Google is bringing the fight to non-encrypted login websites. Beginning with Chrome 56, the search giant’s popular web browser will utilize a new visual indicator to let people know that a site isn’t secure.
Emily Schechter from the Chrome Security Team explained in a recent blog post that Chrome currently indicates HTTP connections with a neutral indicator. Once it arrives, Chrome 56 will mark HTTP sites that transmit passwords or credit card information as explicitly being non-secure as shown in the example below.
Google recently found that more than half of Chrome desktop page loads are now served over HTTPS. In fact, since its last HTTPS report in February, 12 more of the top 100 websites have switched their serving default from HTTP to HTTPS.
Schechter points to a recent study that suggests the lack of a “secure” icon is not perceived as a warning. Conversely, users become blind to warnings that occur too frequently. For these reasons, the Chrome Security Team is planning to roll out its labeling system gradually over time.
In subsequent releases, for example, they’ll extend the warning to non-secure sites visited in Incognito mode with the eventual goal of labeling all HTTP pages as non-secure. Furthermore, they will change the HTTP security indicator to the red triangle icon currently used for broken HTTPS connections.
Google expects to release Chrome 56 with the enhanced warning system in place in January 2017.