It’s not really ‘new’ news, but the deadline is approaching: in April, Google announced that it was extending its plan to mark HTTP sites as ‘not secure’, by adding this warning when Chrome users enter data on an HTTP page. This means your forms, login fields and other input fields could be affected as of October 2017, if you are still using HTTP.
The Google team wants sites to move to HTTPS. But why is this such an important topic? Because, says Chrome’s Security Team, it needs to be clearer to users whether or not their data is being transmitted via Secure HTTP (S-HTTP) or Secure Sockets Layer (SSL). HTTPS uses such protocols, which encrypt information passed between a client (browser) and a server (web site). HTTP does not.
Till now, it has been up to the user to check whether they are on an HTTP or HTTPS site, by verifying the URL. But how many of us do that – especially if we are not IT security professionals? Google want to make it more obvious: “When there is no data security, the UA should explicitly display that, so users can make informed decisions about how to interact with an origin.”
On the other hand, it is going to be very annoying for users to constantly get the ‘not secure’ message when trying to sign in, buy something, or otherwise provide information. If you run or own a website, you need to decide now if it’s time to move to HTTPS, so you don’t alienate customers, members and other users of your website.
More info
