Google aims to step up its campaign against an unencrypted internet by alerting users to any websites that still aren’t using HTTPS connections. The search giant has said that when the next version of Chrome launches, it will begin displaying a new warning on any login pages that aren’t encrypted, or in other words using HTTP. This is scheduled to start in January 2017 with the rollout of Chrome 56.
This “not secure” warnings will be displayed in password and credit card fields on said webpages, as well as in a window alongside the address bar. To start off with, the words “not secure” will appear next to the address of unencrypted sites, but in the future they will also be labeled with a red triangle symbol, designed to steer users away from the pages.
A post on Google’s security blog explains that sites still using HTTP are a risk because “someone else on the network can look at or modify the site before it gets to you.” Login or payment pages that are unencrypted are even more dangerous, as an attacker can easily intercept the submitted information as it moves across the network.
The need for such bright and clear labeling is interesting, as Google notes that users often don’t notice a lack of a “secure” icon or message as a warning. “Chrome currently indicates HTTP connections with a neutral indicator,” Chrome Security Team’s Emily Schechter writes. “This doesn’t reflect the true lack of security for HTTP connections.”