Has anyone asked you yet why your website is “not secure”? If not, you’ll probably get that question before long.
The reason: Google has changed the way websites are displayed in Chrome, and other companies are following Google’s lead.
Here is the most simple explanation of a very technical issue:
For most of the time there has been an internet, nearly all website addresses have begun with “http://” and the browser address bar at the top of your screen displayed a tiny icon of a blank page, similar to the image shown here.
Banks, email service providers and corporations moving confidential data were the only companies that used “https://” (note the “s” — which signifies an encrypted connection to a web page). Web browsers displayed a padlock in the address bar to confirm an encrypted connection.
Google developers first proposed in late 2014 that ALL web pages should be encrypted. Since then, Google’s Chrome and other browsers (Firefox, Safari, etc.) have made changes that identify all non-encrypted websites as “not secure.”
The “info” icon in the browser bar now links to specific information in a drop-down menu, as shown below, and clearly identifies all http:// web pages with this (or a similar) warning in red: “Connection is Not Secure.”
A pop-out notice offers information that a site’s visitors may consider even more concerning: “Your connection to this site is not private. Information you submit could be viewed by others (like passwords, messages, credit cards, etc.).”
More noticeable and alarming warnings may be coming. In “Google Will Soon Shame All Websites That Are Unencrypted,” Motherboard reports: “Google wants everything on the web to be traveling over a secure channel. That’s why in the future your Chrome browser will flag unencrypted websites as insecure, displaying a red “x” on the URL bar.”
Why is Google pushing encrypted connections?
“The rationale is that on every website served over HTTP the data exchanged between the site’s server and the user is in the clear, meaning anyone with the ability to snoop on the connection, be it a hacker at a coffee shop or a repressive government, could steal passwords, private messages, or other sensitive information,” Motherboard explains.
“But HTTPS doesn’t just protect user data, it also ensures that the user is really connecting to the right site and not an imposter one. This is important because setting up a fake version of a website users normally trust is a favorite tactic of hackers and malicious actors. HTTPS also ensures that a malicious third party can’t hijack the connection and insert malware or censor information.”
“Until recently, only determined and knowledgeable hackers with fancy tools and lots of time on their hands could spy while you used your laptop or smartphone at Wi-Fi hot spots,” according to Snopes.com. “But a free program called Firesheep has made it simple to see what other users of an unsecured Wi-Fi network are doing and then log on as them at the sites they visited.”
For these and many other reasons, Mozilla (developers of the Firefox web browser) and Apple are now on Google’s https bandwagon, moving toward https encryption for every web page, with warnings attached to all pages that are not encrypted.
How to get https for your website
By adding a security certificate to your website, we can meet Google’s requirements for an https (encrypted) connection, and all browsers will display a green padlock and a “secure connection” notice to all pages on your website.
If you would like an estimate for a site with encrypted pages, please contact us.
P.S. For those who want to delve into more technical information about this issue, read the following articles, or just search Google for “What is https and why does it matter?”
• HTTPS (Wikipedia article)
• Google Will Soon Shame All Websites That Are Unencrypted
• Does HTTPS matter? Yes. Here’s Why.
• HTTP vs. HTTPS for SEO: What You Need to Know to Stay in Google’s Good Graces
• http vs. https (Snopes.com)