When a user browses a web page or uses an online service, the web browser establishes a connection with the server. If web address starts with “https://”, it means that the connection is encrypted. If it starts with “http://”, it means that the connection is NOT encrypted.

When a user accesses information via a non-encrypted web page or enters a password on this type of web page, the information is transmitted in a non-encrypted manner. It may be intercepted or someone may eavesdrop.

In order to improve the security of the website, the industry has promoted the full use of encrypted connections. Starting from next month, new Google Chrome web browser will mark all websites that use non-encrypted connections as “not secure”. When a website is marked as “not secure” or using non-encrypted connections http://, please DO NOT log in to the site and do not provide any personal information.

Notice for System Administrators

Direcção dos Serviços de Administração e Função Pública (SAFP) recently posted a notice to all public departments and institutions. It recommended all relevant units to install the SSL certificate for all related systems as soon as possible in order to provide the encrypted connections.

Earlier, ICTO has also announced relevant information related to security guidelines. Please refer to the related document Guidelines for Securing Web-based Server.

In addition, ICTO has launched the following services to cope with the relevant security measures mentioned in the guidelines.

  • SSL Certificate Service (For more details, please refer to the service web page;
  • Server Vulnerability Scanning service.