If you have yet to move your website over to HTTPS, Google has a rather unpleasant surprise for you, starting this month.
As of October 2017, Google’s Chrome browser will show a ‘Not secure’ warning when users enter text on a HTTP page, or when they view any non-HTTPS page in Incognito mode. The warning will appear to the left of Chrome’s address bar.
Up until now, the warning only appeared on non-HTTPS website pages that accepted sensitive information, such as passwords or payment details.
We have known for some time that Google wants to push for a more secure web, and this warning is their latest way of reminding webmasters to embrace HTTPS early on.
What is the difference between HTTP and HTTPS?
HTTPS, or Hypertext Transfer Protocol (the ‘S’ stands for secure), is the encryption that keeps your data safe every time you enter them on a website. On a standard HTTP site, that data can be intercepted and even altered by anyone between you and the site’s server. When you visit a HTTP website, the server responds to requests from your browser and hands over unencrypted data. When you visit an HTTPS site, however, your browser and the server perform an exchange of keys. These keys allow the server and browser to send messages only the other can decrypt, locking out potential eavesdroppers.
HTTPS protects more than confidentiality; it also offers authentication and integrity. For a site to register as HTTPS-encrypted (you can spot this by looking for a green padlock in your browser’s address bar!), it must authenticate itself to prove the site is what it says it is, rather than a clone or imitation. If you can’t see a green padlock in your browser’s address bar, then you’ll likely see a grey ‘Not secure’ warning that eventually turns red.
So what does this mean for me?
It means that if you have yet to move over to HTTPS, and you rely on forms on your site for sign-ups, downloads or payments then your users will soon see the imposing warning. Those browsing in Incognito mode will be informed that your entire site is insecure, which could lead to further drop-offs, so this is something you are going to want to fix, and quickly. If you still need persuading, here are our top 5 reasons for moving to HTTPS.
Yet to move over to HTTPS and unsure how to do so? Get in touch with us, and we will steer you in the right direction.