Last month, Google sent out this message:
“Starting October 2017, Chrome (version 62) will show a “NOT SECURE” warning when users enter text in a form on an HTTP page, and for all HTTP pages in Incognito mode.
The following URLs on your site include text input fields (such as <input type=”text”> or <input type=”email”>) that will trigger the new Chrome warning. Review these examples to see where these warnings will appear, so that you can take action to help protect users’ data. This list is not exhaustive.”
Now is the time to start thinking about your web site and what you can do to be ready.
If your web site has any forms on it including a login block, then you need to get ready. It used to be difficult and expensive to maintain a certificate on a web site. Fortunately that is no longer the case. Certificates come in multiple flavors. The most basic cert is called a “domain validation” certificate. It only assures that the originating server domain matches the cert. It makes no claims about the identity of the web site. It does provide a secure connection to protect the content of your visit to that web site from prying eyes including your ISP and that guy at the next table at Starbucks.
Having a more secure web benefits everyone to raise the bar on what we consider acceptable security. I expect the other web browser companies to follow suit. To meet that challenge we have new services like LetsEncrypt and CloudFlare. Check with your hosting company to see if they are available for you.