Reminder: Google Insecure Forms Warning Coming Next Month
1 Star2 Stars3 Stars4 Stars5 Stars (6 votes, average: 5.00 out of 5)
loadingLoading...

Reminder: Google Insecure Forms Warning Coming Next Month

Starting with the release of Chrome 62, Google will mark any website with an insecure form “Not Secure.”

If you haven’t added SSL to your website, you may want to—an important deadline is coming up. Starting in October with the release of Chrome 62, Google will be marking any website with an insecure form “Not Secure.” This isn’t just a warning for pages with an insecure login/password field, now it’s any field—anywhere a user can input information.

Insecure Password Warning, Firefox 52
The warning for an insecure password field.

This is keeping with Google’s push for universal encryption. The company has continued to ramp up pressure for websites to add SSL. And Google doesn’t plan to stop at just warning Chrome users about insecure forms, either. Google plans to roll out a warning for all HTTP websites sometime in 2018.

HTTP website

So heed this warning, if your website is anything more than a blog or a personal website, you need to encrypt. Whether you’re just collecting an email address as part of a capture strategy or you’ve got a signup form somewhere, you’ll be sorry if you don’t secure it before Chrome 62 drops in October.

“Not Secure” warnings kill conversions

Nothing is going to kill your conversion rate faster than Google placing a “Not Secure” warning in your address bar or drop an interstitial warning when a customer attempts to type in one of your website’s fields.

And it’s not just Google, the other browsers are also adopting similar policies with regard to encryption and insecure websites.

Think about it, people tend to trust their browsers. When one of them tells a user that he or she is not safe on a website, the vast majority of people are going to leave. Nobody is sitting at their computer saying, “this seems like a worthwhile risk to take.”

So remember, if your website has any forms on it—install SSL. Waiting until Google flags your website is playing with fire. It’s time to add SSL.

1 comment
  • You can already test the behavior somewhat in Chrome 61 for the incognito warnings. Go to chrome://flags/#mark-non-secure-as and set the flag to warn on “HTTP while in incognito mode”.

    If you download Chrome Canary (now at 63), you can test all these warnings, but you need to set that flag to “HTTP while in incognito mode or after editing forms” or the “chrome://flags/#enable-http-form-warning” to Enabled.

    Find an HTTP website with a contact form, and you’ll see the warning display as soon as you start typing in the form.

    Definitely time for HTTP site owners to upgrade to HTTPS, or they’ll miss out on a lot of contacts.

Leave a Reply

Your email address will not be published. Required fields are marked *

Captcha *

Author

Patrick Nohe

Hashed Out’s Editor-in-Chief also serves as Content Manager for The SSL Store™.