Chrome will mark login pages that don’t use https as insecure

As of Chrome version 56, Google will label websites that forward passwords and payment information as insecure if they do not use https. Version 56 should be released in January 2017. In the long run, the company wants to label all non-https sites as insecure.

Chrome will then display ‘Not secure’ or ‘Not secure’ to the right of the information sign in the browser bar. At the moment, the indication of an http page is still neutral writes the Security team of Google on a blog. When viewing pages with a secure connection, a green lock appears in the browser bar.

Google previously had the plan to display a non-https page as unsafe by means of a lock with a large red cross through it. This was supposed to be introduced at the beginning of 2016, something that has not happened so far. Since Google started its crusade against HTTP connections, a milestone has recently been reached, with more than half of all sites that load via the desktop version of Chrome would be served via an https connection.

The reason Google wants to give a clearer warning is because people are getting used to warnings and often overlook the safe lock and don’t think about it anymore. Initially, the normal Chrome browser will only show a warning on pages where sensitive data must be entered, but eventually it wants to show a warning everywhere. If the browser is used in private mode, a warning will appear on every non-https page from Chrome 56.

In the end it should look like this