Today, the latest update to Google’s Chrome browser, (Version 68), racks up the pressure on website owners to implement TLS/SSL encryption by default. Any website which does not will now display a ‘Not Secure’ warning. http is no longer acceptable.
Google and others have stated categorically that protecting all users of the internet by enforcing secure communications between users and publishers of web sites by default is one of the most important ways to improve the reliability and integrity of the web in general.
The use of digital certificates by web sites is therefore seen as a must, and encouragingly, the figures for the % of traffic using HTTPS is growing at a steady rate. You can view Google’s latest figures in their Transparency Report.
The changes that Google have made to Chrome over the past few releases have been to highlight whether or not the site being browsed is using SSL encryption, and if there are problems or issues with the encryption or the certificate(s) used to implement it. (recall the SHA-1 issue last year).
With this new version, 68.0.xx, when encountering a site that doesn’t use HTTPS but remains with HTTP (i.e. not encrypted), it will display an unambiguous warning in the address bar, clearly stating that the site is not secure.
The use of digital certificates by all web sites must now seen as mandatory. Website owners and publishers should implement SSL/HTTPS encryption on all of their websites now.