Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
Ask a Question

Nonsecure Collection of Passwords will trigger warnings!

+7 votes
1.3k views
in Q2A Core by
Here is what i just received from google that I like to share with you, in case anyone is ready for this move from Google Chrome:

Beginning in January 2017, Chrome (version 56 and later) will mark pages that collect passwords or credit card details as “Not Secure” unless the pages are served over HTTPS.

The following URLs include input fields for passwords or credit card details that will trigger the new Chrome warning. Review these examples to see where these warnings will appear, and so you can take action to help protect users’ data. The list is not exhaustive. .....
Q2A version: 1.74
by
moved by
I just got the same message.
by
From which day will this happen?
by
Beginning in January 2017 ...

1 Answer

+2 votes
by
Yes, any page with password input will be marked as non-secure by Chrome and Firefox. I'm not sure how visible/off-putting it will be for users, but if you have a Q2A site it's probably worth getting an SSL certificate.

Just to clarify (not sure if you were asking this) but this is not something Q2A software needs updating for. It already supports HTTPS but you need to handle the cert on your server.

If you're on shared/managed hosting you may need to check with your host how to add an SSL cert, if it can be done.
by
edited by
Thank you Scott. That part I get where you said we need to get the cert from our host. but the login page is at the front page. i.e. if the visitors google our website, he/she lands on http://myDomain.com
not
httpS://myDomain.com
which means an insecure page, thus that problem will raise. So we have two options
1- using htaccess we can forward http pages to https.
2- replace login from from front page with a button which takes users tohttpS://myDomain.com /login?to=
My 2-cents: the former solutions will affect user experience as secured pages are slower to load. would love to read your thoughts
by
HTTPS is not slower to load (maybe slightly, but not noticeable). You can also use HTTP/2 with HTTPS which improves speed even more.

The ideal solution is to make the entire site HTTPS, so yes you'd redirect from HTTP to HTTPS.
by
Moving everything to https created issues for me. Some of the lugins like custom google search no longer work. As well images are not shown properly. images got to displayed in android web view! I guess the adnroid web view renders using old browsers approach
by
I have the same problems I wonder about back to http or not
Snow Theme by Q2A Market
Powered by Question2Answer
...