In its quest to create a more secure web, the internet giant has announced, with the release of version 62 of its Chrome browser, that Chrome will now show the “Not secure” warning when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode.
This follows its move in January with the release of Chrome 56 that HTTP pages that collect passwords or credit cards are marked as non-secure as part of a “long-term plan to mark all HTTP sites as non-secure.”
“Eventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS,” the company reported on its Chromium blog.
Google’s reasoning that passwords and credit cards are not the only types of data that should be private is absolutely right.
Forms, login fields or any other type of input sections on a website require data or some kind of information to be entered (think physical addresses, telephone numbers, ID numbers). However, this type of data is private and should, therefore, not be accessible to others on the network.
If a website is not encrypted there is a risk of this information being intercepted by intruders - and it is this that Google is trying to warn users about with version 62.
Why is HTTPS so important?
Several companies and organisations, chief among them Google, have been pushing for more encrypted websites.
Now, it seems, that if internet users don’t start to abandon the traditional, less secure HTTP protocol of their own volition and adopt HTTPS - the “S” at the end standing for “Secure” - they will be strong-armed into doing so. And truth be told, it’s for their own good.
Given that some 60% of all browsers used today are Chrome, Google is in a good position to leverage its dominance (Firefox browsers have about a 12% uptake, Safari around 10%) to force the average person to become more aware of the constant threats posed in the online world.
When a website has an SSL (Secure Socket Layer) certificate properly installed on the server, a small green padlock icon will be displayed to the left of a website URL in the browser and https will also appear in green text.
SSL certificates are used to secure data transfers, credit card transactions, logins and other personal information. They provide security to customers and, therefore, make it more likely that visitors will stay on a website for longer.
This has the added benefit of improving the bounce rate on your website as well as increasing the chances your prospects can engage with more of your content.
Your website should always be protected with HTTPS, even if it doesn’t handle sensitive communications.
HTTPS is important for your website because it:
1. Protects the integrity of your website:
Intruders, whether they are malicious or not, attempt to exploit every unprotected resource between your website and users. An SSL certificate creates a secure connection between a web server and a user’s web browser which can prevent third parties injecting adverts into websites that can impact user experiences and create security vulnerabilities. Intruders can also trick your users into parting with sensitive information or installing malware on your website if it’s not secured.
2. Protects the privacy and security of your users: “Every unprotected HTTP request can potentially reveal information about the behaviours and identities of your users,” writes Kayce Basques of Google.
“Although a single visit to one of your unprotected websites may seem benign, some intruders look at the aggregate browsing activities of your users to make inferences about their behaviors and intentions.”
Is the future of the web: HTTPS is now standard for many web-based applications as these powerful new tools require explicit permission from the user before they can work properly.
Which SSL certificate is the right one for you?
All SSL certificates offer the same levels of encryption but differ according to validation levels – the extent to which the domain is vetted and proven to be linked to a particular organisation.
The validation level does not affect the security level, but rather reflects levels of user trust. In other words, the more you need users to trust your website’s authenticity, the higher level of validation certificate you will choose.
1. Domain Validation (DV): These SSL certificates validate the domain ownership against registry records. No organisational information is vetted or displayed on the certificate.
Displays a padlock icon in the browser address bar, and no company information on the certificate.
2. Organisational Validation (OV): These SSL certificates validate the domain ownership as well as the organisation’s identity. Some organisational information is displayed on the certificate.
Displays a padlock icon in the browser address bar and some company information on the certificate
3. Extended Validation (EV): These SSL certificates validate the domain ownership, organisational identity as well as the legal existence of the organisation. In other words, an extended validation of the business or organisation is required. The green address bar provides the highest level of trust to users that the company is legitimate.
This certificate is suited to credit card transacting websites, banks or financial institutions, or any site that could potentially be the subject of a phishing scam.
A green address bar, as well as a padlock icon, is displayed in the browser address bar, and company information on the certificate. Extended Validation certificates should be obtained directly from a Certification Authority of your choice, and can be installed on your domain.
With the release of Version 62, Google has had the proverbial sneeze and the rest of the online world is bound to catch a cold.
Its move to creating a more secure web should be supported because it is in the best interest of those who are using the internet every day to do their jobs and make their lives easier and safer.
- Select Web offers free SSL Domain Validation certificates for all websites it hosts for its clients with free annual renewal included. Contact us for more information.
Sources: Google, Hetzner