How Chrome & Firefox Will Change the Treatment of HTTP Pages that Collect Passwords
In January of this year, (2017) Chrome & Firefox will begin showing ‘non-secure’ symbols in the address bar of HTTP pages that request that include a user login. Chrome will also add the notation on pages that capture credit card information; a warning that is already in place in the most recent version of Firefox. While these changes will not have a direct impact on search engine rankings (mobile or otherwise), they could have a significant indirect impact on secondary SEO signals like site engagement, bounce rate, and time on site. They could even hurt Pageviews-per Visit and site conversions, if the impact on the site is widespread.
Historically security notifications have focused only on pages that collect credit card information, so this increased focus on pages that collect login information is relatively new ground. Only about 25% of the web has made the transition to HTTPS so that leaves many HTTP pages potentially affected; especially if they have site-wide login functionality in the page templates. Google has been strongly recommending sites move to HTTPS for over a year, and even created a slight algorithmic ranking boost for sites that do, to incentivise the change. This round of browser updates puts a finer point on the need for websites to update, so that they can continue to build trust and safely engage with their users.
What to Expect
Chrome 56 HTTPS Updates
The current desktop Chrome browser is Chrome 55, so the version that will launch later this month is Chrome 56. Chrome is set to auto update by default and it actively checks for updates from Google every 5 hours, so you can expect most visitors to be running Chrome 56 shortly after it launches. Chrome 56 will add a gray “Not Secure” message in the address bar, ahead of the url on all HTTP pages that include login functionality