As of the next update to Google’s Chrome browser, (version 56) which will release by the end of this month, and the newest version of Firefox, browsers will warn users when entering password details on a page which is not served via HTTPS.
It won’t prevent people from entering their details on non-secure sites, but they will be alerted in the site they are visiting does not use an encrypted connection.
An HTTPS connection (with the “S” designating “secure”) ensures that the user is reaching the correct site, and prevents malicious hackers from intercepting and impersonating the destination site, which is possible over the standard “non-secure” HTTP connection.
Credit Cards & Passwords
With their next update, Chrome & Firefox will notify users when a site requesting either log-in details, or credit card information, is not secure. Eventually, Chrome will always alert users when using an unsecured connection, although in most cases, this should only be a concern if the site is collecting information from you.
HTTPS Ranking Factor
An HTTPS connection has been a minor ranking factor in Google’s search algorithm since 2014 already, although never a significant one, and this latest update is simply the next move in a push to encourage all sites to secure themselves.
The number of sites using HTTPS has increased significantly since the announcement that Google would treat a secure connection as a positive signal in terms of ranking search engine results, with more than half of pages loaded in Chrome now apparently being secured.
Should You Encrypt?
Apart from it being a ranking factor (again, a small one), it’s still never a bad idea to have your site reached via secure connection. Security is almost always a good thing.
And certainly if you’re collecting personally identifiable or sensitive information from visitors or users, it should go without saying that you need to protect them, and their data from any possible misuse.
If your site is purely an informational one, it’s not really essential, but eventually Chrome (and other browsers will likely follow suit) will be “warning” people that your site isn’t secure, even if you’re not using ecommerce or member log-ins. And while some people will know the difference, and others won’t care, there’s no doubt that warnings will scare some users off, even if there’s no reason for them to be concerned.