From December 27, 2016, Google is sending notifications through Google Search Console to websites that are operating their login pages on HTTP URL, rather than HTTPS URL. The notification states that non-secure collection of passwords will generate warnings for HTTP websites in latest Chrome 56.
As per Google, the latest version of Chrome will trigger security warnings from January, 2017 to websites serving login pages on HTTP URL. The message states:
“Beginning in January 2017, Chrome (version 56 and later) will mark pages that collect passwords or credit card details as “Not Secure” unless the pages are served over HTTPS.
The following URLs include input fields for passwords or credit card details that will trigger the new Chrome warning. Review these examples to see where these warnings will appear, and so you can take action to help protect users’ data. The list is not exhaustive.”
Google Webmasters even posted on Google+ stating, “From the end of January with Chrome 56, Chrome will mark HTTP sites that collect passwords or credit cards as non-secure. Enabling HTTPS on your whole site is important, but if your site collects passwords, payment info, or any other personal information, it’s critical to use HTTPS. Without HTTPS, bad actors can steal this confidential data. #NoHacked”
Search engine giant has been pushing websites to go HTTPS, thereby including ranking boost.
Here is the copy of security notification issued by Google to websites who have login pages on HTTP URL.