Google Warns of Non-Secure Password Collection

Google is sending messages through Search Console about making sure websites' login capabilities are served over HTTPS on Chrome. 


Beginning in Jan. 2017, version 56 and later of the Chrome browser will begin marking pages that collect passwords (or credit card details) as "Not Secure" unless the pages are served over HTTPS.



Google is notifying webmaster about specific URLS that include input fields for passwords or credit card details that will trigger the new Chrome warning (although the list is far from exhaustive), and is suggesting that webmasters review them so action can be taken to protect users data. 


The warnings/notifications are just the first step in Google's long-term plan to mark all pages served over the non-encrypted HTTP protocol as "Not Secure". 


There are two solutions to avoid having your users see and experience the warning. The first is to switch the site over to HTTPS completely and the second is to link to an HTTPS secure page that lets users login there.