Starting with Chrome 56 (due out in January, 2017) users will be able to browse online with more peace of mind. Any sites that transmit passwords or credit card details over HTTP will be clearly marked as non-secure. The introduction of this security measure is just the beginning of a long-term plan to mark all HTTP sites as non-secure.
Emily Schechter of the Google Security Team writes:
“Chrome currently indicates HTTP connections with a neutral indicator. This doesn't reflect the true lack of security for HTTP connections. When you load a website over HTTP, someone else on the network can look at or modify the site before it gets to you.”
Google highlights that studies “show that users do not perceive the lack of a 'secure' icon as a warning, but also that users become blind to warnings that occur too frequently.” For this reason, Google only wants to more accurately mark sites over HTTP as non-secure. In later releases, Google plans to extend HTTP warnings.
The web giant, starting with Chrome 56, will mark password or credit card form fields as 'not secure' if the site is delivered over an HTTP connection. In upcoming releases, HTTP warnings will be shown in Incognito mode where users expect more privacy. In the long-term, Google wants to label all HTTP pages as non-secure, and change the HTTP indicator to the red triangle that's currently used for broken HTTPS connections.