Google is changing the way it indicates secure and insecure websites in Chrome. It’s a measure of https:// becoming more of a norm.
The changes affect the description of the site in the address bar. Right now, https:// pages come with the traditional padlock and the word “Secure”, both highlighted in green. That policy’s been in place for a while, partly stemming from a time when a site being secure was worthy of mention and partly to make it easier and quicker for people to take a glance to double-check before typing sensitive data into a site.
That system is getting flipped around over three upcoming Chrome releases:
July’s version 68 of Chrome will add a “Not secure” label for all http sites, written in the same black text as the address bar itself.
September’s version 69 will remove the “Secure” label from https:// sites, the logic (or hope) being that such sites will be too common to be worth emphasising. The traditional padlock icon that’s a feature of most browsers will still be displayed though at some point Google plans to drop it.
October’s version 70 will add the words “Not secure” to all http sites along with an information icon (an “i” in a circle.) If users type any data into a form, the words “Not secure” will turn red and the information icon will be replaced by a warning icon (a white exclamation mark in a red triangle.)
Google says this was always the end goal but previously so many sites have been on http:// that it would risk undermining the effectiveness of a warning.
There’s no word yet on if and when Google will have the red text and warning icon shown by default simply because a page is http:// or if it will continue to reserve this most visible warning for sites collecting data through forms.