“Not Secure” will show on sites even if people aren’t filling out a form field.
Google is upping the ante on SSL to nudge more websites toward moving to https://
Take a look at the graphic above. The top image currently shows in the address bar in Chrome for websites that use http:// (i.e., they don’t have an SSL certificate).
The second image currently shows on sites that don’t have SSL whenever someone enters information into a form field on the page.
Starting in July, the latest version of Chrome will show the second notification for sites that don’t have SSL even if someone is not inputting information into a form field.
I’m not sure how many people notice the “not secure” label. But my guess is the next step after this will be to make it more obvious, perhaps in a red color. So it probably makes sense to suck it up and upgrade to SSL now.
It would be nice if Google made this a little easier. Two things it could do are 1) create a one-click WordPress plugin to change to https once a certificate is installed and 2) make it so you don’t have to create a separate instance in Google Webmaster Central when you switch to https.
Terrible move. A green padlock does not mean the web site is safe, it simply means there is an SSL certificate installed. SSL certificates are a dime a dozen and can be installed e.g. via the use of cPanel that provides Auto SSL via Comodo. If all one does is to check the green padlock to feel safe when providing information to a form, that’s how phishing works – if not worse.
That pesky green padlock is one of many attributes one should check for in terms of confidence, but I agree that it by itself DOES NOT equal complete security or safety. 😉
Exactly. In essence, Google/Chrome is creating a false sense of security. The average Joe Browser would not check other parameters, they’d take Chrome’s behavior as gospel.
That’s why Google is upping the not secure warning, so that eventually https will be neutral and http will be in red, to best reflect the fact that http is insecure but https does not guarantee security.
Could be me, but my current version (Version 63.0.3239.132) of Chrome is already (now!) showing “Not Secure” for sites not using SSL.
Strange. You aren’t in a form field when it happens?
Nope… I typed in the address… site loads and “Not Secure” shows.
I wish someone would make a better browser than Chrome so I could dump it, FireFox to slow. DuckDuckGo did better than google with search, hope they make a browser soon
The whole thing is such a car crash. And what about Symantec? Google made them revoke a whole load of SSLs. Talk about hubris!
Domainers be like … yes I know Bulk 301… this is not good for parking and BrandBucket…
Looking back I see Matt Cutts talking about SSL Always On since 2010 that’s 8 years ago. All websites should be on free or paid SSL today. It is now a requirement whether we like it or not. I made the always on switch last year and felt that I was behind.
Google could have just said get it done by 1/1/2018 or get kicked to the curb, but, they chose the Green Padlock method instead. Maybe that helps keep old, since abandoned, but useful content alive.
I believe the driving force is to counter snooping between the device and the destination site. Think your phone company, your ISP, the FBI, censorship police, hackers, your infected router, your neighbor’s wifi, that submarine at the bottom of the ocean tapping the fiber optic lines (paranoid much).
For sure if you are a FBI target you are screwed either way. But HTTPS should help counter any ISP, phone company, or government trying to store huge amounts of data. Though I wonder what the data horders are planning next?
Matt Cutts 2010
https://www.mattcutts.com/blog/google-secure-search/