Chrome will soon mark some HTTP pages as 'non-secure'

Google's first wave of security changes to convert webmasters to encrypted HTTPS target pages that ask for login data or credit card information.
Written by John Fontana, Contributor

Google plans to start the new year with a security message.


(Image: Google)

Beginning next month, the company will tag web pages that include login or credit card fields with the message "Not Secure" if the page is not served using HTTPS, the secure version of the internet protocol.

The company on Tuesday began sending messages through its Google Search Console, a tool for webmasters, warning them of the changes that take place starting in January 2017.

The changes are supported in version 56 or later of the Chrome browser.

The move is a first step in a long-term plan to clearly mark as non-secure all HTTP sites regardless of their content. In upcoming releases of Chrome, for example, Google will label HTTP pages as "not secure" in Incognito mode.

There is no timeline for when webmasters are required to switch all their pages to HTTPS.

Googles plans go along with on-going efforts to motivate consumers and G Suite users to adopt more secure login methods.

HTTPS is designed to protect the integrity and the confidentiality of data as it moves between an end-user computer and a website. The protocol protects personal and other sensitive information such as login credentials.

The transmission is secured by the Transport Layer Security (TLS) protocol, which provides encryption, data integrity and authentication. The authentication piece, among other reasons, is designed to combat man-in-the-middle attacks and promote end-user trust in a website.

In a blog updated a few weeks ago, Google noted that it "recently hit a milestone with more than half of Chrome desktop page loads now served over HTTPS. In addition, since the time we released our HTTPS report in February, 12 more of the top 100 websites have changed their serving default from HTTP to HTTPS."

Converting pages from HTTP to HTTPS comes with a few common pitfalls, such as not keeping certificates or TLS libraries up to date. Converts also may see temporary fluctuations in their site rankings.

Google wrote on its Google + page: "Enabling HTTPS on your whole site is important, but if your site collects passwords, payment info, or any other personal information, it's critical to use HTTPS. Without HTTPS, bad actors can steal this confidential data. #NoHacked."

Editorial standards