Google has stated that from January 2017, its Chrome browser will mark HTTP sites that transmit passwords or credit card details as non-secure.
Historically, Chrome has not labelled HTTP connections as non-secure. Chrome currently indicates HTTP connections with a neutral indicator.
“This doesn’t reflect the true lack of security for HTTP connections. When you load a website over HTTP, someone else on the network can look at or modify the site before it gets to you,” said Google.
Studies show that users do not perceive the lack of a “secure” icon as a warning, but become blind to warnings that occur too frequently.
“Our plan to label HTTP sites more clearly and accurately as non-secure will take place in gradual steps.”
Eventually, Google plans to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle it uses for broken HTTPS.