From January 2017, Google Chrome (version 56 and onwards) will begin marking HTTP sites that transmit passwords or request credit card details as “not secure”.
The move comes as part of a longer term strategy to eventually label all non-HTTPS sites as insecure within Google’s browser, helping users to browse the web more safely.
The current neutral indicator that’s displayed for HTTP connections in Google Chrome doesn’t point out their lack of security. It is possible for someone else on the same network to look at or interfere with a website using an HTTP connection before it reaches you.
Sites that do make use of an HTTPS connection will continue to be labelled with a green padlock icon, marking them as secure. The lack of a secure icon however, is not enough for users to recognise a site as insecure. The new label for HTTP sites will help highlight their insecure nature to users.
The Gradual Plan
Google’s plan to label HTTP sites will include the introduction of indicators gradually:
Firstly, starting in January 2017 on Chrome 56 – the aforementioned “not secure” label for HTTP sites with password or credit card form fields.
Subsequent releases – further warnings, for instance, HTTP sites being labelled as “not secure” when users are in Incognito mode, with higher privacy expectations.
Eventually – all HTTP sites to be labelled as “not secure”, displayed with a red triangle like the current broken HTTPS indicator.
This announcement by Google should act as a warning call to website owners. If you haven’t already, it is now more important than ever to consider switching your site to HTTPS to avoid being flagged as “not secure” in Chrome.
This label could put off potential customers from trusting your site’s content and security, leading them to turn elsewhere for their desired products or services. Along with the fact that a small search engine ranking boost is given to sites that make use of HTTPS, this should provide sufficient reason to make the switch.
Blue Frontier can help you switch your site over to a secure HTTPS connection, and avoid being labelled as "not secure" in Google Chrome. To find out more, please don't hesitate get in touch.
Google has now launched Chrome 56 for Windows, Mac, Linux and Android. The warning for sites that collect credit card numbers or passwords but aren't using HTTPS, will now be applicable and displayed to users coming to these pages.