Thursday, October 6, 2016
Chrome to Label HTTP Pages with Password or Credit
Chrome to Label HTTP Pages with Password or Credit
Chrome to Label HTTP Pages with Password or Credit
Starting from January of 2017, Google Chrome will start marking all HTTP sites that transmit passwords or credit cards information as non-secure. Although this has been a long term plan by Google but they have finally decided to start implementing it by the first month of 2017.For those of us who might not know what the difference between HTTP and HTTPS is, HTTPS is a more secure version of the HTTP protocol used on the internet to connect users to websites. And Secured connections are necessary safety measures which are considered to decrease the risk of internet users being exposed to vulnerabilities like online eaves dropping, keylogging and other data modification especially when performing an online transaction or transmitting passwords.
Although Google search engine has already been giving sites with HTTPS connection more priority over sites with HTTP, Google has decided to replace the regular neutral icon that appears beside an HTTP website on chrome browser with a more explicit marking
Google will extend their warnings with subsequent releases. One example giving is labeling HTTP pages as not secure in the browsers Incognito mode, where users often assume a higher level of privacy.
Google plans to mark all HTTP pages as non-secure and use the same red triangle it currently uses for broken HTTPS sites.
Eventually, by January of 2017 which also happens to be the time Google will be releasing their chrome version 56, this new changes will start taking effect.
Googles statement:
To help users browse the web safely, Chrome indicates connection security with an icon in the address bar. Historically, Chrome has not explicitly labelled HTTP connections as non-secure. Beginning in January 2017 (Chrome 56), well mark HTTP sites that transmit passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.
Chrome currently indicates HTTP connections with a neutral indicator. This doesnt reflect the true lack of security for HTTP connections. When you load a website over HTTP, someone else on the network can look at or modify the site before it gets to you.
Studies show that users do not perceive the lack of a secure icon as a warning, but also that users become blind to warnings that occur too frequently. Our plan to label HTTP sites more clearly and accurately as non-secure will take place in gradual steps, based on increasingly stringent criteria. Starting January 2017, Chrome 56 will label HTTP pages with password or credit card form fields as not secure, given their particularly sensitive nature.
In following releases, we will continue to extend HTTP warnings, for example, by labelling HTTP pages as not secure in Incognito mode, where users may have higher expectations of privacy. Eventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS.
Available link for download