22nd Feb 2017
Google want us all to be safe when we're online and so have started a process aimed at ensuring that all websites are served securely.
To encourage us all to think about security Google is changing Chrome so it notifies users when they're about to send information to a website that isn't secure. Initially this will only happen when a website asks you for a password but over time Google will start making security warnings much more prominent for all non-secure websites that requires any information to be submitted by the visitor.
Chrome indicates that a connection is secure with a green padlock icon in the address bar - bet you wondered what that was. As of last month (or Chrome 56 for our version fans), pages which collect passwords or credit card information from you will be marked as non-secure. That little 's' will make all the difference i.e. http:// as opposed to https:// *
The image below (from Google's Blog) illustrates the change.
We've mentioned 'securely served', 'non-secure' etc. but what do they actually mean?
Websites that aren't secure exchange information with visitors in plain text. It's like using a postcard for snailmail - anybody who sees what you post and receive can read your message. Secure websites scramble the information they send and receive so nobody can understand it, basically delivering that postcard in an envelope so to speak.
Google wants the whole Internet to be secure. It wants all of our data protected as we interact with websites, not just high-value "sensitive" data. If all websites were secure, third parties wouldn't be able to monitor the information we exchange with them and see our passwords and personal details floating around in the ether and steal them.
If your website is non-secure and asks visitors for information, it may start to trigger the warning in Chrome as users interact with it.
Just over half of Chrome desktop page loads are now served over HTTPS, and the world's top websites are taking note. While it's not something you have to do, we would highly recommend it. You don't have to do anything if you don't want to: your site will continue to work just as it always has, but these warnings might alarm your visitors at first. As with non-responsive websites, Google might choose to downgrade sites which are not served securely within search results. Unfortunately, we're at their mercy a little.
If you need some help or advice in setting up a security certificate for your website - give us a shout.
*https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html
