Last December, Google announced that websites that use HTTPS encryption would be favored in search results over websites that continued to use HTTP. As if that wasn’t enough to get webmasters off their chairs and start moving their websites to more secure encryption protocols, Google has announced their next move.Starting in January 2017, Google’s Chrome browser will start to mark HTTP websites as “Not secure”, meaning that visitors to HTTP websites will be alerted by this. Granted there could be nothing wrong with the website, but it sounds like Google wants users to know that there are steps that the website could have taken to get itself a secure rating.
According to Google, “Studies show that users do not perceive the lack of a ‘secure’ icon as a warning, but also that users become blind to warnings that occur too frequently. Our plan to label HTTP sites more clearly and accurately as non-secure will take place in gradual steps, based on increasingly stringent criteria. Starting January 2017, Chrome 56 will label HTTP pages with password or credit card form fields as ‘not secure,’ given their particularly sensitive nature.”
Google also notes that eventually HTTP websites will be given the red triangle warning indicator which should stand out more. Given Google’s reputation as pretty much the web’s de facto search engine, hopefully these changes will prompt webmasters to start thinking about their website’s security.