Google’s efforts with Chrome to encourage the web’s transition to HTTPS are beginning to pay off. The company has now announced plans to extend the effort with the “Not secure” badge scheduled to show up on more HTTP pages.
With version 56 in January, Chrome began marking HTTP sites with password or credit card fields as “Not secure” in the address bar. As a result, Google noted a 23% reduction in the fraction of navigations to HTTP pages with password or credit card forms on desktop.
Google is now extending the warning to any HTTP site where user data is entered. Notably, the badge will not appear in the address bar until users begin entering information into a field.
Passwords and credit cards are not the only types of data that should be private. Any type of data that users type into websites should not be accessible to others on the network, so starting in version 62 Chrome will show the “Not secure” warning when users type data into HTTP sites.
Additionally, the blog post notes that as users have an increased expectation of privacy in Incognito, the Not secure badge will be present when visiting any HTTP site in that mode. These changes will rollout with Chrome 62 in October.
Google’s end goal is to show a “Not secure” warning for all HTTP pages and encourage the adoption of more secure pages. The company notes the transition is easier and cheaper than ever, while also allowing for more functionality.