To help users navigate the Web safely, Chrome uses ICONS in the address bar to indicate whether the connection is secure. In the past, Chrome has not explicitly flagged HTTP connections as unsafe.
Starting in January 2017 (Chrome 56), we will mark HTTP sites that transmit passwords or credit cards as insecure as part of our long-term plan to mark all HTTP sites as insecure.
Chrome currently indicates HTTP connections in a neutral way. This does not reflect an actual lack of security in HTTP connections. When you load an HTTP web site, other people on the network can view or modify the site before it is displayed.
At present, a large proportion of network traffic has transitioned to HTTPS, and the usage of HTTPS is also increasing. We recently completed a milestone that now has more than half of Chrome desktop device page loads delivered via HTTPS. In addition, since we published our HTTPS report in February, more than a dozen of the top 100 sites have changed their default delivery from HTTP to HTTPS.
The study showed that users neither perceived the lack of a “safety” icon as a warning nor began to ignore the frequent warnings. Our plan is to more clearly and accurately label HTTP sites as unsafe, and this will continue over time, with stricter standards. Starting in January 2017, Chrome 56 will label HTTP web pages with passwords or credit-card form fields as “insecure,” especially given their extremely sensitive nature.
In future releases, we will continue to expand HTTP warnings, such as labeling HTTP web pages as “unsafe” in incognito mode, where users have a higher expectation of privacy. Eventually, we plan to mark all HTTP web pages as insecure and change the HTTP security indicator to the red triangle we used for failed HTTPS.
We will post updates to this plan as future releases get closer, but please start migrating to HTTPS immediately. HTTPS is simpler and cheaper than the old way, can achieve the best performance of web pages and powerful new features that HTTP can’t. Check out our setup guide to get started.
Posted by Emily Schechter, Chrome Security Team
The dream is here
Linmi.cc /? p=653