Blog

Non-Secure Collection of Passwords will trigger warnings

Starting over the Christmas period, Google started sending out messages to webmasters that collect ‘Passwords and credit card details’ on pages that are not secure.
The update would refer to Google Chrome 56 which has started to roll out from today in the UK and the fact that if you collect data on an insecure page, then the browser will warn the user.

secure websites

What Does This Mean

From the warnings we have received, we have been given example pages that contain:

Call Back Forms
Newsletter Signups
Contact / Enquiry Forms
Collecting emails to allow PDF downloads

Google does say in its warning their list is not exhaustive, but we have found their warnings to be fairly blanket across any input fields.
In reality now Chrome 56 has been released, we are only currently seeing the warning on pages that are asking for a password.

secure websites

What it means, is that if you do not use an SSL certificate site-wide, then your customers will be told you are not a secure website which will be a bad reflection of your business and trade.

We have been pushing for site-wide SSL use for a while now at Digital Next; this is a further push from Google. In the future, I would expect Google to take this a step further. At the moment Google are saying passwords should be encrypted when transmitted across the internet which I agree with 100%, but why stop at passwords? Why shouldn’t a user want their email addresses, or the problems they are writing down in contact forms to be kept private? I believe in the coming months and in the updates to Google Chrome, they will tighten security warnings and include all input fields.

Why Are They Doing This?

Google have, for a few years now, been trying to push towards a secure web. It really started many years ago when they stopped reporting on keywords stating data protection.

Since then, online privacy has become a huge topic, with governments demanding access to everything and I’m sure the tech giants have demands put on themselves. A secure web means nothing can be snooped on. All communications between user and web server are completely private, which is what Google are pushing for.

For Google to achieve a secure web, they will need to force webmasters to invest and put the work in their websites to make it secure. They are currently doing this by making secure pages preferable in search results and by labelling websites as insecure. Webmasters will not want to risk losing business, so they will inevitably fall into line.

Once Google take this stance and Chrome implement this change, then it won’t be long before other browsers follow suit and within the next 12 months, I believe Google will achieve their goal and the majority of websites used will be completely secure.

What Do I Need To Do

In short, make your website secure! We have been making this recommendation for a while now, but I would now say it needs to be higher up on a website’s ‘To Do’ list.

Firstly, you need an SSL certificate. This can be arranged by your hosting company in most instances. There is a cost, but it’s certainly worth it to stop your customers being told they are using an insecure website because you have a newsletter form.

Secondly, you need to ensure that all assets on your website are loading trough a secure URL. This means all JavaScript and CSS files, all images and PDF links need to be loading through https. If you link to external resources or JavaScript libraries, then ensure these links are also secure. If you have an SSL certificate and you have an asset that loads insecure, then the whole website is classed as insecure.

Thirdly, don’t panic! If you’re not sure what you should be doing, then just ask. Google move the goal posts on a regular basis; this time it’s one of the larger changes which is identified by Google sending out messages. They don’t do this for insignificant change. For any extra advice, or help on ensuring your website is performing to its optimum, get in touch with us today.

Get in touch to find out how we can help you unlock the potential of your business.

0

websites launched

0

Page 1 Keywords

0

revenue generated for clients

0

high da links live

0

cups of tea