nonsecure collection of passwords will trigger warnings in chrome 56

synaturesynature redwoodtwigRegistered Users Posts: 191 Major grins

I got an email telling me that a link to a photo in a password protected gallery will trigger this warning.

As near as I can tell, this is occurring when I navigate to a public gallery in Chrome that has a photo on it that was collected from the password protected gallery. I have not given this link to anyone and if you try to go directly to it, you will see the unlock gallery message. But it shows up fine in the public gallery I collected it into.

I noticed also that if I click on the buy link after going to the public gallery as a visitor, not logged in, the link does not have https.

Is this going to be an issue?

Message type: [WNC-10026400]
Search Console
Nonsecure Collection of Passwords will trigger warnings in Chrome 56 for http://redwoodtwig.com/

To: owner of http://redwoodtwig.com/

Beginning in January 2017, Chrome (version 56 and later) will mark pages that collect passwords or credit card details as “Not Secure” unless the pages are served over HTTPS.

The following URLs include input fields for passwords or credit card details that will trigger the new Chrome warning. Review these examples to see where these warnings will appear, and so you can take action to help protect users’ data. The list is not exhaustive.

http://www.redwoodtwig.com/MemberArea/Art-archives/Image-story-drafts/i-DmHdwX8

The new warning is the first stage of a long-term plan to mark all pages served over the non-encrypted HTTP protocol as “Not Secure”.

Here’s how to fix this problem:

Use HTTPS pages to collect sensitive information
To prevent the “Not Secure” notification from appearing when Chrome users visit your site, move collection of password and credit card input fields to pages served using the HTTPS protocol.
Read the WebFundamentals article
Need more help?

• Learn more about this change in the blog post “Moving Towards a More Secure Web.”
• Learn how to Secure your site with HTTPS.
• Ask questions in our forum for more help - mention message type [WNC-10026400].
Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043 | Unsubscribe from this type of message
Add partners who should receive messages for this Search Console account.

Brandon Smith
http://redwoodtwig.com
Sony A7r4 with a selection of Rokinon Cine primes that I'm really enjoying learning how to use.

Comments

  • leftquarkleftquark Former SmugMug Product Team Registered Users, Retired Mod Posts: 3,775 Many Grins
    edited May 22, 2017

    @synature said:
    I noticed also that if I click on the buy link after going to the public gallery as a visitor, not logged in, the link does not have https. Is this going to be an issue?

    The checkout portion of the shopping cart is always secured behind an https connection. You'll see when the customer selects "View Cart" they're redirected to https://secure.smugmug.com/cart to initiate the secure password/credit card form. Anything pertaining to account passwords, purchasing, or personal information is secured behind https (including login, Account Settings, subscription payment, and prints/gifts payments). Currently Gallery Passwords on sites with Custom Domains are not secured behind https, though we're doing our best to work on getting all custom domain site traffic behind https.

    dGrin Afficionado
    Former SmugMug Product Team
    aaron AT aaronmphotography DOT com
    Website: http://www.aaronmphotography.com
    My SmugMug CSS Customizations website: http://www.aaronmphotography.com/Customizations
Sign In or Register to comment.