Web Should Be Considered Safe by Default – Google to Stop Marking HTTPS Sites as “Secure”
Google has announced that its Chrome browser will stop marking HTTPS sites as “secure” starting from September this year. In its ongoing efforts to make the web more secure, the company will also start labelling non-HTTPS sites as “not secure” starting from October.
“HTTPS usage on the web has taken off as we’ve evolved Chrome security indicators,” the company wrote in today’s announcement. “Users should expect that the web is safe by default, and they’ll be warned when there’s an issue.”
Since we’ll soon start marking all HTTP pages as “not secure”, we’ll step towards removing Chrome’s positive security indicators so that the default unmarked state is secure.
Eventually, the lock icon will also be removed from the address bar. When Chrome 68 is released in July, HTTP sites will look like this:
The company said as the HTTP usage is going down, it will stop using the strong red warning, and will only show the red label when users trust a non-HTTPS site and start entering data on such a website. Here’s what that looks like:
HTTPS is considered to be a secure version of the HTTP protocol that reduces the risk of data exposure, eavesdropping, and man-in-the-middle kind of attacks. Google had shared earlier in the year that over 78 percent of traffic on Chrome OS and Mac was HTTPS. On Android and Windows, 68 percent of Chrome traffic was HTTPS, marking an increased adoption of the more secure protocol.
In today’s post, the company also argues that HTTPS is cheaper and easier than ever before making it a stronger case for everyone to migrate to HTTPS. Google had also shared set-up guides to help you start the process.