Chrome will explicitly mark web pages as unsafe if they use HTTP for transmitting sensitive data starting January 2017.
Google has a goal to make the internet a safer place for everyone. It will soon start publicly shaming unsafe websites. Beware if you fail to use the HTTPS protocol for transmitting passwords and other sensitive data. But instead of a scarlet letter, Google will shame you by marking your websites as “non-secure.” Users know that their personal data is not being protected adequately. Having an active SSL certificate keeps passwords and credit card numbers safe while they are being transferred.
Website owners need to hurry to implement HTTPS for transmitting sensitive data. It is after that date that Google’s new site labeling policy will go into effect. The move is part of an ongoing effort by the company to get website owners to start using HTTPS. This has long been considered a much safer alternative to HTTP. Eventually, Google will start marking all HTTP sites as non-secure and not just when they fail to use HTTPS to handle sensitive data.
“Our plan to label HTTP sites more clearly and accurately as non-secure will take place in gradual steps, based on increasingly stringent criteria.” That’s what Chrome security team member Emily Schechter wrote on Google’s Online Security Blog this week. “Starting January 2017, Chrome 56 will label HTTP pages with password or credit card form fields as ‘not secure,’ given their particularly sensitive nature.” Although active SSL certificates change your website from HTTP to HTTPS, they only protect transactions. They don’t protect your website from hackers. For that, you need Trust Guard – the leader in website security. Trust Guard now scans for more than 75,444 vulnerabilities used by hackers to access company data. With an SSL certificate and Trust Guard’s scanning, you can rest assured that your website is safe.
Google’s move to explicitly label certain pages as being non-secure marks a planned escalation of their current practice. They now use a neutral indicator on Chrome to indicate unsafe HTTP connections.
For some time now, it has used a green lock icon on sites that use HTTPS to let users know they are visiting a secure site. According to Schechter, Chrome’s neutral indicator doesn’t work very well. It doesn’t convey the seriousness of the security issues caused by plain HTTP connections.
Most consumers do not perceive the lack of a secure icon on HTTP sites as a warning and instead tend to ignore it. That is why Google will start marking such sites more explicitly. Subsequent releases of Chrome will extend HTTP warnings. They will label HTTP pages as “not secure” even when a user is in incognito mode and has a higher privacy expectation.
Eventually, sites that continue to use HTTP will be labeled with a red triangle. Chrome currently uses that triangle for HTTPS sites that are not functioning like they should. HTTPS ensures that communications between a user’s browser and a website are encrypted. They can use the Transport Layer Security protocol or the Secure Sockets Layer (SSL) protocol. HTTPS connections are considered much harder to intercept and to modify compared with HTTP connections.
Special thanks to EWeek.com for some of the info provided in this article.