Starting today with the release of Chrome 68, Google Chrome prominently marks all non-HTTPS websites as 'Not Secure' in its years-long effort to make the web a more secure place for Internet users.
So if you are still running an insecure HTTP (Hypertext Transfer Protocol) website, many of your visitors might already be greeted with a 'Not Secure' message on their Google Chrome browser warning them that they can't trust your website to be secure.
By displaying 'Not Secure,' Google Chrome means that your connection is not secure because there is no SSL Certificate to encrypt your connection between your computer and the website's server.
So, anything sent over a non-HTTPS connection is in plain text, like your password or payment card information, allowing attackers to snoop or tamper with your data.
The non-https connection has been considered dangerous particularly for web pages that transfer sensitive information—like login pages and payment forms—as it could allow a man-in-the-middle attacker to intercept passwords, login session, cookies and credit card details as they travel across the network.
Initial Stage — Starting with the release of Chrome 56 in January 2017, Google began its mission to make the web a more secure place by displaying 'Not Secure' warning in the address bar for those HTTP websites that collect passwords and credit card information on their customers.
Transitional Stage — Later in October 2017 with the release of Google Chrome 62, the web browser started labelling all those websites as 'Not Secure' which had any kind of text input fields to enter data over an insecure HTTP site as well as on all HTTP pages visited in Incognito mode, where users may have higher expectations of privacy.
Final Stage — Today, 24th July 2018, Google has released Chrome 68, giving the entire web a push towards secure and encrypted HTTPS connections by marking all websites that do not use the secure HTTPS encryption as 'Not Secure,' even if they don't handle sensitive data, communications, or information.
According to Google's transparency report, 75 percent of websites visited in Google Chrome on Windows is using HTTPS, and 81 out of the top 100 sites on the Internet today use HTTPS by default.
If you do not yet have SSL implemented yet, your website with the Not Secure warning is going to scare your visitors.
Today, installing an SSL certificate and enabling HTTPS on a website is neither expensive nor a tough task. You can merely use automated services like CloudFlare or Let's Encrypt that allow anyone to obtain free SSL certificates for their web servers.
Google has also published a technical tutorial on how to migrate a website to HTTPS.
Besides this, with the release of Google Chrome 69 in September this year, the company is also planning to remove the "Secure" label on HTTPS web pages, giving users the idea that the web is a safe place by default.
So if you are still running an insecure HTTP (Hypertext Transfer Protocol) website, many of your visitors might already be greeted with a 'Not Secure' message on their Google Chrome browser warning them that they can't trust your website to be secure.
By displaying 'Not Secure,' Google Chrome means that your connection is not secure because there is no SSL Certificate to encrypt your connection between your computer and the website's server.
So, anything sent over a non-HTTPS connection is in plain text, like your password or payment card information, allowing attackers to snoop or tamper with your data.
The non-https connection has been considered dangerous particularly for web pages that transfer sensitive information—like login pages and payment forms—as it could allow a man-in-the-middle attacker to intercept passwords, login session, cookies and credit card details as they travel across the network.
Timeline of Not Secure Warning on Google Chrome
This significant transition has not occurred overnight, Google intentionally processed it slowly over the period of a few years to give website admins enough time to move their sites over to a secure connection.Initial Stage — Starting with the release of Chrome 56 in January 2017, Google began its mission to make the web a more secure place by displaying 'Not Secure' warning in the address bar for those HTTP websites that collect passwords and credit card information on their customers.
Transitional Stage — Later in October 2017 with the release of Google Chrome 62, the web browser started labelling all those websites as 'Not Secure' which had any kind of text input fields to enter data over an insecure HTTP site as well as on all HTTP pages visited in Incognito mode, where users may have higher expectations of privacy.
Final Stage — Today, 24th July 2018, Google has released Chrome 68, giving the entire web a push towards secure and encrypted HTTPS connections by marking all websites that do not use the secure HTTPS encryption as 'Not Secure,' even if they don't handle sensitive data, communications, or information.
What Next? Move Your Site to HTTPS
According to Google's transparency report, 75 percent of websites visited in Google Chrome on Windows is using HTTPS, and 81 out of the top 100 sites on the Internet today use HTTPS by default.
6 Reasons Why You Should Enable HTTPS On Your Website
- HTTPS improves Google rankings and SEO
- HTTPS improves website security and privacy
- HTTPS increases credibility and improves customer confidence
- HTTPS improves website speed, as HTTP2 is faster than HTTP
- HTTPS makes surfing over public Wi-Fi safer
- HTTPS is now free!
If you do not yet have SSL implemented yet, your website with the Not Secure warning is going to scare your visitors.
Today, installing an SSL certificate and enabling HTTPS on a website is neither expensive nor a tough task. You can merely use automated services like CloudFlare or Let's Encrypt that allow anyone to obtain free SSL certificates for their web servers.
Google has also published a technical tutorial on how to migrate a website to HTTPS.
Besides this, with the release of Google Chrome 69 in September this year, the company is also planning to remove the "Secure" label on HTTPS web pages, giving users the idea that the web is a safe place by default.