Over the past week I’ve seen more than my fair share of emails from Google regarding “Nonsecure Collection of Passwords will trigger warnings in Chrome 56″.
It’s a big change, but not exactly a surprising one.
Google has been pushing to make the web more secure for a long time. Seeing HTTPS and green padlocks all over the web has been a key direction for them – they’ve even given secure sites a ranking boost as part of their algorithms. This new change is really an extension of their general SEO ethos.
So anyone running the latest version of Google’s Chrome Browser (version 56) will see a warning when browsing any web page that asks for sensitive information. The examples they’ve given are passwords or credit card details but undoubtedly there’s other situations a user would be presented with a warning too.
I’ve been recommending web owners migrate to HTTPS for a few years, but now it’s become really important especially if you have any page users can log in through (including I expect WordPress Dashboard login pages like wp-login.php) or e-commerce.
These things may well be frustrating when they first crop up, requiring immediate changes to your website. But bear in mind Google has been open about their general desires for the web (that it be easy to find useful information, that it be secure, mobile friendly and fast) for a long time. So as long as you apply those same concepts to your own site as soon as you can then changes like this will actually put you ahead of the curve.
In case you know this impacts you but haven’t yet had the email from Google about it (or don’t use Google Search Console in which case you’d never get one) here is the text of their message:
Nonsecure Collection of Passwords will trigger warnings in Chrome 56 for http://www.domain.com/
To: owner of http://www.domain.com/
Beginning in January 2017, Chrome (version 56 and later) will mark pages that collect passwords or credit card details as “Not Secure” unless the pages are served over HTTPS.
The following URLs include input fields for passwords or credit card details that will trigger the new Chrome warning. Review these examples to see where these warnings will appear, and so you can take action to help protect users’ data. The list is not exhaustive.
{examples are given here}
The new warning is the first stage of a long-term plan to mark all pages served over the non-encrypted HTTP protocol as “Not Secure”.