Chrome warn users of insecure HTTP transmitting passwords or credit card info
Google is on mission to make internet safer place. Its ultimate goal is to display warning that HTTP sites rather than HTTPS are insecure but this is long term plan – there are many stages to go.
Start at beginning of next year in Chrome 56 plan moves to its next stage. As of January 2017, any HTTP sites transmitting passwords or credit card details will be flagged up as being insecure.
Talk about public perception of online security company says:
Chrome currently indicates HTTP connections with neutral indicator. This doesn’t reflect the true lack of security for HTTP connections. When you load a website over HTTP, someone else on the network can look at or modify the site before it gets to you.
some of web traffic has transitioned to HTTPS so far, HTTPS usage is consistently increasing. We recently hit a milestone with more than half of Chrome desktop page loads now served over HTTPS. In addition, since the time we released our HTTPS report in February, 12 more of top 100 websites have changed their serving default from HTTP to HTTPS.
Studies show that users do not perceive the lack of secure icon as a warning, but also that users become blind to warnings that occur too frequently. Our plan to label HTTP sites more clearly and accurately as non-secure will take place in gradual steps, based on increasingly stringent criteria. Start January 2017, Chrome 56 will label HTTP pages with password or credit card form fields as not secure