Ever visited a site and greeted by a warning that says the page is not secure? Has it ever caused you a mini panic and urged you to close that window? Or worse, has your site shown a decrease in traffic and an increase in bounce rates because of this?
In the past years, the “Not Secure” warning was only applicable to HTTP sites that contained password and credit/debit card input fields. Recently, however, Google announced that a new warning message will be issued on sites that are not using HTTPS, especially those that are not protected with an SSL/TLS certificate, as part of their long-term plan to mark all HTTP sites as non-secure.
Google’s efforts with Chrome to encourage the web’s transition to HTTPS are beginning to pay off. In January of this year, Chrome has begun marking HTTP sites with password and credit card fields as not secure, and has already seen a 23% reduction in the fraction of navigations to these sites.
To advance their plan to migrate all HTTP sites to HTTPS, Google has issued another warning saying that, aside from password and credit card fields, sites containing non-sensitive information like forms, login fields and input sections in HTTP sites will also be flagged as “Not Secure”, effective October 2017. This will also be applicable to Incognito mode. Notably, this badge will not show up in the address bar until users begin entering information into a field.
At this point, you might wonder: Why all the fuss about HTTP and HTTPS? What difference does it make anyway?
HTTP stands for Hypertext Transfer Protocol. HTTPS, on the one hand, means Hypertext Transfer Protocol Secure, which further means Security Socket Layer (SSL) – the technology that encrypts your connection to a website. The problem with HTTP is that its data is not encrypted; which means it can be intercepted by third parties or hackers, allowing them to gather the information being passed between the two systems. This security issue can be addressed by using HTTPS.
All data and information sent over regular HTTP connections are in plain text and can be easily read and understood by any third party or hacker that manages to cut into the connection between your browser and the website. This presents a clear danger if the information passed is in an order form and includes your password, credit card details, social security number, or even just your name. With an HTTPS connection, even if somebody managed to break into the connection, they would not be able to decrypt any of the data which passes between you and the website because of extra layers of security that come along with HTTPS.
As a website visitor, you want to be assured that every information about you that you input on a site is kept safe and secure. As a website owner, you also want to provide a secure experience for your customers and prevent their details from being stolen; this builds your credibility as a brand and encourages more and more people to trust you.
Security is at the heart of what Google does these days, which is why the company has listed HTTPS as a ranking factor in search results. As of now, it only carries a fairly lightweight signal compared to other factors such as high-quality content, giving webmasters time to switch to HTTPS. Overtime, however, Google might decide to strengthen this action to encourage website owners to switch to HTTPS.
Eventually, Chrome will show a not secure warning badge for all pages served over HTTP, regardless of whether or not the page contains sensitive input sections. Google’s end goal is to show a “Not Secure” warning for all pages in HTTP, and encourage the adoption of more secure pages. To put it simply then, if you want your websites to avoid getting flagged as “Not Secure”, you should start planning to migrate them to HTTPS.
With all that said, switching to HTTPS can be a tedious task, and you might need the help of experts in this field. If you are looking for an IT company in the Philippines that can help you make the switch, we’re sure we can get the job done. Ask us how!