Google Search Console Reaffirms Upcoming HTTP Warning
A reminder that Chrome will eventually mark all HTTP pages as “not secure.”
Google Search Console (formerly Webmaster Tools) has begun sending a new message to site owners about unsecured HTTP.
The message is a reminder that, with the release of Chrome 56 next month, all pages that collect passwords or credit cards over HTTP will be labeled “Not Secure.” This will appear in address bar and pages will also lose the green padlock icon.
Also included in the message is a sneak peek of the future. Near the bottom, it says “the new warning is the first stage of a long-term plan to mark all pages served over the non-encrypted HTTP protocol as “Not Secure.”
For those who follow HTTPs news closely, you will know this is not a new announcement. Google published its plan more than a year ago.
Since then, Google has been working on improvements across the board: redesigning its security UI for improved user understanding, making it easier for sites to adopt the secure protocol, and waiting for HTTPS to become prevalent enough to make the switch without large-scale disruption.
But no one knows when the big change – the labeling of all HTTP pages as “Not Secure” – will happen. In Google’s original proposal they suggested benchmarks based on the percentage of pages loaded securely over HTTPS. Though it was noted this was only an example, and Google has not publicly committed to any specific criteria.
While we can’t say for sure, it’s likely more than a year until all HTTP traffic is marked ‘Not Secure’. Chrome already has one major plan for SSL in 2017 – mandatory participation in Certificate Transparency; and despite a major landmark for encrypted traffic in 2016, there is still a long way to go until the majority of the web is ready for HTTPS.
Note: Thanks to Glenn Gabe who shared the Google Search Console message on Twitter.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018in Hashing Out Cyber Security
How to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chromein Everything Encryption
Re-Hashed: How to Fix SSL Connection Errors on Android Phonesin Everything Encryption
Cloud Security: 5 Serious Emerging Cloud Computing Threats to Avoidin ssl certificates
This is what happens when your SSL certificate expiresin Everything Encryption
Re-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Messagein Hashing Out Cyber Security
Report it Right: AMCA got hacked – Not Quest and LabCorpin Hashing Out Cyber Security
Re-Hashed: How to clear HSTS settings in Chrome and Firefoxin Everything Encryption
Re-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithmsin Everything Encryption
The Difference Between Root Certificates and Intermediate Certificatesin Everything Encryption
The difference between Encryption, Hashing and Saltingin Everything Encryption
Re-Hashed: How To Disable Firefox Insecure Password Warningsin Hashing Out Cyber Security
Cipher Suites: Ciphers, Algorithms and Negotiating Security Settingsin Everything Encryption
The Ultimate Hacker Movies List for December 2020in Hashing Out Cyber Security Monthly Digest
Anatomy of a Scam: Work from home for Amazonin Hashing Out Cyber Security
The Top 9 Cyber Security Threats That Will Ruin Your Dayin Hashing Out Cyber Security
How strong is 256-bit Encryption?in Everything Encryption
Re-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3in Everything Encryption
How to View SSL Certificate Details in Chrome 56in Industry Lowdown
PayPal Phishing Certificates Far More Prevalent Than Previously Thoughtin Industry Lowdown