Google to Start Labeling More Non-HTTPS as “Non Secure” Starting in October

Peter Roesler, President - Web Marketing Pros

By Peter Roesler

President, Web Marketing Pros

There are more than 1 billion computers around the world currently using the Chrome browser. And as many recent studies have shown, many consumers are very concerned about online security. When taken together, it makes sense that business owners are paying attention to plan to include “not secure” site labels on the websites without HTTPS starting in October.

In just the past year, there have been several situations where business owners and consumers have had their data stolen or website crippled due to the efforts of people trying to break into the system. One common way to do this involves improperly secured data on website. With HTTPS, it’s harder for people to steal access or information from a website.

Google has been encouraging pages to switch to HTTPS for a long time. Now, Google will start warning internet users when the site their on doesn’t use HTTPS with a “not secure” in the url box, starting in October of this year.

“In January, we began our quest to improve how Chrome communicates the connection security of HTTP pages,” the company explained in a post on the Chrome blog. “Chrome now marks HTTP pages as “Not secure” if they have password or credit card fields. Beginning in October 2017, Chrome will show the “Not secure” warning in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode.”

form-and-incognito-http-bad-verboseTo help marketers understand the changes and when they go into effect, Google created a graphic showing how links will appear in the address bar of Google Chrome depending on when and the mode in Chrome the consumer is using. As the illustration shows, many sites will get an unflattering “not secure” label on their URL when browser visit their site while on Chrome.

This doesn’t mean that every site without HTTPS will get the non-secure label in October. While any site without HTTPS is significantly less secure than than their upgraded counterparts, the issue matter most when there are ways for consumers to put information into forms or fields on the website.

Without HTTPS, it is possible for people to perform “man-in-the-middle” attacks where they can get data from the unsecured site. So a site without HTTPS that has forms or search boxes would be labelled insecure, whereas sites that are in HTTPS but don’t allow for user inputs may get a little more leeway.

Google’s plan to label HTTP sites as non-secure is taking place in gradual steps, based on increasingly broad criteria. And there is a lot of evidence that these changes are working and helping consumers. According to Google, “since the change in Chrome 56, there has been a 23% reduction in the fraction of navigations to HTTP pages with password or credit card forms on desktop, and we’re ready to take the next steps.”

To make the issue even harder for consumers to ignore, HTTP sites with inputs for data will look normal in the URL box until the user starts to type into a box, then the “non-secure” label will popup as they are typing. This could lead to a lot of people stopping their transaction as soon as they see the warning. So not updating a site to HTTPS by October can have major effects on website traffic and conversion rate.

In situations like these, where Google gives consumers a lot of time to prepare, are nice and business owners need to take advantage of the opportunity so they don’t fall behind and lose marketshare to the competition.

For more news on recent updates on Google, check out this article with a wrap up of April updates on Google.

Share This Article