- With Chrome 68, any sites that are HTTP rather than HTTPS will be labeled “not secure.”
- Sites without TLS or SSL certificates are unencrypted and pose major security risks for visitors.
- With this change to Chrome, Google is sending a clear message: secure your websites!
Over the past few years, Google has pushed hard for websites to adopt an encrypted communication protocol. Sites that use Transport Layer Security (TLS) or Secure Sockets Layer (SSL) are given a slight boost in search rankings, for example, and the Chrome browser gives encrypted sites a nice green padlock icon in the address bar (you can see the Android Authority padlock in your address bar right now, if you are viewing with a Chrome browser).
But now Google is going all in: in July 2018, any site with a Hypertext Transfer Protocol (HTTP) address rather than a Hypertext Transfer Protocol Secure (HTTPS) address will be marked as “not secure” in the Chrome browser.
Today, if you visit an HTTP site, there is an info icon next to the address that users can click that will inform them of why the site they are visiting does not get the green padlock. But starting with Chrome 68, the omnibar will feature the same information icon, but with text next to it that says “not secure.” See for yourself how it will look here:
Google is making this change to solidify their stance on making the internet safer for everyone. Many users are not aware of the difference between secured sites and unsecured sites, or the dangers apparent with doing things like filling out forms or giving credit card information over an insecure connection. With a simple, easy-to-understand warning at the top of every HTTP page, users will hopefully understand that they should not trust unencrypted sites.
Technically, any site that accepts credit card information must be secured with TLS or SSL to be PCI compliant, but it is rather easy for sites to set up these protocols at the beginning and then dismantle the security after regulatory approval. Furthermore, some sites only secure the pages where you enter your credit card info, and not the entire site itself, which makes things confusing and dangerous for consumers.
Really, there is no excuse anymore for websites to be unencrypted; SSL certificates are available for zero cost from a variety of systems, and most web hosting packages these days come with a free certificate.
If you have a website that is unencrypted, you have until July 2018 to get secured. Failure to do so could lead to many visitors abandoning your site at the first click. Check out Lighthouse, an automated tool for improving web pages, for assistance.