In July 2020, Google revealed how it plans to protect Google Chrome users from submitting insecure forms, beginning in Chrome M86. The search engine giant announced that the new update will warn users against completing forms on secure (HTTPS) webpages that fail to submit securely.
The idea behind this new development
Google claims that forms on HTTPS sites that submit insecurely, a.k.a. “Mixed Forms”, can pose a huge risk to users’ security and privacy. According to Google, any sensitive information submitted on such forms can be picked up and altered easily by malicious parties.
So, what will happen to the insecure forms?
1. Autofill will be disabled. However, Chrome’s password manager that helps users input unique passwords will continue to work on mixed forms with login and password prompts.
2. Users will see a warning text. When users begin to fill out insecure forms, a warning text will appear to alert them that the form is not secure.
Image Source: https://blog.chromium.org
3. Users trying to submit an insecure form will see a full page warning. This warning page will alert users of the potential risks and ask them to confirm if they still want to submit the insecure form.
Image Source: https://blog.chromium.org
To justify these new measures, Google claims that the current ones fail to effectively communicate the risks of submitting sensitive data in an insecure form. Currently, the mixed forms are only marked by the absence of the lock icon from the address bar.
How will this affect your site?
Google is making it very clear to all website owners that the time to fully migrate the forms on their sites to HTTPS is NOW! If any developer has questions, they should send an email at security-dev@chromium.org.
Google has been giving us signs and indications to fully migrate our sites to HTTPS for quite some time now. Thankfully, it’s pretty simple to do so.
One thing is for certain, migrating your site completely to HTTPS should be on top of your to-do list right now. If your website is still in HTTP, get in touch with us so our expert team can assist you in making your site and forms secure.