Buzz
According to this recent announcement from Google, it means that HTTP websites will be marked as insecure.
Chrome 68 will label HTTP websites as 'insecure'
Google starts by simply marking unencrypted pages, collecting users' passwords and credit card information. At that point, the company flags pages where any data is entered via an insecure connection, and across all HTTP sites visited in incognito mode. Now, all insecure websites will be universally marked.
In the announcement, Emily Schechter of Chrome discusses Chrome 68's plan to label HTTP websites as 'insecure':
'Chrome's new interface will help users understand that all HTTP websites are insecure and encourage a shift to default secure HTTPS websites. HTTPS is cheaper and includes performance enhancements as well as powerful new features compared to HTTP.'
According to Google's statistics, 68% of Chrome traffic on Android and Windows currently uses HTTPS, over 78% of Chrome traffic on Chrome OS and Mac uses HTTPS, and 81 out of the top 100 websites on the web default to using HTTPS.
The Let's Encrypt initiative has spurred the transition to HTTPS. Last summer, the project reached 100 million certificates. Let's Encrypt is quite popular because it allows website admins to upgrade their websites to HTTPS for free and automatically. If you're a webmaster, you can refer to how to implement and install SSL and HTTPS on WordPress for free to help your website obtain security certificates.
Latest Update: Google releases Chrome 68
Google has officially released Chrome 68, starting today the browser will mark Non-HTTPS websites as insecure (Not Secure).
So if your website is HTTP (Hypertext Transfer Protocol), when accessed by Chrome browser, a 'Not Secure' warning will appear on the screen, indicating that your website is not secure.
Everything, including data like passwords, banking information, etc., sent over non-HTTPS connections is in plain text, making it easy for attackers to steal or manipulate this data.
Non-HTTPS connections are particularly dangerous for websites containing sensitive information like login pages and payment forms; they can enable attackers to perform man-in-the-middle attacks to intercept passwords, login sessions, cookies, and payment card details when this information is sent.
Reflecting on Chrome marking HTTP websites as insecure
- Phase One: Starting with the release of Chrome 56 back in January last year, Google began displaying a Not Secure warning for HTTP pages collecting users' passwords and banking information on the browser's address bar.
- Next Stage: By the end of October last year, with the release of Chrome 62, the browser began labeling all HTTP websites as Not Secure, including HTTP websites accessed in incognito mode.
- Completion Stage: Finally, with the release of Chrome 68, to direct users towards secure encrypted HTTPS connections, the browser marks all websites not using HTTPS encryption as Not Secure, including HTTP websites not collecting or processing sensitive data or user information.
Reasons to Use HTTPS
According to Google's report, 75% of websites accessed on Chrome on Windows platforms are using HTTPS, and 81 out of the current top 100 websites are defaulting to HTTPS.
Below are some reasons to consider using HTTPS:
- HTTPS improves Google ranking and SEO.
- HTTPS enhances website security and privacy.
- HTTPS boosts trust and confidence of visitors.
- HTTPS improves website speed.
- Most importantly, HTTPS is now free.
Additionally, Google is planning to remove the Secure label on HTTPS websites in Chrome version 69 expected to be released in September this year.
