Google has cautioned site owners that, at the end of January 2017, Chrome will mark sites without HTTPS as non-secure if they collect sensitive information like passwords and credit cards.
“Enabling HTTPS on your whole site is important, but if your site collects passwords, payment info, or any other personal information, it’s critical to use HTTPS.”
From the sounds of it, if a website collects sensitive information on any of its pages, the entire site will be marked as non-secure. Therefore, sitewide HTTPS is necessary for a site to be marked secure, even if only one page collects personal data.
Without HTTPS, sensitive information can be stolen, which is why Google has been championing the use of HTTPS across the web with its #NoHacked campaign. In addition, Google also gives a slight ranking boost to sites with HTTPS.
Should this be a cause for concern? Well, consider the fact that Chrome currently holds 55% of the desktop and mobile browser market share. That’s over half of the web browsing population that will not be able to access your site without HTTPS.
If your website collects sensitive information and is not on HTTPS hosting, you have until the end of January to get prepared before your site is flagged as non-secure in Chrome.