Remember meForgot password?
    Log in with Twitter

Google prepares to label some HTTP webpages 'Not Secure'

By James Walker     Dec 12, 2016 in Technology
Google has rolled out a beta version of Chrome that marks traditional HTTP websites with password and credit card fields as "not secure." The company hopes the move will pressurise websites into using the secure HTTPS protocol to transmit sensitive data.
Google first warned of the changes back in September. They are now published to the latest Chrome Beta release and will be launched publicly with Chrome 56. According to Google, the new classification of HTTP websites will help users to stay secure online.
HTTP is the "classic" web protocol used to connect different devices together. It doesn't offer any security, transmitting data in plain text. While most modern reputable sites use the secure version of the protocol, HTTPS, some still offer login forms and even purchase gateways that aren't protected. Google will now notify users when this is the case, making it evident that HTTPS is not in use and no data is being encrypted.
Chrome will detect when a webpage contains a password t=_blank]or credit card input field. If HTTPS is not being used, a "Not Secure" warning will be placed in the address bar, where the green "secure" padlock would be for an HTTPS site. Previously, HTTP pages had a neutral grey icon. This will continue to be used on sites which do not collect sensitive information.
Google Chrome s new  Not Secure  flag for websites which put sensitive information at risk
Google Chrome's new "Not Secure" flag for websites which put sensitive information at risk
"To help users browse safely, Chrome indicates connection security with an icon in the address bar," said Google. "Historically, Chrome has not explicitly labelled HTTP connections as non-secure. Starting in version 56, Chrome will mark HTTP pages that collect passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure."
Recently, HTTPS adoption has begun to accelerate, spreading across the Internet and keeping data private. Around two thirds of page loads made by desktop Chrome users on Windows, Mac and Linux are now made securely, according to Google's latest HTTPS Transparency Report. Besides encouraging protocol adoption, Google also wants to educate people on the risks of insecure connections. The new "Not Secure" marker will help people to consciously appreciate they're about to enter their credit card number into a webpage that offers no security.
Chrome 56 also includes a few new features that extend the functionality offered by websites. Google has expanded on the Web Bluetooth API to enable developers to access the Bluetooth Low Energy modules in compatible Android devices. Websites can connect to Bluetooth accessories in "just a few lines" of code, letting them engage with printers and LED displays.
Google has also added support for the Remote Playback API that allows webpages to control the media playing on smart TVs and home speaker systems. There's additional compatibility with Physical Web beacon devices and WebVR headsets too. It all combines to create a richer online experience. The update should launch publicly in early January.
More about Google, Google chrome, HTTP, https, Security