In January 2017, with the release of Chrome 56, a “Not secure” message presented on pages with password and credit card form fields that are not protected with an SSL/TLS certificate.
Google does not plan to stop there. In a to-be-announced release, Chrome will not show the circle-i, but will show the red triangle for all HTTP pages. This is the same indication that is provided for broken HTTPS sites and will further stress the “not secure” message.
Website owners and administrators need to consider Always-On SSL or the HTTPS Everywhere concept. Now HTTPS will provide the following advantages:
- Security to all websites and pages regardless of content
- Mitigate known vulnerabilities such as SSLstrip and Firesheep
- Provide browser user privacy
- Higher search engine optimization (SEO) for Google
- Higher trust indication with a green lock icon and no “Not secure”
In a similar fashion, Mozilla Firefox :
Firefox will display a grey lock icon with a red strike-through in the address bar, when a login page you’re viewing does not have a secure connection. This is to inform you that if you enter your password it could be stolen by eavesdroppers and attackers.
Starting in Firefox version 52, you will also see a warning message when you click inside the login box to enter a username or password.
With proper installation of an SSL/TLS certificate, the “not secure” warning will disappear and be replaced by a green lock icon. Then the answer to the above questions will be “Yes, the site is secure.”