Posted on 07/25/2018 at 09:41 AM
With security becoming a growing concern for users, many browsers are making moves to up their game. According to Google’s Security Blog, starting sometime in July, those visiting a website via the Google Chrome browser will see a message displaying the words “not secure” if the website is not secured with an SSL certificate.
This update does not come as a surprise, as Google has made many moves in the last few years to push webmasters to secure their websites, even attempting to instill motivation by promising a small rankings boost to websites secured with an SSL Certificate.
Currently, Chrome indicates that a website is secure using a green padlock symbol and a ‘Secure’ label right within the browser address bar. This practice began in 2017, when the Chrome browser began designating any transactional websites without an SSL as ‘Not Secure’.
However, the next move by Chrome will involve labeling ALL websites not offering HTTPS with a ‘Not Secure” designation, regardless of whether there is sensitive information being collected or not.
These changes are expected to rollout with the new Chrome version 68 interface, which has been specifically designed to instill into users that HTTP (non-secured) websites are a security risk.
Additionally, in a recent announcement from Google it was stated that by September, Google will even begin stripping the “Secure” indicator from websites using HTTPS, meaning both the “Secure” text and green padlock icon will no longer display on Chrome’s browser version 69.
So why would Google do something like this? At a high level, these moves seem almost conflicting: first they are differentiating between HTTP vs. HTTPS via a ‘Not Secure’ or ‘Secure’ label. Now they are ignoring secure websites and only calling out non-secure websites. What is the strategy here?
Google’s reasoning sheds a bit more light on the decision. It is Google’s belief that this move will help enforce security as a standard – as something to be expected, rather than an award designation. The lack of labeling, they hope, will establish a sense of normalcy, while calling out websites as ‘Not Secure’ will serve as a clear warning or an alert siren that should be taken more seriously.
As you can see, there are a lot of changes on the horizon with aims of prompting a higher user focus on security. If you’ve been debating whether or not it’s worth the time, hassle, or money to move forward with an SSL certificate for your website, we hope that this article will make the decision a little easier. After all, it won’t be long before everything on the web is encrypted, and if there’s one area that you don’t want to fall behind in, it should be that of security.
If you’re ready to explore your options when it comes to purchasing an SSL certificate for your website, it is important to keep in mind that not all SSL issuing authorities provide the same level of security.
Read more on that in our previous entries:
• Google Chrome Displaying Distrust toward Symantec Issued SSL Certificates
• An Explanation of SSL Certificates: From the Simple to the Complex
Ready to enable an SSL certificate on your website?