Google’s move to make the web a more secure place goes into pro-active mode next January with the announcement this morning of a plan to begin marking pages that transmit passwords or credit cards through HTTP as ‘Not Secure’.
The move will come with the implementation of Chrome version 56 which is expected to launch in January. The current version Chrome 53, only began rolling out to Desktop and Android this week with support for improved power consumption as well as mobile payment implementation.
HTTP vs HTTPS is a big difference when it comes to security with sites using HTTP to transmit the sensitive data, which Google defines as passwords or credit cards (two obviously highly sensitive pieces of information), subject to man-in-the-middle attacks on network traffic.
The plan is to eventually mark all HTTP traffic as ‘Not Secure’, however they will begin first in Incognito mode, before moving on to the standard Chrome environment. Google will move to label the HTTP Security indicator with a hard to miss red triangle like that used for broken HTTPS.
If you’re a web site admin and want some help implementing HTTPS on your site, check out the Google resource guide for doing do
Is Ausdroid going to have HTTPS enabled? I highly recommend Lets Encrypt. Free SSL with auto-renewals that can be set up in about 10-15 minutes.
It’s on the list…