September 25, 2017
Chrome currently issues a “Not secure” browser warning for pages accepting password and/or credit card data that are not protected by HTTPS. The release of Chrome 62 due in October 2017 extends the “Not secure” warning to include any non-HTTPS page that accepts data from website visitors. In addition, these pages will also show “Not secure” when visited by users in Chrome Incognito mode to protect these users who are considered to use this mode as a security baseline.
With an anticipated release date of October 17, 2017, domain owners still have a few weeks to encrypt any sites that should be protected that might otherwise prevent users from entering their website.
Website owners and administrators need to consider the Always-On SSL concept to provide the following advantages:
Google states that, “Eventually, we plan to show the “Not secure” warning for all HTTP pages, even outside Incognito mode.” The big word ALL should encourage all domain owners to execute on a plan to encrypt all sites with an SSL/TLS certificate to avoid disruptive user experiences.
By Bruce Morton, Director, Certificate Technology & Standards
Bruce Morton has worked in the public key infrastructure and digital certificate industry for more than 15 years and has focused on SSL and other publicly trusted certificates since 2005. He has been an active member of the CA/Browser Forum that released guidelines for extended validation (EV) certificates and Baseline Requirements for SSL certificates. Bruce oversees the governance and compliance of Entrust’s publicly trusted PKI.