Google to Announce ‘Not Secure’ Forms from October 17
Google have been encouraging webmasters to add SSL/HTTPS to their sites for the last 3 years, even offering SEO benefits to people who adopt the 2048-bit key certificates on their sites. Most recently, Google have sent out email notifications via Search Console (previously Webmaster Tools) to let site owners know that web pages with forms will be marked as ‘not secure’ on Chrome if they are on a page without an SSL. These changes will come into effect from October 2017.
Google have warned that, “Beginning in October 2017, Chrome will show the ‘not secure’ warning in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode.”
This is part of an ongoing push that will see criteria for ‘not secure’ warnings broaden over time. Google state that ultimately “Passwords and credit cards are not the only types of data that should be private. Any type of data that users type into websites should not be accessible to others on the network.”
Eventually, Google plans to show the ‘not secure’ warning for all HTTP pages, regardless of whether they have forms or whether they are viewed in Incognito mode. This means that migration to HTTPS and adoption of SSLs should be seen as a standard feature and a basic requirement for all websites, rather than enhanced security that is only relevant to e-commerce websites.