Google has announced that Google Chrome will begin marking any page with a password or credit card field as insecure if the page is not on HTTPS.  The change is scheduled to go live in January 2017, when Chrome version 56 launches.

The biggest impact of this will likely be forums and other user generated content sites, many of which are still on HTTP.   This will also impact sites that have password fields via widgets, such as allowing a user to login via Facebook or Google.

It will only impact the specific pages with password or credit card fields.  So it will not flag the entire site as insecure.  I suspect many will be more conscious of where the logins are located on sites, since many insecure sites have login areas site-wide.

For site owners, this could have an impact on bounce rate and pages per session, as some visitors might feel more uncomfortable on some sites when Google is deliberately flagging it to show insecure.

Google also reiterates that they plan to eventually mark all non-HTTPS as not secure, although they haven’t yet given a timeline on when this will happen.

This isn’t a surprise, and Google has actively talked about changes coming to Chrome to help make users more aware of when a site is insecure. Google has been pushing for sites to go HTTPS for a couple of years now, in a push to make the web more secure, and there is also an associated minor ranking boost for sites that to go HTTPS.

For those looking to switch their sites to HTTPS, there are free certificates available via Let’s Encrypt and they also have a help section within Google Search Console.