NewsUncategorized

Google Requires HTTPS for Secure Data

By September 29, 2017 No Comments

Starting in October, Google requires using HTTPS in Chrome for secure data. We are upgrading our hosting client from HTTP to HTTPS. In October, any website that uses HTTP will show a “Not Secure” warning in the address bar for any visitor entering text in a form on HTTP pages.

 

According to Google: “In January, we began our quest to improve how Chrome communicates the connection security of HTTP pages. Chrome now marks HTTP pages as “Not secure” if they have password or credit card fields. Beginning in October 2017, Chrome will show the “Not secure” warning in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode

Treatment of HTTP pages in Chrome 62

Treatment of HTTP pages in Chrome 62

“Our plan to label HTTP sites as non-secure is taking place in gradual steps, based on increasingly broad criteria. Since the change in Chrome 56, there has been a 23% reduction in the fraction of navigations to HTTP pages with password or credit card forms on desktop, and we’re ready to take the next steps. Passwords and credit cards are not the only types of data that should be private. Any type of data that users type into websites should not be accessible to others on the network, so starting in version 62 Chrome will show the “Not secure” warning when users type data into HTTP sites.”

Treatment of HTTP pages with user-entered data in Chrome 62

Treatment of HTTP pages with user-entered data in Chrome 62

“When users browse Chrome with Incognito mode, they likely have increased expectations of privacy. However, HTTP browsing is not private to others on the network, so in version 62 Chrome will also warn users when visiting an HTTP page in Incognito mode. Eventually, we plan to show the “Not secure” warning for all HTTP pages, even outside Incognito mode. We will publish updates as we approach future releases, but don’t wait to get started moving to HTTPS! HTTPS is easier and cheaper than ever before, and it enables both the best performance the web offers and powerful new features that are too sensitive for HTTP.” — by Emily Schechter, Chrome Security Team

The Basics — What is HTTPS?

HTTP (HyperText Transfer Protocol) and HTTPS (HyperText Transfer Protocol Secure) are both protocols, or languages, for passing information between web servers and clients. All you need to know is that HTTPS is a secure connection, whereas HTTP is unsecure. With a standard HTTP connection, it is possible for unauthorized parties to observe the conversation between your computing device and the site.

To comply with the new security requirements, hosting providers have aimed to make the process of moving websites over HTTPS as painless as possible and today more than 60% of all internet traffic is served over HTTPS. Even if your web host doesn’t offer HTTPS at your current hosting tier, there are ways around it with free services like CloudFlare. Other bonuses of switching to HTTPS is that Google has been experimenting with giving those pages an SEO bump in search rankings. And for those who care about page load times, just switching to HTTPS will result in your pages being served up faster than over HTTP.

Please let us know if your organization needs assistance with moving the website over HTTPS.

Request Assistance

Best,

Team at LIMIT8