The Truth About Chrome 62’s ‘Not Secure’ Warning
The Not Secure Warning
Ever visited a site and got greeted by a warning that says the page is not secure? Has it ever caused you a mini panic attack and urged you to close that window? Or worse, has your site shown a decrease in traffic and an increase in bounce rates because of this? In the past years, the “Not Secure” warning only applied to HTTP sites with passwords and credit/debit card input fields. Recently, Google announced that sites not using HTTPS, especially those that unprotected with an SSL/TLS certificate, will receive a new warning message. This is part of Google’s long-term plan to mark all HTTP sites as non-secure.
Google’s efforts with Chrome to encourage the web’s transition to HTTPS are beginning to pay off. In January of this year, Chrome is marking HTTP sites with password and credit card fields as not secure. This has already seen a 23% reduction in the fraction of navigations to these sites.
A Warning from Google
To advance their plan to migrate all HTTP sites to HTTPS, Google issued another warning. This warning says sites containing non-sensitive information like forms, login fields and input sections in HTTP sites are “Not Secure”. This took effect on October 2017. This will apply to Incognito mode. Notably, this badge will not show up in the address bar until users begin entering information into a field.
At this point, you might wonder: Why all the fuss about HTTP and HTTPS?
HTTP vs HTTPS
HTTP stands for Hypertext Transfer Protocol. HTTPS, on the one hand, means Hypertext Transfer Protocol Secure. This further means Security Socket Layer (SSL) – the technology that encrypts your connection to a website. The problem with HTTP is that its data is not encrypted. Hence, third parties or hackers can intercept it. This allows them to gather the information that’s passed between the two systems. HTTPS, however, can address this security issue.
All data and information sent over regular HTTP connections are in plain text and. This makes it easy to read and understood by any third party or hacker that manages to cut into the connection between your browser and the website. This presents a clear danger if the information passed is in an order form and includes your password, credit card details, social security number, or even just your name. With an HTTPS connection, even if somebody managed to break into the connection, they would not be able to decrypt any of the data which passes between you and the website because of extra layers of security that come along with HTTPS.
Why Security Matters
As a website visitor, you seek assurance that every information about you that you input on a site is safe and secure. As a website owner, you also want to provide security to customers and prevent theft of their details; this builds your credibility as a brand and encourages more and more people to trust you.
Security is at the heart of what Google does these days. The company now lists HTTPS as a ranking factor in search results. As of now, it only carries a fairly lightweight signal compared to other factors such as high-quality content, giving webmasters time to switch to HTTPS. Over time, however, Google might decide to strengthen this action to encourage website owners to switch to HTTPS.
Eventually, Chrome will show a Not Secure warning badge for all pages served over HTTP. This is regardless of whether or not the page contains sensitive input sections. Google’s end goal is to show a “Not Secure” warning for all pages in HTTP, and encourage the adoption of more secure pages. To put it simply then, if you don’t want your website flagged as “Not Secure”, you should start planning to migrate them to HTTPS.
With all that said, switching to HTTPS can be a tedious task, and you might need the help of experts in this field. If you are looking for an IT company in the Philippines with a team of web developers who can help you make the switch, we’re sure we can get the job done. Ask us how!