HTTPS Now Mandatory for Secure Data in Chrome
If your website is one that stores sensitive personal information such as personal data or passwords then please bear in mind that at the end of January, websites without HTTPS will be marked by Google as “non-secure”.
I bet that got your attention – and rightly so because this is something that concerns a whole lot of people which includes me. Simply put, EVERY website that collects and saves info like passwords, credit card information as well as other personal information will be required by Google to get HTTPS as well as an SSL certificate.
Late last year, we released an article about WordPress requiring HTTPS on their sites and it seems as though these two announcements can be said to be one and the time with regards to what it aims to achieve. In that article, I also explained the benefits of HTTPS and why other people haven’t migrated to it yet.
HTTP and HTTPS are two similar and yet different concepts. HTTP stands for HyperText Transfer Protocol while HTTPS stands for HyperText Transfer Protocol Secure. The only visible difference between these two is obviously the S but trust me, that small detail makes all the difference in the world when it comes to ensure your website’s security. Basically speaking, HTTP and HTTPS are transfer protocols that is used by the internet as a language of sorts to process and pass information between clients and servers.
In layman’s terms, HTTP is an unsafe connection while HTTPS is, quite obviously, secure. HTTP is considered unsafe and unsecure compared to HTTPS because it allows unauthorized people to access or observe any information exchanged the website as well your own mobile-capable device. In short, bad people can use the unsecure connection to tap into your computer and steal all of your private information – this involves your finances and even your identity.
Usually, the “discussion” between server and user is typically “dull” and downright unexciting but this all changes when you have to enter your private information which includes your credit card, bank account or even your Social Security.
HTTPS adds a layer of security which provides an adequate amount of protection for your personal data. This works via SSL/TSL protocol which stands for (Secure Sockets Layer and Transport Layer Security) which basically encrypts or secures your data. What this means is that SSL/TSL prevents people from seeing or intercepting your personal info; an added benefit derived from SSL/TSL is that it preserves the cohesion or integrity of your data which prevents it from breaking or being “corrupted”.
Simply put, HTTP is unsecure and unsafe while HTTPS is safe, secure and is the least that you could do for your customers or for people using your website. HTTPS is quickly becoming an integral part of the internet – and it is a change that everyone should accept.
Google is essentially culling unsafe HTTP websites by devaluing and penalizing them – and it’s easy to understand why. People expect and deserve a secure online transaction and by “pushing” HTTPS on web owners, Google is slowly helping people be a little bit safer on the internet.
Change is good; HTTP out, HTTPS in
As of this moment, Google Chrome can actually point out if the website that you are on is secure or not. HTTP connections will be marked by Chrome with a “neutral indicator” which, when clicked will inform you that the website that you’re on is unsecure and that you shouldn’t enter any personal info on the website.
HTTPS websites, on the other hand, is marked by Chrome as “secure”. When you click on the word “secure”, Chrome will inform you that the website that you are on is safe and that your personal information is kept as private when you send it over to that website.
You can read more about Google’s classification system over at the Google Security Blog.
Accordingly, at around the end of January, Google will begin marking non HTTPS websites that require personal information such as passwords and credit card forms as “not secure”. This is only the first step in Google’s crusade to protect people’s private information on the internet. Eventually, Google will also alert the user of an unsafe website via a red warning triangle to let the user know at a glance that the website that they are on is unsecure and any and all private information should be kept private.
HTTPS is quickly becoming the global standard of security and Google is starting to strictly enforce it; in fact, it starts as early as the end of January 2017. The changes listed here are only the first step that Google is taking to fight against unsecure connections. Somewhere down the line, I’m pretty sure that Google is going to start to aggressively fight unsecure connections – and you don’t want that to happen to you.
I can confidently recommend switching over to HTTPS as soon as possible. Not only does it make your website and your users’ sensitive information safe, it also allows your website to load a little bit faster.
TL;DR, upgrade to HTTPS as soon as possible!