Google search console has started sending out about Chrome 56 marking pages that collect passwords or credit card details as “Not Secure” unless the pages are served over HTTPS. From January 2017, Chrome will trigger security warnings for web pages that collect passwords and are not served over HTTPS.
Here’s what the mail reads:
Nonsecure Collection of Passwords will trigger warnings in Chrome 56 for
To: owner of
Beginning in January 2017, Chrome (version 56 and later) will mark pages that collect passwords or credit card details as “Not Secure” unless the pages are served over HTTPS.
The following URLs include input fields for passwords or credit card details that will trigger the new Chrome warning. Review these examples to see where these warnings will appear, and so you can take action to help protect users’ data. The list is not exhaustive.
The new warning is the first stage of a long-term plan to mark all pages served over the non-encrypted HTTP protocol as “Not Secure”.
Here’s how to fix this problem:
Use HTTPS pages to collect sensitive information
To prevent the “Not Secure” notification from appearing when Chrome users visit your site, move collection of password and credit card input fields to pages served using the HTTPS
Google also posted on Google+: From the end of January with Chrome 56, Chrome will mark HTTP sites that collect passwords or credit cards as non-secure. Enabling HTTPS on your whole site is important, but if your site collects passwords, payment info, or any other personal information, it's critical to use HTTPS. Without HTTPS, bad actors can steal this confidential data. #NoHackedGoogle Search Console Notifies Nonsecure Collection of Passwords In Chrome 56,