Here’s why your browser may tell you the White House website isn’t secure

Some visitors to the White House website have reported seeing messages that carry some scary warnings. A message from Google Chrome warns: “Attackers might be trying to steal your information from messages.whitehouse.gov, for example passwords, messages or credit cards.” Post staffers ran into similar messages on Microsoft's Edge browser, Apple's Safari and Mozilla's Firefox browser. According to cybersecurity professionals, the messages don't seem to be prompted by an attack. In fact, the messages aren't obviously linked to anything nefarious at all; it’s likely due to a simple maintenance oversight.

Experts said that the messages are appearing because the site's security certificate — or, very simply put, the thing that verifies that a site is what it says it is — isn’t valid. It appears the White House’s equipment isn’t configured correctly, and the old certificate was revoked or allowed to expire without getting replaced, said Kenneth White of the Open Crypto Audit project, a nonprofit dedicated to improving cybersecurity. There are perhaps hundreds of pieces of equipment and servers that need to be just right to keep the White House site up and running correctly, so it’s easy to miss something, he said.