Skip to Main Content

Navigation

Minneapolis 2470 University Ave W
St Paul, MN 55114
+1 651-646-0696

New York City 1216 Broadway, 2nd Floor
New York, NY 10001
+1 929-322-4971

Google Takes Next Step Towards Securing the Web

Back in September of 2016, Google announced a long-term plan to warn users of the inherently insecure nature of HTTP and push site owners to take steps to integrate HTTPS support. Now, Google is ready to roll out Phase 2 of this plan and it will take effect in October of 2017 and it’s likely this WILL affect your website if you have not already ensured that your site supports HTTPS. Before we take a look at what this means, let’s take a quick look at the broader picture.

What is HTTPS?

When a web browser loads a web page, it asks a web server for the page, and it receives a response that enables the browser to display the page. For many websites, this communication takes place unencrypted over the standard HTTP protocol. HTTPS is a secure and encrypted protocol that enables the browser to encrypt its communication to the web server, ensuring that any information sent or received cannot be read or tampered with in transit. This is especially important for credit card information, and other sensitive data.

Google’s Plan

In September, the Google Security Blog announced an initiative to update the Chrome web browser to mark ALL HTTP pages as “Not Secure”. Ultimately, Google intends to treat all HTTP pages as insecure and display security warnings to users like the below:

Eventual treatment of all HTTP pages in Chrome

In order to afford site owners to make necessary arrangements, Google is rolling this plan out in phases. The first phase of this plan took effect in January 2017 when Chrome began explicitly displaying the phrase “Not Secure” within the browser on any page that collected passwords or credit card numbers.

Treatment of HTTP pages with password or credit card form fields

Phase 2

Starting in October 2017, Google will expand the use of the “Not Secure” label. The new phase 2 criteria will cover two additional situations: on all HTTP pages visited in “Incognito mode” and, more commonly, any time a user enters data on an HTTP page.

Google's animation new Chrome behavior

What Does This Mean for Me?

If your website has a search form, a contact form, or any other means for a user to enter information into the site, your site may be affected by this change. As organizations rely on the web more and more, it’s important to continue to ensure that users feel confident in your brand. Check with your web team - is Google going to tell users that your site is “Not secure?”

Sign Up For Our Newsletter

Join to receive updates, inspiration, and news in your inbox from time to time.