In October, Google will begin phase two of its plan to label all HTTP pages as non-secure.
October will mark stage two of Google’s plan to label all HTTP pages as ‘Not secure’ in Chrome.
In January, Google started to label some pages in HTTP as non-secure with the release of Chrome 56. This phase affected pages that transmit sensitive information such as login and payment-card data on the web.
The not-secure label indicated that data is being exchanged on an unencrypted connection. HTTPS, the secure version of HTTP, offers better protection against someone on the same network viewing or modifying the traffic, in what is known as a man-in-the-middle attack.
Beginning in October, Chrome will label HTTP pages as insecure if users can input any data. Google highlights this will apply to any page with a search box.
“Any type of data that users type into websites should not be accessible to others on the network, so starting in version 62 Chrome will show the ‘Not secure’ warning when users type data into HTTP sites,” said Emily Schechter, a Chrome Security Team product manager.
Chrome 62 will also introduce warnings for all HTTP pages when the user selects Chrome’s Incognito mode.
“When users browse Chrome with Incognito mode, they likely have increased expectations of privacy. However, HTTP browsing is not private to others on the network, so in version 62 Chrome will also warn users when visiting an HTTP page in Incognito mode,” said Schechter
Google hasn’t said how or when it will expand non-secure warnings to more HTTP pages but it will eventually label all HTTP pages insecure. When that happens, it will display ‘Not secure’ in red, which is today only used for broken HTTPS.
So.. what should site owners do? This will get very expensive for hosting companies not offering free “Lets Encrypt” SSL certificates (Go Daddy as one example of a host that charges at least $75/year per certificate).
My advice would be to move to SSL encrypted as soon as possible – if your host is not offering it for free, now might be the time to review your web hosting options – there are many good ones out there that do offer free hosting.