Sep 14, 201712:53 PMOpen Mic
Send us your blog for consideration!
Google raises the bar in website security with SSL
(page 1 of 2)
Google’s April announcement regarding connection security demonstrates a heightened initiative to protect online visitors:
In January, we began our quest to improve how Chrome communicates the connection security of HTTP pages. Chrome now marks HTTP pages as “Not Secure” if they have password or credit card fields. Beginning in October 2017, Chrome will show the “Not Secure” warning in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode.
What to expect this fall
Effective this October, the latest Chrome (62) web browser will again expand its warning to visitors as being “Not Secure” when it doesn’t have an SSL (secure socket layer) certificate installed on info-request pages. The same warning will appear on any webpage visited using Google’s Incognito mode.
Browser tests will search for the presence of two form fields — text or email — to determine when to warn visitors by displaying a subtle “Not Secure” label beside the website’s address bar — but only when the webpage isn't protected with SSL encryption. Since January 2017, pages that request a password to login, such as those needed to access restricted content like admin or members portals, display the “Not Secure” statement only if the site isn’t transmitting content over SSL encryption. Alternatively, websites with a valid SSL certificate notify visitors that it’s “secure” as indicated with a comforting green padlock.
The trend has been established
This is just the beginning. Google’s 2017 initiative alerts the online industry that near-future releases of Chrome won’t be limited to just info-request forms and password fields. Google intends to trigger the “Not Secure” label on ANY page of a website that doesn’t have an SSL certificate installed. While the exact date of the higher qualification isn’t known, there’s little question that Google intends to continue its trend of alerting Chrome customers when directing them to a website that doesn’t offer SSL encrypted protections.
Are all browsers affected? What if I use Firefox or other browsers?
The implications of this new industry standard are far reaching. Google Chrome, while it retains the lead as the dominant browser being used by over 60% of online visitors, isn’t the only one in the quest to make visitors more informed. Mozilla's Firefox browser now also holds website owners and their web designers to the higher website security standard, and the trend is expected to continue across all browsers in the immediate future.
How will this notification affect our business?
All website owners want site visitors to be confident in their browsing experience. Some degree of visitor confidence is needed before many of us will (or should) complete an information request form on a website, provide our email address for a newsletter, get an online quote, or purchase products. While SSL certificates remain the minimum standard requirement for e-commerce transactions, doing so on all websites — even those that don’t have forms and online shopping — should now be valued by your businesses as an easy, low-cost means to demonstrate your respect for visitors’ privacy, while instilling trust online all long before asking your visitors to share their personal information.
Will an SSL certificate make our website safe?
While Chrome and other browsers will soon quickly confirm and label the visitor experience as “secure” (or display a padlock), the label “secure” is probably a bit misleading. What’s really happening is that the contents of the webpage have been scrambled via a complex encryption process, using a certificate issued to your company or your web provider. Varying levels of organizational and domain-level authentication are available when an SSL certificate is issued (usually annually), which help inform the visitor about the organization that’s doing the scrambling. While this process makes it virtually impossible for others using your network to “capture” and read your online transmissions, it’s a bit of stretch to imply that it alone will make the entire visitor experience entirely secure.
Any data captured online may still be transmitted via email, stored in databases, and possibly distributed in raw text form. However this new step is a bold move in the right direction and makes it even more difficult for others to use and abuse network traffic to capture data from unsuspecting website visitors.