Web security is becoming an increasingly hot topic. There are talented people out there with the malicious intent to exploit other people’s online information and use it to their advantage. It’s unfortunate, but it’s becoming more and more common to hear news stories about data breaches and how thousands (if not millions of people) have had their personal information stolen from them. Incidents like these happen too frequently in this dependent age of web use, and it’s up to us as users to be cautious on the information we provide online.
Don’t Fret: There is Good in This Online World
Google is a positive force that is working towards a more secure web. The company’s actions are helping users browse websites and complete online payments safely. Google started this journey in January 2017 when Google Chrome started to indicate connection security with an “i” icon in the address bar. If a website did not have a Secure Socket Layer (SSL) certificate configured, pages that collected passwords or credit cards were to be listed as “not secure” in the address bar, while all other pages would have a discreet “not secure” message that would only appear when the “i” icon was clicked. This discreet message has gone largely unnoticed by general website users; however, Google is ramping up their efforts to encourage web security.
The Technology is Ready
The next part of Google’s plan is in motion: increasingly explicit messaging for these “unsecure” sites. In mid-2017, Google proactively contacted website owners indicating that Google Chrome, a web browser, would show security warnings after October 2017. Websites are affected by this security notice if they are using the default method of data communication: Hypertext Transfer Protocol (HTTP).
What Does it All Mean?
The default way of accessing any website is by using HTTP, the foundation of data communication for the web. However, the World Wide Web has evolved since its humble beginnings in 1989. A few years after the inception of the online world as we now it, it was discovered that the default protocol, HTTP, did not encrypt the communication between a web browser and a website. This means that information entered into the site by a user (i.e. name, email address, credit card information, etc.) could potentially be stolen by hackers. With the secure protocol, HTTPS (the “S” stands for secure!), information entered into the site (say through an online form) is encrypted and safe.
You’ll see that the majority of large websites use HTTPS already – note the “s” in the URL. Here are some examples:
- https://www.google.com
- https://www.mozilla.org
- https://en.wikipedia.org
- https://www.facebook.com
- https://www.youtube.com
- https://www.amazon.ca
- https://www.apple.com
Google and other technology firms like Mozilla, Facebook, Shopify, Squarespace, Zendesk (and many more) are leading the charge for a safer and more secure web by promoting the use of the HTTPS to protect users and to encourage website owners to migrate to this new security standard. They have even launched an initiative called Let’s Encrypt that provides “free” SSL Certificates to websites.
Google’s plan is to spur website owners into action by having a “not secure” warning in a browser, as a lack of a “secure” icon is not enough to change users’ behavior. With this “not secure” message, users may feel uncomfortable visiting HTTP websites and decide not to purchase products or services from them – rightly so!
So What’s Next?
To migrate to HTTPS, a website needs to have a something called a Secure Socket Layer (SSL) certificate configured. This SSL certificate enables HTTPS and presents users with a “Secure” message or a green lock within browsers to signify that their connection is secure.
Chrome Example:
Firefox Example:
The Let’s Encrypt SSL is one option that you can explore: it’s free, but you may need help to configure the certificate setup. It also needs to be renewed every 3 months, so a website owner or agency needs to be proactive with maintaining the certificate. For more information on Google’s initiative, check out their blog post.
Caorda can set up the Let’s Encrypt SSL Certificate for our hosted clients, but we also have premium SSL Certificates that provide a warranty if the SSL was ever to fail and information was collected. If you are interested in learning more, or have questions about Google’s initiative to secure the web, please don’t hesitate to contact us.