Google initiates blacklisting websites using HTTP login

Google has been actively working towards pushing sites to start using HTTPS for some time now. This is in the hopes the world will become more secure. Now Google is marking newly registered sites which ask people to provide login details and passwords over HTTP as unsafe.

According to the security firm’s report Sucuri, Google has been marking these websites as hosting “Deceptive Content” when it detects a code which tricks users into revealing sensitive information. Furthermore, the company also started blacklisting the sites and has started adding the Deceptive Content flag to them even if they were clean and loaded no external resource.

The reason behind this action is that websites only used the HTTP protocol, even if they had any form of login pages or password fields. All that Google waits in order to remove these flags is to receive an SSL/TLS certificate.

"Upon investigation, the websites contained login pages or password input fields that were not being delivered over HTTPS. This could mean that Google is expanding its definition of phishing and deception to include websites that cause users to enter sensitive information over HTTP," Sucuri notes.

Google has been pushing SSL as a best practice standard across the web for years now, so it’s not a surprise that they are taking a much stronger stance.

(source)