Skip to main content

Lock it Down: Google Pushes HTTPS With Chrome Warnings

(Image credit: Google)

Google is pushing website operators to use HTTPS by warning Chrome users that sites that use HTTP aren't secure. Right now the warning is gray, so many people might not see it at first, but in October the company plans to use the same red warning used for sites with serious flaws.

Anyone who's used Chrome's built-in Incognito mode will be used to this warning. The browser started marking sites that use HTTP as insecure back in October 2017; now that same warning is making its way to the base version of Chrome. It made sense for the change to debut with Incognito, as many of the people using that mode really want their connections to be at least moderately secure.

Bringing this warning to Chrome proper signals Google's intent on making HTTP all but obsolete for anyone who uses its products. Although many people might not bother to learn about HTTPS, chances are good that they'll be wary of websites their browser says are insecure, especially as  security blunders continue to make headlines. You can't claim ignorance of the risks of using a site if Chrome warns you every time you visit it.

This is just the latest of Google's efforts to encourage the use of HTTPS. The company also started to show HTTPS-secured websites higher in search results in 2014, and in 2015, it prioritized the indexing of HTTPS sites to automatically send people to them instead of their HTTP counterparts. Since many people use Google to get around the web--even if they know the site they want to visit--those changes mattered.

Yet even Google has admitted that using HTTPS doesn't always mean a website has the best security practices. The company will stop marking HTTPS websites as "secure" in Chrome 70, the same version that will introduce the more prominent "not secure" warning. This shift means that using HTTPS is no longer enough to get the company's seal of approval; now it's just the bare minimum expected of website operators in 2018.