In a Google Security Blog post titled “Moving towards a more secure web”, Chrome Security Team describes the incremental move to https for all websites.
Google has been encouraging websites to move to the secure HTTPS protocol for quite some time now. In the article mentioned above, Google has announced that starting with Chrome 56, the browser will provide a warning to the users in a more active way about entering sensitive information on non-secure sites.
This plan to label HTTP sites more clearly and accurately as non-secure will take place in gradual steps, based on increasingly stringent criteria. Expected at the end of January 2017, Chrome 56 will label HTTP pages with password or credit card form fields as “not secure”.
The message will look like this:
In following releases Chrome will continue to extend HTTP warnings. Eventually, Chrome plans to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle associated with broken HTTPS.
What to do if your site is not HTTPS
The following types of sites that should set up SSL as soon as possible:Sites with a user login
Sites with an online store
If you have already set up SSL on your site, you’re all set and ready for the new change in Chrome 56 expected later this month.
If you have not already set up SSL on your site, I’m here to help. Just call or email me and we’ll figure out which provider and certificate type is appropriate for your website.