Recent studies show that users are not perceiving the lack of a “secure” icon as a warning, but that users also become blind to warnings that occur too frequently. In September 2016, Chrome’s security team announced their plan to label HTTP sites more clearly and accurately as non-secure. Firefox was the first browser to warn users by default when entering credentials on HTTP pages (Firefox 44), however, Ryan Feeley, a user experience designer at Mozilla Toronto, provided a preview of the update coming for Firefox 52 on Twitter.

Beginning in January 2017 with Chrome 56 and Firefox 51, HTTP pages that collect user credentials, passwords or credit cards will be marked as non-secure, this is part of a long-term plan to mark all HTTP sites as non-secure.

Google Chrome treatment of HTTP pages with password or credit card form fields

Chrome 53 vs Chrome 56 not secure warning

In Firefox 52, the warning will become much more visible. Named the “contextual warning”, it will appear directly below a field when a user begins to interact with that element. This display is important for direct security feedback and visibility to the user.

Upcoming Firefox 52 security warning

Upcoming Firefox 52 security warning

In following releases of Chrome, Google plans to continue to extend HTTP warnings, for example by labeling HTTP pages as “not secure” in Incognito mode, where users have higher expectations of privacy. Eventually, Chrome’s security team plans to label all HTTP pages as non-secure, and change the browser address bar security indicator to the red triangle that is currently used for broken HTTPS.

Google Chrome's planned HTTP security warning

Google Chrome’s planned HTTP security warning

At My Brother Darryl, we are excited to see these much-needed browser security changes. We have always taken our user’s personal information very seriously, whether they are interacting with your contest or website. We will continue to publish updates on these browser plans and others as they are announced and released in the future.

If we don’t manage your site, don’t wait to get started moving to HTTPS. HTTPS is easier and cheaper than ever before and enables both the best performance the web offers and powerful new features that are too sensitive for HTTP.

Visit our latest blog post on how Google Chrome is rolling this out.

Do you need help moving your site to HTTPS? Contact us today for a FREE consultation.

Leave a Reply