Websites are encourage to move to the direction to ensure their websites don’t fall foul of new rules that will see Google Chrome mark HTTP websites that transmit passwords or credit card details as insecure from January 2017.
The move is part of the tech giant’s attempts to beef up internet security and warn users away from non-secure sites and will force websites with HTTP connections to adopt the more secure encrypted HTTPS web connections.
Emily Schechter, a member of Google’s Chrome security team, commented: “Historically, Chrome has not explicitly labelled HTTP connections as non-secure. This doesn’t reflect the true lack of security for HTTP connections. When you load a website over HTTP, someone else on the network can look at or modify the site before it gets to you.”
In a statement Schechter noted that studies show many Chrome users do not perceive the lack of an icon showing a site is secure as a warning not to visit it.
“Our plan to label HTTP sites more clearly and accurately as non-secure will take place in gradual steps, based on increasingly stringent criteria,” added Schechter. “Starting January 2017, Chrome 56 will label HTTP pages with password or credit card form fields as “not secure,” given their particularly sensitive nature.”
The additional security of HTTPS is finding favour with other web companies. WordPress, for example, is rolling out free HTTPS encryption to all the custom domains it hosts. What’s more, the UK government has a policy that requires all of its online services to use HTTPS connections.