Google is really serious about making the web a much safer place, by not only giving sites with https:// a ranking boost in Organic, but by also revealing the security or lack thereof, of a site to surfers who arrive there via others channels. Here a two extracts from the Google Security Blog....with more than half of Chrome desktop page loads now served over HTTPS. - @Google Click To Tweet 12 of the top 100 websites have changed their serving default from HTTP to HTTPS. - @Google Click To Tweet
We have previously ignored Google’s plea for secure sites because of the costs and SEO side effects associated with HTTPs. However Google’s move will force all of us to comply or else risk losing trust from our audiences and this needs to be done now rather than later. Do you have a login form on a normal http:// URL? If yes then you will need to switch it to an https:// URL to avoid security warnings in Chrome in 2017.
I got the following notification late last night in Google Search Console for a site I manage. Here is the message
Nonsecure Collection of Passwords will trigger warnings in Chrome 56 for _____.co.za
Google starting sending out messages soon after Christmas, through the Google Search Console to websites that have login and password fields on pages that are not served over https://
The full message reads as follows
Beginning in January 2017, Chrome (version 56 and later) will mark pages that collect passwords or credit card details as “Not Secure” unless the pages are served over HTTPS.
The following URLs include input fields for passwords or credit card details that will trigger the new Chrome warning. Review these examples to see where these warnings will appear, and so you can take action to help protect users’ data. The list is not exhaustive.
They also shared this on their Google+ page
To help users browse the web securely, Google Chrome shows connection security with an icon in the address bar. Chrome has never really labelled HTTP connections as non-secure. However starting in January 2017, Google will mark HTTP pages that collect passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.
I fully support this and it will help folks like me who have fallen victim to sites that do more with our Mastercard / Visa information. This year I signed up this service (I confess). I let my love for Supernatural Season 12 and Empire season 2 cloud my judgment as clearly Chrome tried to tell me that this site was not secure. I was down R8,800 within 2 months of signing up (we obviously know what they did with my cheque card details).
Chrome 56 will eventually have the following message on sites such as these.