Google Chrome to mark some non HTTPS web pages as insecure
Most savvy web users know to look for the secure padlock icon (or the web address changing to HTTPS) when they are submitting private information. These are called secure pages which encrypt the information when it is sent so the information cannot be stolen by hackers.
Google is encouraging website owners to make more use of secure pages (let’s call them HTTPS web pages) by making the Google Chrome web browser alert users if the page is insecure (plain old HTTP).
In Google’s security blog post they said they would “mark HTTP pages that collect passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.”
This means that any pages that collects password or credit card information will need to be secure or Google Chrome will warn users. See the example:
Technically this will affect any page containing form input field <input type=password> or detected as credit card fields. If the page is not secure / HTTPS then the warning will appear.
When you load a website over HTTP, in theory someone else on the network can look at or modify the site before it gets to you. In practice the risk is low, but Google is trying to make the web a safer place for all, and more secure web pages running HTTPS is likely to help this aim.
Google wrote on its Google + page: “Enabling HTTPS on your whole site is important, but if your site collects passwords, payment info, or any other personal information, it’s critical to use HTTPS. Without HTTPS, bad actors can steal this confidential data. #NoHacked.”
A substantial portion of web traffic has transitioned to HTTPS so far, and HTTPS usage is consistently increasing: more than half of Chrome desktop page loads are now served over HTTPS.
Google Chrome – the world’s favourite web browser
Google Chrome is the most popular web browser in the UK and worldwide – http://gs.statcounter.com/#browser-GB-monthly-201512-201612-bar – with about 46% of market share in 2016, 57% market share worldwide.
This means that the change is significant and is likely to lead to the other main web browsers following suit. Google have slated the change for January 2017 and, at the time of writing, it’s not yet live on Google Chrome.
If we host your website then we can provide secure pages on your website with SSL certificates with prices starting from £60 per annum.
Implementation on your website depends on the Content Management System or e-commerce platform used and may be charged extra – see our web hosting page for more information.
See Google’s security page for more information – Google security blog moving towards a more secure web plus information for developers here – Web developers how to avoid the not secure warning