HTTPS Mandatory for Collecting Sensitive Information after January 2017
Currently, website owners can have HTTP or HTTPS versions for their websites. Having an HTTP website didn’t affect them. However, HTTPS websites did have an advantage over HTTP websites.
However, as per a recent announcement by Google, HTTPS will be mandatory for website owners who are collecting sensitive information. Otherwise, after January 2017, Google Chrome will start marking websites that collect passwords and credit card information as “insecure” if they don’t have HTTPS.
As per Google’s announcement:
“Enabling HTTPS on your whole site is important, but if your site collects passwords, payment info, or other personal information, it’s critical to use HTTPS.”
It’s not entirely clear how this is going to affect an HTTP website, but by the looks of it, we speculate that it is going to turn out something like this:
If a website collects sensitive information, HTTPS will be critical. In addition, even if a single webpage collects sensitive information, site wide HTTPS will be mandatory. Otherwise, because of just one page collecting information, the entire page can be deemed insecure.
The important thing to note here is that Google Chrome is going to mark those websites unsafe — not any other browser. While other browsers will more likely follow suit, that’s not the case at the moment. However, Google Chrome currently holds 55% market share for desktop and mobile devices. So an HTTP website will be losing more than half of the market share.
That makes it serious.
In short, if you have a website — or even a single webpage — that collects sensitive information like credit card payment info or passwords, it needs to be on HTTPS.
If you have an HTTP website, it will be deemed insecure and unsafe by Google Chrome after January 2017. And that is likely to be translated in fewer traffic visitors and lesser profits.