Chrome, the browser belonging to web giant Google, is releasing a new update that will present users with two new warnings when they are about the submit data to insecure forms that use the HTTP protocol.
Google Chrome 86 will begin the crackdown on forms using this insecure protocol and in the meantime is urging publishers to review their sites and ensure that all contact forms are being transmitted using the more secure HTTPS protocol.
The updated Chrome is due to be released worldwide on 6th October this year. However, a beta release has been scheduled to begin in two weeks, commencing on 3rd September.
Google is making this change to communicate to users the risks that are associated with mixed form submissions. It will highlight that users will be transmitting information in a way that can cause it to be seen by unauthorised third parties.
The Chrome autofill feature will no longer work on insecure forms, but it will still work for passwords. Google will begin to show a warning to users filling in insecure forms. An example shows that this will be in red text reading:
“This form is not secure. Autofill has been turned off.”
A user can still choose to ignore this warning. However, when the submit button is clicked, they will be presented with a second warning that will block them from submitting the form. This warning will force the user to understand that they are using an insecure form and will present them with an option to ‘Go Back’ or to ‘Send Anyway’.
This new form security is an escalation of warnings that already exist. For sites that are still using HTTP, there is a broken lock icon displayed in the address bar, along with a warning that the site is insecure.
Websites should now be using the HTTPS protocol, which requires an SSL certificate to be installed on the site to ensure its security. Sites that continue to operate on the HTTP protocol will see more users going elsewhere. If the forms are still using this protocol and users are seeing these warnings, should the form be associated with sales and lead generation, then it could see that company lose potential business and sales, highlighting the importance of using the secure protocol.
If you need support with this aspect of your website, or any other part of your web strategy, then get in touch with the team at Engage Web and see how we can help you.