Google is leading an initiative to make the web a more secure environment by not only encouraging all websites to use HTTPS but by marking standard HTTP websites as “Not Secure”. With Google being the most popular Search Engine and Internet Browser it is important to take their advice seriously and other popular browsers such as Firefox are now starting to follow suit.
What are HTTP and HTTPS?
HTTP (Hyper Text Transfer Protocol) is the standard way of exchanging information on the Internet. It is the protocol that is used to allow you to connect to a website server to request and send data across the web. However, over standard HTTP connections this data can be intercepted or modified by what is known as Man-in-the-middle attacks, where someone is able to access your data as it transfers from your device to the web server. Essentially eavesdropping on any information you are passing across by entering it on an insecure website including your name, address, passwords and credit card information.
HTTPS (Hyper Text Transfer Protocol Secure) provides a secure way to exchange data with a web server without the risk of this data being intercepted or modified. It achieves this by encrypting the connection made between your device and the website server, locking out anyone who tries to access this information from another location or device.
HTTPS is enabled by using an SSL certificate on your website, for more information, read our blog “The benefits of an SSL certificate”.
How will this affect my website?
Recent releases of the Chrome and Firefox browsers have started to label websites that collect personal information such as passwords or credit card details with a Not secure notice like the examples below.
Chrome version 56:
Firefox version 51:
This is the first phase of the plan to encourage websites to move towards using the secure connection of HTTPS, as time goes on the warnings will become more prominent and harder to ignore. Eventually web browsers may show all HTTP pages as Non Secure and the warnings will be more severe:
Future Chrome releases will display the following warnings on any http page:
Future Firefox releases will show the following message when a user clicks a username or password field on a page that does not use HTTPS:
These warnings will also appear on your platform login page, if you are using WordPress or Magento, for example, these warnings will show on your /wp-admin and /admin pages respectively. While this will not affect your website’s visitors it is a stark reminder that your login details are being entered insecurely and could be intercepted by hackers.
How will this affect my visitors?
As you can imagine these insecure warnings may lead to confusion and a lack of trust between your customers and your website. Seeing these warnings particularly on eCommerce websites may well discourage your customers from entering personal information on your website. Even if you do not take payments on your website, any website that requires your customers to log in to their account will display these messages.
Future versions of web browsers may display any HTTP page as Not Secure regardless of the information they collect as they push for every website to use HTTPS.
What should I do?
With Cybercrime on the rise and the leading web browsers advising the use of HTTPS to secure your website, there has never been a more important time to protect your website and your visitors with an SSL certificate. Having an SSL certificate on your website provides many benefits as well as the security your website will perform faster and may appear higher in search engine rankings by providing a secure connection.