Google’s inexorable march towards “a more secure web” continues, with the internet giant recently posting an update regarding the next steps it will take with Chrome to flag “non-secure” websites. 2017 looks like the year things will get serious, with sites featuring data-sensitive form fields and no HTTPS support in the crosshairs.
The start of 2017 will mark the first of many changes to Chrome that will “eventually” classify HTTPS-less sites as “non-secure” regardless of their content, according to Emily Schechter of the Chrome Security Team.
Chrome 56, which is slated for a January release, will “mark HTTP sites that transmit passwords or credit cards as non-secure”, writes Schechter.
Changes such as this will be added incrementally, until finally, “all HTTP pages [will be marked] as non-secure” and you’ll see the lovely red text and icon above.
It’s sufficient to say if you haven’t already sorted out a migration plan, certificates, etc., best to get onto it before the end of the year, especially if your sites feature an ecommerce element.
Moving towards a more secure web [Google, via gHacks]
Comments
3 responses to “Google’s Plan For Chrome To Clamp Down On Unsecured HTTP Connections Starts In January 2017”
All while lifehacker is not running a HTTPS certificate..
Does LH (and other allied sites) have a plan for this?
Currently it’s http:// only, and https:// requests are redirected back to an unsecured connection.
Bring it on. Cert’s are a lot cheaper these days.
Heck, you can even get free certs from https://letsencrypt.org if money is too toght to mention.