The meaning behind Google Search Console’s “NOT SECURE” messages
When you are logging into your website’s Google Search Console profile, you may have begun to see a message which starts with the greeting ‘To owner of [your website’s domain name]’ and then is followed by:
This message relates to work that the Chrome Security Team has been looking into since the start of the year, to improve how the Chrome system communicates the connection security of HTTP pages.
In January, for instance, the Chrome Security Team made a change in Chrome 56, to mark any HTTP pages which collected passwords of details of credit cards as non-secure due to their particularly sensitive nature.
The idea is that Chrome users will be provided with a helping hand to browse the web in a safer manner, with the team explaining in a post on the Google Security Blog: “Studies show that users do not perceive the lack of a “secure” icon as a warning, but also that users become blind to warnings that occur too frequently. Our plan to label HTTP sites more clearly and accurately as non-secure will take place in gradual steps, based on increasingly stringent criteria.”
According to Emily Schechter, of the Chrome Security Team, the fraction of navigations to HTTP pages which contain password or credit card forms on desktop has dropped by 23 per cent since the Chrome 56 change was implemented.
The reason why you may be seeing more of the messages detailed in the introduction to this post is that the Chrome Security Team is now putting the final touches into its next step towards more connection security; deemed version 62 Chrome. As a result, Chrome will also begin to display the “Not secure” warning both when users begin to enter any data onto a HTTP page, and also on any HTTP page which is visited during Incognito mode from October.
Explaining the move, the Chrome Security Team explained that any type of data that users input into websites should not be accessible to others on the network — not just passwords and credit card details.
It’s important to be aware that the Chrome Security Team’s eventual plan is to have all HTTP pages displaying a “Not Secure” message, making now the perfect time to move to HTTPS. Need some help improving your website? Mediaworks is ready to assist, so contact us with your enquiries today.