Google Chrome has started to mark sites as “Not Secure” if they don’t have HTTPS at the start of their url.
If you have a website that has a login area that requires customer passwords, or you collect credit card information or personal data from visitors then you will now be affected by Google Chrome marking your site as ‘non-secure’ if you do not have HTTPS at the start of your url and have an SSL certificate (Secure Sockets Layer).
Having HTTPS (HyperText Transfer Protocol Secure) at the start of your url shows it is a secure connection for passing information between web servers and clients. It acts as a layer of security encrypting data to prevent ‘eavesdropping’ or information being stolen by hackers. It is a way of customers’ computers authenticating the communication they have with your website.
What is an SSL certificate?
Globalsign, who build and maintain high-scale identity management solutions for devices, people and things comprising the Internet of Everything, describe SSL Certificates this way:
“SSL Certificates are small data files that digitally bind a cryptographic key to an organization's details.”
Once you have activated the SSL a padlock symbol will appear and the https protocol (which allows secure connections from a web server to a browser) will show at the front of your url.SSL certificates are usually provided by third-party web filters and they allow you to set up your web filter to detect online threats.
According to Google Support “SSL inspection is only supported on Chrome browser version 30 and later” and "from January 2017, Chrome 56 will label HTTP pages with password or credit card form fields as 'not secure', given their particularly sensitive nature".
What are the dangers of not using HTTPS?
The Google Security Blog states that “when you load a website over HTTP, someone else on the network can look at or modify the site before it gets to you.”
People are more and more concerned about the security (and distribution) of their information nowadays and protecting their credit card or personal details is of the utmost importance. Google is forging the way forwards to make security features such as this the basic standard across the web to allow internet users to make more informed decisions on the trustworthiness of websites in which they will be entering their data.
The Independent has yet to change to a secure HTTPS even though they have a login section:
If you want people to trust and use your website then it is absolutely necessary for you to migrate to using HTTPS and have an SSL Certificate.
Google publishes the status of many high-traffic websites showing if they are secure and using HTTSP or not in their Google Transparency Report.
Google has implemented certain tactics to persuade people to make the switch such as giving preference to sites with an SSL in terms of ranking and are now penalising those who don’t migrate. HTTPS sites also load significantly faster according to the HTTP v HTTPS Test site.
So talk to your web developers about migrating to HTTPS as soon as you can.
Webigence are in the top 1% of Microsoft Partners with the Gold certification for Application Development. Talk to us about your new project by emailing email@example.com. We're specialists in ASP.NET, Xamarin and Microsoft Azure technology.
Blog written by Natalie Wiggins