Google is planning to change the user interface in Chrome. The green padlock we’ve taught users to look for when they’re browsing is set to disappear as the company says we should assume all sites are secure. Instead, we’ll see a "Not Secure" indicator when a site doesn’t use HTTPS.
The announcement made by Google says the change will take effect in September as one of the planned changes in version 69 of Chrome. Google's view is that all web traffic ought to be encrypted. So, rather than security being the exception, it ought to be the norm and unsecured sites flagged for attention. And now that web traffic has tipped over with more traffic sent over HTTPS there's a need to make unsecured sites stand out more.
Non-HTTPS sites will be labelled as non-secure in Chrome 68, which is coming in July.
For IT departments, this may seem to be a minor change but it will mean you'll need to update your user education and ensure that you notify users. Rather than looking for the green padlock on the browser address bar as an indicator of safety, users will need to assume safety and only rethink their browsing choices if the site is labelled at "Not Secure".
In Chrome 70, the the not secure indicator will also change colour when users enter data into a form on a non-HTTPS site.
Emily Schechter, Product Manager for Chrome Security, said "We hope these changes continue to pave the way for a web that’s easy to use safely, by default. HTTPS is cheaper and easier than ever before, and unlocks powerful capabilities -- so don’t wait to migrate to HTTPS!".