SSL Chrome 56 in Jan 2017 to mark password/login sites insecure on HTTP

eva2000 · Sep 10, 2016

Google is pushing for more HTTPS and though SSL certificate adoption when they release Chrome 56 in January 2016. Chrome 56 will mark sites transmitting passwords or logins over HTTP as insecure Google Online Security Blog: Moving towards a more secure web

To help users browse the web safely, Chrome indicates connection security with an icon in the address bar. Historically, Chrome has not explicitly labelled HTTP connections as non-secure. Beginning in January 2017 (Chrome 56), we’ll mark HTTP sites that transmit passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.
Click to expand...

Chrome currently indicates HTTP connections with a neutral indicator. This doesn’t reflect the true lack of security for HTTP connections. When you load a website over HTTP, someone else on the network can look at or modify the site before it gets to you.
A substantial portion of web traffic has transitioned to HTTPS so far, and HTTPS usage is consistently increasing. We recently hit a milestone with more than half of Chrome desktop page loads now served over HTTPS. In addition, since the time we released our HTTPS report in February, 12 more of the top 100 websites have changed their serving default from HTTP to HTTPS.
Studies show that users do not perceive the lack of a “secure” icon as a warning, but also that users become blind to warnings that occur too frequently. Our plan to label HTTP sites more clearly and accurately as non-secure will take place in gradual steps, based on increasingly stringent criteria. Starting January 2017, Chrome 56 will label HTTP pages with password or credit card form fields as "not secure," given their particularly sensitive nature.
Click to expand...

and eventually

eva2000 · Dec 23, 2016

Only a few more days until Jan 2017 !

rdan · Dec 24, 2016

My version 57 installed still don't have that notice.

eva2000 · Dec 24, 2016

RoldanLT said: ↑

My version 57 installed still don't have that notice.
Click to expand...

Which web sites did you check with ?

i checked on a forum with http in chrome 57 and see a less visible message of such

rdan · Dec 24, 2016

eva2000 said: ↑

Which web sites did you check with ?
Click to expand...

Any http site.

eva2000 said: ↑

i checked on a forum with http in chrome 57 and see a less visible message of such

Click to expand...

Same here.
That's what I saw.

But not like this (marked as red or gray, as what they plan for January):

eva2000 · Dec 24, 2016

Probably Google won't enable that until Jan 2017 otherwise alot of web sites would be in trouble right now heh

eva2000 · Jan 25, 2017

Firefox is doing the same Communicating the Dangers of Non-Secure HTTP

In order to clearly highlight risk to the user, starting this month in Firefox 51 web pages which collect passwords but don’t use HTTPS will display a grey lock icon with a red strike-through in the address bar.

Clicking on the “i” icon, will show the text, “Connection is Not Secure” and “Logins entered on this page could be compromised”.

This has been the user experience in Firefox Dev Edition since January 2016. Since then, the percentage of login forms detected by Firefox that are fully secured with HTTPS has increased from nearly 40% to nearly 70%, and the number of HTTPS pages overall has also increased by 10%, as you can see in the graph above.

In upcoming releases, Firefox will show an in-context message when a user clicks into a username or password field on a page that doesn’t use HTTPS. That message will show the same grey lock icon with red strike-through, accompanied by a similar message, “This connection is not secure. Logins entered here could be compromised.”:

In-context warning for a password field on a page that doesn’t use HTTPS
Click to expand...

eva2000 · Jan 27, 2017

Chrome 56 has been released now ! Hope you all have HTTPS setup

BamaStangGuy · Jan 27, 2017

Our last site will be https by the end of the month.

CarpCharacin · Jan 27, 2017

It was actually released yesterday, that is when I updated.

eva2000 · Jan 27, 2017

it was ? guess i only checked today

Chrome 56 arrives with warning for HTTP password and credit card webpages, faster page reloading

also page reload performance boost!

Next, Chrome has received improvements for page reloading, which requires checking with the web server if cached resources are still usable (called validation). This typically results in hundreds of network requests per page issued to dozens of domains, and can be particularly taxing on mobile devices. Reloads are now 28 percent faster and result in 60 percent less validation requests.
Click to expand...

Log in / Register

Forums

Join the community today

SSL Chrome 56 in Jan 2017 to mark password/login sites insecure on HTTP

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

rdan Well-Known Member

eva2000 Administrator Staff Member

rdan Well-Known Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

BamaStangGuy Active Member

CarpCharacin Member

eva2000 Administrator Staff Member

.

Log in / Register

Useful Searches

Join the community today

SSL Chrome 56 in Jan 2017 to mark password/login sites insecure on HTTP

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

rdan Well-Known Member

eva2000 Administrator Staff Member

rdan Well-Known Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

BamaStangGuy Active Member

CarpCharacin Member

eva2000 Administrator Staff Member

.