Google Chrome is making the web a safer place
If you process any private information on your website(s) like passwords or credit card information, you need to pay attention. Google is changing how Chrome labels unsafe web connections.
Chrome currently indicates the connection security of a website with an icon in the address bar. However, HTTP connections aren’t explicitly labelled as non-secure at the moment, they’re only neutral. The neutral label doesn’t express the serious security risk of an HTTP connection, so the user doesn’t usually notice.
How are HTTP and HTTPS different?
When dealing with web page security, there are currently two options: HTTP and HTTPS. HTTP transfers website data between the user and server, but this isn’t secure. Somebody else on the network can view this information or modify it before it gets to the end user.
On the other hand, HTTPS is a much more protected method. It encrypts the page data so private information cannot be easily accessed. Sites using HTTPS will always state this in the address bar and display a recognisable green padlock. Numerous studies have shown that the absence of a ‘secure’ icon isn’t enough of a warning, so Google wants to make it clearer.
People are already changing their websites over to HTTPS, with HTTPS usage on the rise. Over half of Chrome desktop pages now load via HTTPS instead of HTTP. Everybody recognises red triangles as a strong warning, so if you don’t change over to HTTPS, this could drastically affect how trustworthy your website appears to potential customers or visitors.
Changes to come
These new security changes will start rolling out January 2017, when the latest version of Chrome is released. The first step will be displaying the ‘not secure’ warning on HTTP pages where password or credit card fields are present. Ultimately, all HTTP pages will be labelled as ‘not secure’ and display the unmistakable red triangle warning.
More concrete information will be available in the upcoming months, but there’s no point waiting until January. If you own a website, you need to be using HTTPS today. It’s now easier and cheaper to implement than ever before, so why wait? Get in contact with us here!
For some extra reading, click here to view the original Google Security announcement blog post.