Later that same year, Chrome started showing the same alert for resources delivered over the FTP protocol. In 2017, Chrome started labeling sites that transmit passwords or credit cards information over HTTP as “Not secure”. In 2014, the company started prioritizing websites using HTTPS in Google Search results. Google’s push towards HTTPS and blocking mixed contentįor many years, Google has been working on making HTTPS the standard for any and every online action. Simultaneously, Google encouraged developers to fully migrate forms on their site to HTTPS to protect their users. “Chrome’s password manager helps users input unique passwords, and it is safer to use unique passwords even on forms that are submitted insecurely, than to reuse passwords,” Panditrao explained the rationale for that exception. Google is also planning to disable the autofill feature of the browser’s password manager on all mixed forms except login forms (forms that require users to enter their username and password). The submission of the info will be temporarily blocked and it’s on users to decide if they want to risk it and override the block to submit the form anyway.
The last warning will be especially impossible to miss, as it will be shown on a full page: We saw that users found this experience unclear and it did not effectively communicate the risks associated with submitting data in insecure forms,” Shweta Panditrao, a software engineer with the Chrome Security Team, explained. “Before M86, mixed forms were only marked by removing the lock icon from the address bar. The browser will show a warning when a user begins filling out a mixed form (a form on a HTTPS site that does not submit through an HTTPS channel) and when a user tries to submit a mixed form. Entering information into and submitting it through insecure online forms will come with very explicit warnings in the upcoming Chrome 86, Google has announced.
0 kommentar(er)
