Starting October 2017, any HTTP sites using login fields and other input sections will be flagged as “not secure” by Google Chrome. This is a part of series of actions by Google to increase online security. Google has already started marking HTTP sites that collect passwords or credit cards as not secure in Chrome v. 56. Since this change, there has been a 23 percent reduction in visits to HTTP page that prompt a password or credit card info on desktop. In April, Google reported that Chrome will also show the “not secure” message on HTTP sites when users enter data and on all HTTP sites visited in incognito mode.
As they are deploying these changes, the Chrome team urges to not delay the transition to HTTPS. HyperText Transfer Protocol is the process that relays data between website and browser. HyperText Transfer Protocol Secure encrypts all communication between browser and website using an agreed-upon “code” that scrambles any messages sent. This keeps information safe from hackers. HTTPS only guarantees a secure connection if users are communicating with real websites, not malicious website impersonating a legitimate one.
A way to protect user information is implementing SSL certificates across sites. These certificates establish an encrypted link between browser and web server that HTTP sites don’t provide. The links ensure that all data passed between web server and browser remain private and integral. Allowing automated SSL integration within your domains will certify that your websites will always stay secure.
DevHub covers SSL requirements extensively - if you would like to learn more about how DevHub can solve for SSL and web standards forever - contact us.