Google today continued its campaign to tighten the screws on unencrypted web traffic as it outlined the next steps it will take with Chrome to warn users of insecure connections.
Starting with Chrome 56, which is currently scheduled to ship in stable format on Jan. 31, 2017, the browser will mark sites that transmit either passwords or credit card information over HTTP connections as “non-secure.”
The move will be “Part of a long-term plan to mark all HTTP sites as non-secure,” Emily Schechter, a product manager in the Chrome security team, said in a post to a company blog Thursday. The plan, Schechter continued, “will take place in gradual steps, based on increasingly stringent criteria.”
At some unspecified date down the road, Chrome will mark all HTTP pages with a red-for-danger icon that currently is used to signal broken encryption.
Google has been pushing sites to switch to encrypted-only connections for years, and stressing the importance of HTTPS to users for just as long. In 2014, for instance, it removed the option to disable HTTPS in Gmail.
Today, Schechter touted Google’s success in the effort, saying that over half of all page loads on the desktop versions of Chrome are now served via HTTPS.
Chrome 56, set to ship at the end of January 2017, will take the first of several steps Google has planned to warn users when they’re connecting to sites over unencrypted connections.