Starting July 2018, with the launch of Chrome 68, Google Chrome will mark all HTTP sites or not protected by SSL as “Not secure”, fulfilling a plan rolled out in September 2016, in hopes of fostering a more secure web.
On Google’s official blog, Emily Schechter, a Chrome security product manager said:
“For the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption. And within the last year, we’ve also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as “not secure”. Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as “not secure”.”
This announcement is a huge deal. With the release of Chrome 68, here is how HTTP sites will look like in the address bar:
The logic behind the change, Google explained that "users should expect that the web is safe by default." It will remove the green padlock and "secure" wording from the address bar for every HTTP site beginning with Chrome 69 in September. This let users know that their personal credentials are safe and secure while browsing HTTPS sites.
What is the difference between HTTP and HTTPS?
HTTP stands HyperText Transfer Protocol and HTTPS stands for HyperText Transfer Protocol Secure. Both HTTPS and HTTP are protocols used to transfer data over the web. In basic terms, the difference between HTTPS and HTTP is that information sent using HTTPS is encrypted, and therefore secure, ensuring no one in the middle can tamper with the traffic or spy on what you’re doing, whereas information exchanged using HTTP (note: no "s" on the end) is not secure, and it can be intercepted by third parties to gather data being passed between the two systems.
HTTPS involves the use of an SSL certificate - which provide secure, encrypted communications between a website and an internet browser. "SSL" stands for Secure Sockets Layer, the protocol which provides the encryption.
This is especially important for sites where sensitive information is passed over the internet, such as ecommerce sites with non-secure pages that accept online card payments, or login pages and online forms that require users to enter their credentials.
While many websites will be affected of this, many are also in compliance. In Google’s blog, it also stated that:
- Over 68% of Chrome traffic on both Android and Windows is now protected
- Over 78% of Chrome traffic on both Chrome OS and Mac is now protected
- 81 of the top 100 sites on the web use HTTPS by default
Fairly, there’s no reason developers shouldn’t implement it. It’s cheaper and easier than ever before.
Mozilla also prepares to mark all HTTP sites "Not Secure" after HTTPS adoption rises following in Google’s footsteps. Jonathan Kingston, a security developer for Firefox, stated on Twitter that the company is experimenting to mark pages “Not Secure” in Firefox.
The increased adoption of HTTPS among website operators will soon lead to browsers marking HTTP pages as "Not Secure" by default.
Going back to Google, it offers an open source and a free security auditing tool called Lighthouse that let developers identify which website resources still load using HTTP and help improving the quality of web pages.
So make sure all commercial web pages are covered by SSL and begin transitioning to HTTPS as soon as possible in order to see success in business.
Move your website from HTTP to HTTPS with an SSL Certificate today!