For good reason, consumers are becoming increasingly concerned about the security of the websites they visit. Even honest website owners with good intentions can be a risk to their visitors if the site’s security is compromised. As part of their ongoing efforts to encourage best practices among website owners, Google has announced that Google Chrome will mark all non-HTTPS pages as “Not Secure” starting in July 2018.
After years of beating around the bush, Google has decided to make their “Not Secure” label apply to all HTTP pages when viewed on Chrome.
“For the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption,” the company explained in a blog post. “And within the last year, we’ve also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as ‘not secure’. Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as ‘not secure’.”
In some ways, this announcement wasn’t a huge surprise. Google has been a vocal proponent of adopting HTTPS standards for more than year. And just like with the changes Google wanted to promote for mobile web design, Google is using their popular browser as a way to encourage people to build their sites better. Chrome is used by nearly half of online users in the U.S., so website owners can’t afford to have their sites look less desirable on the browser.
Website owners need to be concerned about whether or not their site has a proper HTTPS server setup by the July deadline. “Not Secure” may only be two words, but for online shoppers, those two words are a huge warning sign for someone putting their information into a site.
The need for HTTPS actually goes beyond things like credit card data. Unsecured sites could be giving away the common passwords used by visitors or a man-in-the-middle attack could reveal information about someone they thought was on a private site. These are things that consumers desperately want to avoid, so many will steer clear of an HTTP site if the site is asking them to put information onto a unsecure site.
Another thing to keep in mind is that many sites already have HTTPS servers, so sites with the Not Secure label stand out compared to other sites, but not in a good way. According to Google, the results of the efforts have been:
Over 68% of Chrome traffic on both Android and Windows is now protected
Over 78% of Chrome traffic on both Chrome OS and Mac is now protected
81 of the top 100 sites on the web use HTTPS by default
So it’s clear that HTTPS is the wave of the future when it comes to internet security.
Another thing to keep in mind is that Google still has cards to play if it wants to further encourage people to use the HTTPS standard. It’s only a matter of time before Google takes the gloves off and announces an HTTPS-centered algorithm update that would immediately demote all HTTP pages. Remember, that is essentially what Google did with mobile web design standards.
For website owners that want to see how their site measures up, Google has an online checker that will tell if your site is up to the standard and what things need to be done to adjust it.
For more recent news about Google, read this article on Google’s plan to allow for more diverse viewpoints in the snippets for answers.