryption might not have blocked the methods used by that group, but it can foil other common techniques that hackers use to gather sensitive personal and financial information.
Anyone who uses an unsecure Wi-Fi hotspot, in a coffee shop, shopping mall or other public place, can be vulnerable to malicious snooping, said Dwayne Melancon, chief technology officer for the computer security company Tripwire.
But outsiders generally can’t read information that a person sends or receives from a website that’s encrypted, as indicated by an Internet address that starts with the letters HTTPS.
Google has spent tens of millions of dollars to beef up its own online services in recent years. It’s also pushed for broader use of encryption, industrywide, both to guard against tech-savvy criminals and, after last year’s revelations about controversial National Security Agency spying, to curtail snooping by government agencies.