In 2014, Google announced that it was embarking on a mission to make the web more secure, using HTTPS as a ranking signal in search results. In 2016, Google expanded the secure web initiative, targeting users of the Google Chrome browser. Google Chrome browser indicates the security status of a website with an icon in the address bar.
Starting in October 2017, Google Chrome users will see a “NOT SECURE” notification when using any input fields found on HTTP website pages. These changes will not impact the functionality of websites, but will inform users of the potential security risks of a particular site.
This change is yet another signal from Google to get websites to migrate to the HTTPS protocol for secure data transfer. Data sent using HTTPS provides three key layers of protection to end users:
- Data integrity
Emily Schechter of the Google Chrome Security Team indicated more action should be expected from Google in the near future:
“Eventually, we plan to show the “Not Secure” warning for all HTTP pages, even outside Incognito mode. We will publish updates as we approach future releases, but don’t wait to get started moving to HTTPS! HTTPS is easier and cheaper than ever before, and it enables both the best performance the web offers and powerful new features that are too sensitive for HTTP.”
In order to provide assurance to your customers that you value security, website owners and administrators should audit the protocol used by their website(s) and adopt HTTPS as default mode, regardless of the content on the website.