Logging in over HTTP is bad – And Google wants you to know it
Google Chrome Security has announced that in a future release of Chrome (version 56), websites that are not secured for login pages will be flagged.
This means that in future releases of Chrome you will see a change in the address bar like this:
And eventually, Chrome will show:
This is not the first time Google has made a move to favor SSL protected sites over their non-ssl counterparts. In August 2014, google said it would factor in SSL in its page ranking, and has since been a recommendation by many SEO companies.
With tools like packet sniffers, any data sent over HTTP is susceptible to being captured. This includes passwords, usernames, personal contact information and even credit card details.
Sending sensitive information over plain HTTP isn't just a bad idea, it also violates many security standards, including PCI Compliance.
And while HTTP/2 has loosed some of its encryption requirements, at the time of writing this, all browsers that support HTTP/2 require TLS1.2 to take advantage of the performance gain.
It was once cost prohibitive to install an SSL Certificate, requiring a dedicated IP address and a purchased SSL certificate from one of the trusted providers like Comodo or Digicert. Now, with technology enhancements like SNI support and Let's Encrypt having an SSL is just a matter of know-how and taking the time to do it.
At AnHonestHost, we make it even easier to install SSL not only for your website, but your mail and FTP services as well with the Let's Encrypt cPanel module, included free with every hosting plan.