HTTP has been synonymous with an entire generation of Internet users but what many are unaware is that the protocol is not secured. Anyone with the right skills can change the contents of the site before it reaches the person browsing. To combat this, Google is marking all HTTPsites as “not secure” from today so users are more aware of the sites’ security status.
Conversely, all sites that begin with “HTTPS” will be marked “secure” to give users peace of mind to know that the sites are encrypted. This endorsement is particularly important for sites that enable online transactions where personal and financial information are transmitted.
“Security has been one of Chrome’s core principles since the beginning — we’re constantly working to keep you safe as you browse the web,” wrote a Google blog post.
With HTTPS, eavesdroppers are locked out and information such as passwords or credit card info will be private when sent to the site.
“We knew that rolling out the warning to all HTTP pages would take some time, so we started by only marking pages without encryption that collect passwords and credit card info,” said the blog post.
The next step was to show the “not secure” warning in when people enter data on an HTTP page, and on all HTTP pages visited in Incognito mode.
The eventual goal is to only mark unsecured sites and all secured sites will no longer be marked with the “secure” wording from September 2018.
As added security, a red “not secure” warning will be triggered when users enter data on HTTP pages from October 2018.