A Google Chrome update slated for Jan. 2017 will warn users against entering personal data such as passwords and credit card numbers on web sites that don't follow the HTTPS protocol for data encryption. While Chrome cannot forbid users from accessing HTTP sites, the web browser can advise them against doing so by marking them to be non-secure.

"Chrome currently indicates HTTP connections with a neutral indicator," wrote Emily Schechter, the Chrome Security product manager, in a blog post. "This doesn't reflect the true lack of security for HTTP connections. When you load a website over HTTP, someone else on the network can look at or modify the site before it gets to you."

Come January, users of the currently unreleased Chrome 56 will notice a grey “Not secure” warning on HTTP pages that transmit credit card information and passwords.

Google-Chrome-56-Update-Encryption-HTTPS Come January, users of the currently unreleased Chrome 56 will notice a grey “Not secure” warning on HTTP pages that transmit credit card information and passwords. Photo: Google

The next step will be implementing the labelling of non secure pages in Incognito mode and later, marking all unencrypted sites with the red triangle icon it uses to reflect a broken HTTPS.

Google-Chrome-Update-Encryption-Warning-HTTP Eventually, all unencrypted sites with the red triangle icon it uses to reflect a broken HTTPS. Photo: Google

What’s the difference between HTTPS and HTTP? It all boils down to encryption—or lack thereof. HTTPS—short for HyperText Transfer Protocol Secure—ensures that any data exchanged between a user’s browser and website is encrypted. This is imperative for preventing hackers from getting access to sensitive information. HTTP sites, on the other hand, do not offer encryption.

As for Google's decision to roll out small changes, Schechter explains that the company will be strategically taking “gradual steps” since studies have found that users “do not perceive the lack of a “secure” icon as a warning” and suffer from “warning fatigue,” which is when they become immune to warnings after being exposed to them too frequently.  

Last December, Google gave websites incentive to transition to HTTPS by prioritizing HTTPS pages over HTTP sites. Now, Schechter reveals that over half of the page loads on Chrome are over HTTPS.

“We definitely do plan to label all HTTP pages as non-secure eventually,” Schechter told Motherboard. “We really wanted to be careful about it and we wanted to get it right.”