In January 2017 Google’s Chrome Web browser began to indicate connection security with an information icon in the address bar. Historically, Chrome had not explicitly labelled HTTP connections as non-secure, but since then any HTTP pages that collect passwords or credit cards have been marked non-secure, as part of a long-term plan to mark all HTTP sites as non-secure and to encourage increased web security.
Chrome previously marked HTTP connections with a neutral indicator, which didn’t reflect the true lack of security for HTTP connections, because when a website is loaded over HTTP someone else on the network can look at, or modify the site before it gets to you. Studies showed that users do not perceive the lack of a “secure” icon as a warning, but also that they become blind to warnings that occur too frequently. As a result, Google’s plan has been to take in gradual steps to label HTTP sites more clearly and accurately as non-secure.
Since that change in January, there has been a 23% reduction in navigations to HTTP pages with password or credit card forms on desktop, so Google has decided to take the next steps they see as necessary. Beginning in October 2017, Chrome will show the “Not secure” warning in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode.
Passwords and credit cards are not the only types of data that should be private. Any type of data that users type into websites should not be accessible to others on the network, so starting in Chrome version 62, it will show the “Not secure” warning when users type data into HTTP sites.
When users browse Chrome with Incognito mode, they likely have increased expectations of privacy. However, HTTP browsing is not private to others on the network so in v62, Chrome will also warn users when visiting an HTTP page in Incognito mode.
Eventually, the “Not secure” warning will be shown for all HTTP pages, even outside Incognito mode. Google will publish updates as future releases are developed, but they highly recommend switching websites to HTTPS as it’s easier and cheaper than ever before and it enables both the best performance the web offers and powerful new features that are too sensitive for HTTP.
It can also provide an advantage in search rankings (particularly for mobile results) against the sites that haven’t yet transitioned. So if this hasn’t already been done, it’s best to do it sooner rather than later.
If you want to know more about how website connection security can help to improve your business, contact us now.