Google today announced its next steps for how Chrome labels HTTP and HTTPS sites. Starting in September 2018, Chrome will stop marking HTTPS sites as “Secure” in its address bar. And then in October 2018, Chrome will start displaying a red “Not secure” label when users enter data into HTTP pages.
HTTPS is a more secure version of the HTTP protocol used on the internet to connect users to websites. Secure connections are widely considered a necessary measure to decrease the risk of users being vulnerable to content injection (which can result in eavesdropping, man-in-the-middle attacks, and other data modification). Data is kept secure from third parties, and users can be more confident they are communicating with the correct website.
Google has been pushing the web to HTTPS for years, but it accelerated its efforts last year by making changes to Chrome’s user interface. Chrome 56, released in January 2017, started marking HTTP pages that collect passwords or credit cards as “Not secure.” Chrome 62, released in October 2017, started marking HTTP sites with entered data and all HTTP sites viewed in Incognito mode as “Not secure.”
With the release of Chrome 68 in July, here is what HTTP sites will look like in the address bar:
Notice that they are labeled as “Not secure” but the text is still gray.
With the release of Chrome 69 in September, HTTPS sites will no longer sport the “Secure” wording:
This is an odd decision. I prefer seeing the green “Secure” label when I’m about to log in to a website or enter credit card information.
Google believes, however, that…