When connecting to a website you might see the message “Your connection is insecure” or “your connection is not private” or “SSL certificate expired” accompanied by a not very helpful panicky message.
What causes this?
There are security safeguards to prevent you from being diverted to a fake website (see Compromised Computer below) which might trick you into giving up password or other information. They also encrypt data so that an eavesdropper on your network cannot read sensitive data. In practice this latter situation, though, is very unlikely.
So, what are the main causes and remedies of “insecure” messages.
Wrong date and time
If the date and time on your computer are not roughly accurate then this can cause the error, something which is easy to check. Older computers are more prone to this.
Slow internet connection
This can produce symptoms of an Insecure error. Temporary website fault
Sometimes there is a configuration error on the website which you trying to access.
Maintenance problem on website
Secure access is validated by something called an SSL Certificate on the website. You don’t need to know the Science Bit but the certificate needs to be renewed from time to time. Sometimes this is overlooked by the website owner.
This is the least likely but it works as follows.
A trojan or virus created by a hacker finds its way into your computer.
It then interferes with the network settings such that when you go to certain websites it actually diverts you to a fake one.
On the fake site, you haplessly enter your username and password. This information is captured and the hacker can then log into the real website.
WHAT TO DO
Check the date and time on your computer.
Try accessing the website again after a few minutes. This won’t harm anything. If the problem persists then leave it for an hour or so before trying again.
Still problems? See if you can try the website from another computer. If it works fine then try again one last time from your own computer. If you still get the error then consult A222 and we’ll take a look.
You have people receiving odd emails from you and assume you’ve been hacked. What has happened?
This is unlikely and one of the situations below is more likely. If you have other symptoms or are worried then I am happy to check your system, please get in touch.
Phished or email hacked?
Email hacking is not as easy as one might think, more likely you’ve been ‘phished’ – tricked into logging in to a fake site and your details have been compromised. Change your password and all should be well.
Depending on your email setup, it may not be difficult for a spammer to send out email as if it is from you. This usually happens when a group email including yours has fallen into the wrong hands – and this may be nothing to do with you directly at all.
This can be hard to tell from Phished per above. Change your password anyway.
Best practice is to use different passwords for different sites – at the very least have a unique one for your email.
If somebody has acquired your email address and password then they may try to log into other sites of which you have membership.
So, if you use other websites with the same email address and password as your email one then log in soonest and change the passwords on those sites.