An unsecured website can mean huge problems for both its owners and its users. And to improve the situation, starting July 1st, 2018, Google Chrome took serious measures to show its users, which websites have no data encryption.
This will strongly affect websites which still use the HTTP (Hypertext Transfer Protocol) which doesn't encrypt user data and makes pages vulnerable to eavesdropping attacks.
What is Google going to do and how can users solve that issue?
Google's Chrome browser will mark HTTP websites with no secure SSL certificate as 'Not Secure'.
By getting an SSL for their projects, website owners can upgrade to HTTPS - and make both their visitors and Google happy with what it brings.
Google SSL Certificate Recognition - Aiming For Security
For the last few years, Google has been a strong advocate of SSL-secured websites. This goes way back to 2014 when it was decided that the search giant will rank secure HTTPS websites over the less secure HTTP ones.
As stated in Google Webmasters Blog, this way website owners are encouraged to take web security more seriously. If not for the sake of visitors, then for the website's value.
Laying the foundations for an encrypted and more secure web, Google has gradually increased the rewards for secure websites.
Back in Spring of 2017, with the Chrome 62 browser, Google introduced a system which helped users see which websites don't encrypt user data that is received.
Once a visitor started typing some sort of information into a website, a "Not Secure" ribbon appeared in the address bar.
This way the user is informed about the status of the website while providing their info.
With Chrome 68 - starting from July 2018 - this ribbon is there from the very start. Now the visitor knows the level of security without typing in any user data.
And it comes without saying - no website owners want their websites to be branded with a mark that makes them look like they aren't secure.
With the new version of Chrome, the address bar will always feature one of the three statuses of the page's security:
- Secure will be reserved for HTTPS websites with full SSL encryption.
- Info/Not secure will mark basic website with no SSL.
- Not secure/Dangerous is going to be left for pages with no SSL and with a history of collecting sensitive user data.
So, in short, if a website still uses basic HTTP with no SSL, it will be even easier for its users to see that.
Google: SSL Certificates Are Here To Stay
According to Google, HTTP is a protocol, putting sensitive user data in danger. But the initial idea is that the Internet should be safe and available to everyone - and SSLs help keep that a reality.
By showing the users all about the website security, Google Chrome is doing a necessary step.
And actually, there is no reason not to have SSL and not to have HTTPS. As Google states in its Chromium Blog, with the HTTPS you can improve the performance as well as unlock new features.
So it shouldn't be a surprise that these security protocols are becoming a natural part of any website.
What Is SSL Certificate?
SSL (Secure Sockets Layer) is a protocol that guarantees full anonymity of the page visitor. SSL certificates protect the flow of data between the website and the user. No one in the middle can sneak in and collect the data.
Information including email addresses, password, personal information, or even stuff like credit card numbers and bank logins gets a layer of crucial protection.
Here's how SSL certificate works:
- A connection between the visitor and the website is made. An SSL Handshake happens, and the transmission is now being overseen.
- The website sends its certificate to the user - including technical specifications.
- The user's browser checks the validity of the certificate. This is where Google Chrome comes in. Highest possible mutual level of encryption is selected - and the data is being sent. But it's coded, so it's impossible for third parties to know, just what exactly the passwords or the numbers on the credit cards really are.
In short - if you don't want your user data to leak, you should upgrade to HTTPS and get an SSL certificate.
But although Netscape invented SSL back in 1994, it took a long time for it to become mainstream. Even to this day, a huge number of websites still don't have it - and just like that, they put their users in danger.
Therefore, Google is now influencing the situation by keeping the visitors informed about the website's security.
How To Get An SSL Certificate?
If you're looking to secure your website with an SSL, there are two ways to go about it.
- Get a free SSL certificate. "Let's Encrypt" is a valuable way to encrypt the data of your page. There are plenty of Let's Encrypt tutorials which may help you get everything sorted out. However, be wary - even with a tutorial by your side, it can still be a slightly tricky task.
- Purchase a premium SSL. They, of course, cost a little bit of money - starting from a couple of dollars a month. But these certificates are very easy to install and if something goes wrong, helpful support goes a long way. There are many SSL stores who provide the certificates. Or sometimes, you may ask your hosting provider for one - companies like SiteGround and Hostinger include SSL certificates with the hosting purchase.
In many ways, it may appear that SSL is only useful if you're selling online - and handling very sensitive user data, such as financial information. However, an SSL certificate is useful in more than just this way.
SSL certificates not only protect - they are overall a very good way to earn the trust of your visitors.
Obtaining an SSL requires documentation, proving the legitimacy of your business. The certificate is not only a sign of security - it's also a sign of verification. As users become more tech-savvy, they understand the importance of legitimate, safe websites.
Furthermore, it could be a bit tricky advertising your blog or business, with the address bar looking like that:
Let's not forget another very important factor of a successful website - Google rankings.
Back in 2014, Google has started using HTTPS as a ranking signal, affecting the pages and their search query positions. So if a website doesn't rank high on Google and doesn't have an active SSL certificate - this could very well be the reason.
Looking at all that, SSL is a smart investment to make.
Getting An SSL Certificate Is Easier Than Ever Before
In order to make HTTPS websites a default for all websites, the online community is more dedicated than ever to help developers do the transition. Google mixed content audits are set up to help developers migrate insecure content and a Google Lighthouse tool will help see the overall issues of a page.
And as mentioned previously, there are plenty of ways to get an SSL certificate. There's free "Let's Encrypt" and for those still looking to acquire a premium, advanced SSL certificate, there are a lot of SSL stores which will help you secure your website in no time.
So, the increasing attention for website security shouldn't be a problem - there are more than enough resources for that.