In January this year, Google made big strides in implementing their vision of a more secure web, through a new feature in their Chrome version 56 release, that highlighted sites that didn’t use a secure HTTPS connection.
To begin with, this ‘Not Secure’ flag is only be displayed on sites that collect credit card or password details without an SSL. In the last 9 months, Google found that this resulted in a 23% reduction in the number of people navigating to a non-secure site on desktop. Consequently, this also saw an uptick in the number of sites starting to use HTTPS.
When this move was announced, Google did warn us that this flag would eventually be rolled out to any site still using HTTP, and now it’s arrival is imminent. In version 62 of Chrome, which is due to be released on October 24th, a ‘Not Secure’ warning will show across even more sites.
Since users have a higher expectation of privacy when browsing in Chrome’s Incognito mode, version 62 will mark any site not using HTTPS as ‘Not Secure’ in the address bar when using Incognito. However, when browsing outside of Incognito mode, the ‘Not Secure’ warning will only display when the uses enters data into the website, not on page load. This means that HTTP sites that do not collect any kind of data will not be flagged at all, unless the user visits them in Incognito mode.
Why do we need HTTPS?
You may wonder why Google is going to all this effort to push HTTPS – what’s the benefit of using secure connections? And why does your site need it?
It’s a common misconception that you only need to use a secure connection on your website if you collect credit card data. And whilst this may have once been the case, people are no longer willing to risk their personal information.
When you submit any kind of information through a website, whether it be credit card or bank account information, or passwords or contact details, this travels across the internet to the web server that houses the site you are interacting with. If this information is not being transferred via a secured protocol, then its open for the world to see. Consumers are becoming more and more security conscious, and are less willing to submit any kind of details through a HTTP connection. Even if your site doesn’t collect credit card info, but you do ask users to submit any kind of personal information, like a contact form that asks for a customers email address, then using HTTPS across your site is something you should seriously consider.
Besides protecting your customers data, HTTPS connections enable better performance and browser features that are too sensitive to be available to HTTP sites. Plus, at the end of the day, a more secure web is a win for everyone.
How do I get HTTPS?
As Chrome continues to highlight to internet users that they are engaging with a site that has the potential to put their personal information at risk, site owners without HTTPS run the risk of losing customers who aren’t willing to interact with their site.
At this point, if you still use HTTP on your site, you are likely convinced that it’s time to make the move to HTTPS. But how? Fortunately, HTTPS is more accessible than ever, being cost effective and straight-forward to implement.
Switching to a secure transfer protocol is as simple as installing an SSL (Secure Socket Layer) certificate on your website. An SSL certificate enables the HTTPS protocol, and lets your customers know that you are who you say you are. In order to install an SSL, you must first go through a verification process, which varies depending on the type of SSL certificate you purchase. See your options here.
The most commonly used SSL certificate is a DV or Domain Validation certificate. This checks WHOIS data to ensure that the SSL certificate applicant is the same person who owns the domain name, and is the most ‘basic’ of the validation checks.
This goes a step beyond the DV certificate and also validates some basic information about the organisation that it applying for the SSL. This includes confirming the physical address of the business, plus any licences that might be relevant.
An EV SSL certificate is most easily recognised by the ‘Green bar’ that displays in the address bar of the browser. This certificate has the most rigourous validation process, and is the highest level of security available. Its commonly used by banks and large corporate enterprises for whom reputation is paramount.