Google announced last week that on they will be releasing an update to their Chrome web browser on the 17th of January 2017, which will begin to display a warning on any website running under http as “not secure”. This is the opposite to the current standard of indicating that a site is secure if it’s running under https. They are rolling the changes out in a phased approach but eventually all sites that aren’t running under HTTPS will end up with a warning, but initially it will only apply to insecure form fields.
This will certainly get the attention of user’s and website owners, which is without doubt the intention of the change. This change is essentially forcing the hand of webmasters to get themselves a certificate.
For years now Google have been pushing for “https everywhere”, even offering incentives such as boosting search ranking of secure websites. The biggest sites in the world have certainly got the message, but at the smaller end of town it’s an additional inconvenience and of course cost. There are plenty of good reasons why we should all be using HTTPS so it looks like if you’re not on HTTPS already, it’s time to start making a migration plan.