Google Apply Even More Pressure on Unencrypted Websites
In August 2017, we published a News story confirming that, from Google's latest release of its Chrome browser, they would be doing more to highlight websites that did not run in https mode throughout.
- Google applies further pressure on unencrypted websites (August 2017)
- Google Chrome and Firefox highlight unencrypted websites (April 2017)
Google are now preparing for the next stage in their plan to persuade everyone to adopt HTTPS encryption for all web pages.
Currently, any web page that does not itself collect information on a form from a user will simply display an exclamation mark. From July 2018, with the release of Google Chrome version 68, that exclamation mark will be followed by the text "Not secure".
Building websites to always run in encrypted mode has been standard practice since early 2016 and older sites generally only switch to encrypted mode when transmitting sensitive information (such as a login user id or password). This was normal practice at the time.
In April 2017, we highlighted five well-known websites that were not running with always-on encryption. By August, only one of them had moved to forcing encryption. As of June 2018, all of them now enforce encryption.
Google is only one producer of web browsers (albeit a well-known one) and it remains to be seen how much effect this latest announcement will have but, with more and more popular websites running in secure mode throughout, it is likely that more users will start to notice the sites that are not.
In line with our previous news stories, our policy remains that we strongly recommend that all of our customers move their websites to an always-on encryption mode. This may or may not be straightforward, depending on a number of factors, such as the age of the site and how you have added in content (such as images and video) via the CMS.
Discover more: https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html
