Chrome’s security indicators will switch from positive to negative
Due to the increasingly ubiquitous nature of HTTPS Google will no longer let you know if a page is secure. Instead, it will let you know if a page isn’t secure. They plan to roll out the changes starting in September of this year.
Just to remind you, HTTPS is a more secure communication protocol than HTTP. When you enter information into a form on a site using HTTPS it’s harder for hackers to grab your sensitive information. The vast majority of sites nowadays use HTTPS rather than HTTP which is why Google is making this change. Google’s logic is that since HTTPS is everywhere they don’t need to keep alerting people about it. Instead, users should be alerted when a site isn’t using HTTPS.
Right now, Chrome highlights HTTPS pages via a lock icon and the word “Secure” while HTTP pages contain no warning that they aren’t secure. That will change starting in September 2018 when the word “Secure” will be removed from HTTPS pages. Eventually, the lock icon will be removed from those pages as well. So, this is happening in stages.
Google is doing this because they believe that a safe web experience should be something users expect by default. Therefore, starting in October 2018 HTTP pages will come with a warning that they are not secure along with an accompanying red triangle and the phrase “not secure”.
From what I can tell, this is the order in which it’s going to happen:
In July 2018, if your website doesn’t have HTTPS it’s going to be marked “unsafe” by Google. However, three months later, in October 2018, they’re only going to show the embarrassing red triangle if someone attempts to interact with your site in some way, like filling out a form.
Business owners especially should take heed of this upcoming change. Chrome is the most commonly used browser in the US. and it’s going to be pretty embarrassing if you’re trying to make a good impression on prospective clients and they encounter that red triangle alerting them that your site is “unsafe”. They probably aren’t going to want to stick around long enough to sign up for something or make a purchase.. At the very least it could make it look like you’re behind the times and pretty sloppy when it comes to cybersecurity.
As I hinted at in the above paragraph, this change is only going to affect Chrome. Safari, Mozilla Firefox, and Edge are going to keep doing things the way they’ve always done them.
I’m going to end this with a head’s up. When the change takes place and that word “secure” disappears from the address bar starting in September, your customers (and prospective customers) might worry if they haven’t heard about the update. They might be hesitant to enter sensitive information into a signup form or make a purchase. In other words, it could cause some friction. Therefore, it might not be a bad idea to temporarily offer your customers and prospective customers an explanation about the change. You could place the information next to a signup form or offer it when they’re ready to make a purchase.