If you have been running a website without the secure HTTPS encryption, it is time you adopt the protocol. Chrome Security Product Manager, Emily Schechter has announced through an official blog that Google Chrome will mark all websites that do not use the HTTPS encryption as “not secure”.
The crackdown on such websites will begin in July 2018 when Google Chrome 68 will be launched. In Chrome 68, the omnibox will display the “not secure” message for all HTTP pages. As described in its blog, 81 out of the top 100 sites on the web use HTTPS by default, and over 68 percent of Chrome traffic on both Android and Windows is now protected, while over 78 percent of Chrome traffic on both Chrome OS and Mac is now protected with the secure encryption.
To help developers migrate to HTTPS, Chrome has made mixed content audits available in the latest Node CLI version of Lighthouse. The new automated tool helps developers find which resources a site loads using HTTP, and which of those are ready to be upgraded to HTTPS simply by changing the subresource reference to the HTTPS version.
With Chrome 68, it will be easier for the end-user to understand that all HTTP sites are not secure. As Google explains, “When you load a website over HTTP, someone else on the network can look at or modify the site before it gets to you.” Hence, it is always a good practice to check if the web page you access is secure or not. This is especially important when your are using financial services on the web.
Google started its crackdown in January 2017 with the release of Chrome 56. However, it started labeling only those HTTP pages “not secure” which collect passwords or credit cards. With the upcoming Chrome 68, the labeling will extend to a larger chunk of HTTP websites. The eventual idea is to change the HTTP security indicator on such pages to the red triangle which is used for broken HTTPS.