Our Blog

Chrome to Signal Insecure Forms

At the beginning of this year (2017), Google rolled out a new version of its Chrome browser that took it one step closer to a secure internet. The new version of Chrome (version 56 at that time) marked non-https pages that had password or credit card fields as “Not secure”. What they found was that there was a 23% reduction in users going to non-https pages with a password or credit card field. What this tells us is that visitors are now looking to Chrome’s warning to help it decide whether to proceed to a page or not.

In October this year, Google is rolling out another Chrome update that will take this one step further. In the upcoming Chrome version 62, the browser will now label all pages with text input fields as “Not secure” if it is not https. Google has done this because they believe that passwords and credit cards are not the only information that should be secure when transmitted from a browser to a web host. They believe all information transmitted should be private and therefore encrypted.

Below is how URL bars will be displayed in Chrome come October.

Note that when browsing in incognito mode, an user is expected to have complete privacy, no matter the page. Therefore, Chrome will now label all non-https pages as “Not secure” when an user is in incognito mode.

What does this mean for you? Nothing if your site is already encrypted with a SSL certificate. If it hasn’t been, it will mean that any page with a form field in it will show the “Not secure” label and could potentially reduce the number of visitors likely to complete your contact, quote request or email subscription forms.

You could overcome this by removing forms and inserting an email address. However, this will allow spammers and scrapers to get your email address onto their lists and bombard you with unwanted spam. What Google are wanting you to do is to purchase an SSL certificate and apply it to your form pages (or the entire site) so that it makes it secure for users.

What’s the process for getting https applied to your website? It is as follows:

1. Get a Certificate Signing Request (CSR) from your website host.
2. Purchase a SSL certificate from a reputable Certificate Authority (CA). You will then need to provide them with the CSR.
3. Go through the validation process. The SSL issuer will need to validate certain details before issuing the SSL certificate. The validation process will depend on the level of the SSL certificate you purchase. Basic SSL certificates may only require domain validation and then instantly issue you with the SSL certificate.
4. Once SSL certificate is issued, your web host will need to apply it to your website.  Your website will need to be updated to use https instead of http where appropriate.

If you need help doing this, let us know and we will manage the whole process of getting the SSL certificate issued to implementation on your site. If you have any further questions, don’t hesitate to get in touch.

• Comments (0)
• Trackbacks (0)
• Permalink

Michael Lam

Co-founder of Cornerstone and web junkie, Michael knows just how to diagnose your online problems and remedy the issue. An online enthusiast who believes in technology as an enabler of growth, Michael worries about all the details so you don't have to.