Google Chrome will be expanding on its warnings about whether or not a site uses the HTTPS protocol.
Aside from being the first four letters in any web address, HTTP stands for Hypertext Transfer Protocol. It’s the core communications protocol for Internet traffic, but it also isn’t very secure; it’s possible for someone to take a peek at the traffic between two points (a “man in the middle” attack). HTTPS is a more secure version of transmitting data between two points that typically depends on a valid and properly configured SSL (Secure Socket Layer) certificate. Nearly all websites where security is an important concern (like banking websites) have HTTPS enabled, and some of the high-traffic websites on the Internet like Facebook and Reddit have taken steps to secure web connections for their users.
Beginning in October 2017, Google will show the “Not Secure” message on sites that don’t use HTTPS in additional situations. Users will be warned if they are entering data on a web page (such as filling out a form), and all non-secure pages will be marked as such in Incognito mode. Since the policy has been implemented in Chrome Version 56, Google reports that there has been a 23% reduction in the fraction of navigations to insecure web pages that have password or credit card forms on them.
Google Chrome initially began using the “Not Secure” messaging on sites (but only if they included potentially sensitive data entry fields for things like passwords or credit cards) back in January of this year. Firefox undertook a similar practice around the same time.
Do you think Google Chrome making the HTTPS warnings more visible will lead to an increase of websites adopting it? Does the lack of HTTPS proliferation on websites concern you? Let us know in the comments below!