Google will begin sending warnings to websites that have yet to switch their login forms to HTTPS. Google said that the security warnings will be triggered in Chrome in January if there is evidence of non-secure collection of passwords. It urged publishers to make the switch to avoid any issues.
Google is set to begin marking HTTP sites that collect credit cards or passwords in a non-secure manner from the end of January and is sending a mass of messages via the Google Search Console to remind webmasters to enable HTTPS, which is critical for those that collect any sort of payment or personal information.
HTTPS has other benefits as well, and according to Google, it can provide a small rankings boost. The search engine giant has said in the past that adding a SSL 2048-bit key certificate to a site carries less weight than more important signals such as high-quality content, but can contribute to more relevancy and ranking in SERPs.
“Beginning in January 2017, Chrome (version 56 and later) will mark pages that collect passwords or credit card details as ‘Not Secure’ unless the pages are served over HTTPS,” Google said. “The following URLs include input fields for passwords or credit card details that will trigger the new Chrome warning. Review these examples to see where these warnings will appear, and so you can take action to help protect users’ data. The list is not exhaustive.”
Google offered a link to a resource titled Why HTTPS Matters, which explains how the secure communication protocol protects the integrity of a website and the security and privacy of users visiting a website while enabling new cutting-edge tech and features. Webmasters have just over a month to make the necessary changes.
“From the end of January with Chrome 56, Chrome will mark HTTP sites that collect passwords or credit cards as non-secure,” Google added in a post on Google+. “Enabling HTTPS on your whole site is important, but if your site collects passwords, payment info or any other personal information, it’s critical to use HTTPS. Without HTTPS, bad actors can steal this confidential data. #NoHacked.”