Google Search Console warns of nonsecure collection of passwords with upcoming Chrome browser release

Have a login form on an HTTP URL? You will need to switch it to an HTTPS URL if you want to avoid security warnings in Chrome in January.

Chat with SearchBot

google-https1-ss-1920

This morning, Google began sending out notices through the Google Search Console to websites that have login and password fields on pages that are not over HTTPS. The notification says nonsecure Collection of Passwords will trigger warnings in Chrome 56 for domain.com.

Chrome 56 in January will issue a security warning for web pages that have these login fields without serving them on a page that is over HTTPS. The message reads:

Beginning in January 2017, Chrome (version 56 and later) will mark pages that collect passwords or credit card details as “Not Secure” unless the pages are served over HTTPS.

The following URLs include input fields for passwords or credit card details that will trigger the new Chrome warning. Review these examples to see where these warnings will appear, and so you can take action to help protect users’ data. The list is not exhaustive.

Google also posted about this on Google+ and wrote:

From the end of January with Chrome 56, Chrome will mark HTTP sites that collect passwords or credit cards as non-secure. Enabling HTTPS on your whole site is important, but if your site collects passwords, payment info, or any other personal information, it’s critical to use HTTPS. Without HTTPS, bad actors can steal this confidential data. #NoHacked

nohacked2016_post2_g-1

Google has been pushing sites to go HTTPS for some time now, including giving a ranking boost to pages with HTTPS URLs.

Here is a copy of the notification:

google-nonsecure-collection-passwords-chrome-1482846162


About the author

Barry Schwartz
Staff
Barry Schwartz is a Contributing Editor to Search Engine Land and a member of the programming team for SMX events. He owns RustyBrick, a NY based web consulting firm. He also runs Search Engine Roundtable, a popular search blog on very advanced SEM topics. Barry can be followed on Twitter here.

Get the must-read newsletter for search marketers.