Google’s inexorable march towards “a more secure web” continues, with the internet giant recently posting an update regarding the next steps it will take with Chrome to flag “non-secure” websites. 2017 looks like the year things will get serious, with sites featuring data-sensitive form fields and no HTTPS support in the crosshairs.
The start of 2017 will mark the first of many changes to Chrome that will “eventually” classify HTTPS-less sites as “non-secure” regardless of their content, according to Emily Schechter of the Chrome Security Team.
Chrome 56, which is slated for a January release, will “mark HTTP sites that transmit passwords or credit cards as non-secure”, writes Schechter.
Changes such as this will be added incrementally, until finally, “all HTTP pages [will be marked] as non-secure” and you’ll see the lovely red text and icon above.
It’s sufficient to say if you haven’t already sorted out a migration plan, certificates, etc., best to get onto it before the end of the year, especially if your sites feature an ecommerce element.