Negative Indicators are now appearing.
We are now at a point of no return and witnessing something quite remarkable. You may have an idea what we are talking about but if you don’t it’s time time to sit up and take note.
On July 24th Google Chrome (the most popular website on the planet) will flag every website that does not have SSL/TLS encryption, but wait I hear you ask what does this mean for me?.
Quite simply put your website will be penalised by the introduction of negative security indicators (will explain this in a second) and no one wants that to happen.
So, why is Google doing this?
Google can almost do what they like (and probably will) however Google is now cracking down on all websites that are not HTTPS and believe that the web user should expect a secure web experience (HTTPS by default) and HTTP websites with no SSL visible should be reprimanded.
This is what Emily Schechter posted on Chrome’s official blog:
“Users should expect that the web is safe by default, and they’ll be warned when there’s an issue. Since we’ll soon start marking all HTTP pages as “not secure,” we’ll step towards removing Chrome’s positive security indicators so that the default unmarked state is secure.”
To put this all in simple words, websites needed some incentivization from browsers so that the usage of HTTPS could proliferate. But now that HTTPS is close to becoming a standard, Google feels no need for such incentives in the form of positive indicators and will now be turning to negative security indicators instead.
So, no more padlock?
Ultimately, Google aims to establish HTTPS as a norm, and the way it’s going to do is not attaching any positive signs pertaining to HTTPS or encryption and penalizing the exceptions (HTTP sites). So, the “Secure” text and the padlock sign will soon be a thing of the past. With the launch of Chrome 69 in September 2018, the “Secure” text will be gone. The next step would be removing the padlock sign that will mark a milestone in establishing HTTPS as a norm.
Chrome 70, to be released in October 2018, is set to make this warning even more negative—more noticeable in other terms.
After the introduction of Chrome 68, when every HTTP site will be marked as “Not Secure,” Google will need some other negative security indicator when one types in something on an HTTP page as the “Not Secure” sign is there as a default. This will be done with the cunning use of the color red.
Here’s how it looks:
As you can see, the red warning is much angrier than the current one—behold, the power of red.
So What Do You?
The big indicator here is change your website to HTTPS and invest in SSL you can get them from Let’s Encrypt (they are free) however they do require some work to install and validate them.
At this point our insider information indicates there are further changes coming, if you gear up your website now to accept these changes the others will be less stressful down the line.
We suggest you talk to your web developer or talk to us and we can guide you through the changes you need to make.