Google Chrome to start marking HTTP connections as insecure

In a similar vein, Google also plans to drop SHA-1 encryption from Chrome by January 1, 2017.

Google today continued its campaign to tighten the screws on unencrypted web traffic as it outlined the next steps it will take with Chrome to warn users of insecure connections.

This doesn’t reflect the true lack of security for HTTP connections.

Chrome now indicates HTTP connections with a neutral indicator, which doesn’t reflect the true lack of security for HTTP connections. When you load a website over HTTP, someone else on the network can look at or modify the site before it gets to you.

Google’s Emily Schechter of the Chrome Security Team said on Thursday that starting with Chrome 56, slated to arrive in January 2017, the browser will visually inform users when HTTP sites are not securing the transmission of their credit card information and/or passwords.

How Chrome will flag HTTP pages that ask users for passwords or credit card numbers. Furthermore, they will change the HTTP security indicator to the red triangle icon now used for broken HTTPS connections. If they do, it’s an indicator that the site they’re browsing isn’t keeping up with encryption standards. “We recently hit a milestone with more than half of Chrome desktop page loads now served over HTTPS”, Schechter wrote. But only one-third of the top 100 non-Google sites use a secure connection as its default.

2016 might be the year that HTTP finally dies.

“Chrome now indicates HTTP connections with a neutral indicator”, Emily Schechter wrote in a blog post.

Considering how frequent cyber attacks have become, on both commerce related and general sites alike, it is pretty much clear that the entire world wide web needs to move to HTTPS, in order to get at least the minimal layer of protection against such threats.

But Google plans to go further. The announcement comes months ahead of the move to allow developers and sites enough time to migrate from to HTTPS before the change kicks in, Schechter explained. In 2015, the White House announced that all federal websites must use a secure connection by the end of this year.

If you’re not sure what HTTPS is all about, it’s short for HyperText Transfer Protocol Secure.

The Internet Security Research Group’s Let’s Encrypt initiative helped 3.8 million sites move to a secure connection, according to a Wired report.