Considering how frequent cyber attacks have become, on both commerce related and general sites alike, it is pretty much clear that the entire world wide web needs to move to HTTPS, in order to get at least the minimal layer of protection against such threats.
However, despite all of those attacks and repeated warnings from cybersecurity experts, a whole lot of websites involving monetary transactions continue to ignore consumer security and operate on the usual HTTP protocol. That is soon going to be punishable, and punishable enough that it will lead to those website being tagged as ‘non-secure’ by the world’s most vastly used web browser across platforms – -Chrome.
In a blog post which Google’s security team has published today, Google’s Chrome browser will start tagging websites that transmit passwords or credit cards as non-secure, as part of the company’s long-term plan to mark all HTTP sites as non-secure.
Chrome currently indicates HTTP connections with a neutral indicator, which doesn’t reflect the true lack of security for HTTP connections. FYI, when you load a website over HTTP, someone else on the network can look at or modify the site before it gets to you. However, once the Chrome 56 update rolls out in January next year, this is how things are going to change :
Additionally, starting January 2017, Chrome 56 will label HTTP pages with password or credit card form fields as “not secure,” given their particularly sensitive nature.
Without any explicit warning, users do not even bother to ponder over how secured their connection to the website they are browsing is. In fact, Google’s own study has revealed the exact the same thing. The study also finds out, that us users become blind to warnings that occur too frequently.
A substantial portion of web traffic has transitioned to HTTPS so far, and HTTPS usage is consistently increasing. More than half of Chrome desktop page loads now served over HTTPS.