The 'Not Secure' Warning in Google Chrome and How to Avoid it
Published: 6 Feb, 2017
HTTPS makes the Web safe for all
Google's preference for HTTPS (emphasis on the 'S', which stands for 'secure') first came to light when it called for it to be "everywhere" during the I/O conference in 2014.
Now, with the recently released Version 56 of the Google Chrome web browser, website owners should pay special attention to the significant change in the way Chrome displays websites that are not loading over HTTPS (utilising SSL, or a Secure Sockets Layer).
SSL is a layer of protection that can be added to a website to enable secure connections and protect the personal data transferred between your visitor's computer and your website. Without HTTPS, such confidential information can be intercepted and interpreted.
What's more, Google plans to further shame unencrypted websites by changing the HTTP security indicator in future versions of Chrome to the red triangle.
Why should I move to HTTPS?
The primary benefit of HTTPS is the security it adds to your website. More specifically, it is crucial where users are providing sensitive information such as credit card details.
- HTTPS encrypts all communication, which protects any stored personal information.
- HTTPS also ensures that a third party cannot hijack the connection and insert malware or censor information.
Emily Schechter of the Google Chrome Security Team explained that "when you load a website over HTTP, someone else on the network can look at or modify the site before it gets to you."
The added authentication offered by SSL counteracts these 'man-in-the-middle' attacks by preventing third parties from tampering with your website.
Credibility and user confidence
Google Chrome has already begun 'shaming' unencrypted websites for serving an unsecured HTTP version to its users.
Since January 31st 2017, any page requesting password or credit card details has been labelled "Not secure" next to the address bar if it does not have a valid SSL certificate.
While the meaning of having a SSL certificate remains unchanged, psychologically, it makes a difference to users.
Having the word "Secure" next to a URL can only benefit those who have it and harm those who do not and are instead labelled "Not secure".
With these changes, there is no doubt that more and more people will learn to rely on these visual cues as they navigate around the web.
Back in 2014, Google announced that it was going to adopt HTTPS/SSL as a ranking signal.
Although it was, and still is a small ranking factor, Google has clearly signified its plans to make it a stronger ranking factor in the future.
Given the importance Google attributes to security and 'keeping everyone safe on the web', this change seems more likely than not.
A somewhat smaller incentive not to be forgotten is the added benefit to analytics, this being the ability to track users who have come from secure HTTPS websites.
For example, if you post a link to your website on your social media page - absent a SSL certificate, the referral data from a secure HTTPS website to a non-secure HTTP website would be lost.
Consequently, you would not be able to track the source of users and it will instead show up as 'Direct traffic'.
How to avoid the 'Not Secure' warning in Chrome
Install a SSL Certificate.
Aside from the obvious importance of SSL Certificates for pages accepting payments or personal information, SSL is also essential for login pages as it prevents third parties from intercepting passwords as they travel across the network.
If your website is neither an eCommerce website, nor one that requests sensitive customer data, the smartest move would still be to cover all your domains and pages with an SSL certificate.
This will not only increase the trustworthiness of your website but will safeguard you against any further changes Google imposes to emphasise the danger of unencrypted websites.
Follow the browser leader
Website owners should bear in mind that Google Chrome has currently secured ~51% (as at December 2016) of the total market share for browsers.
Its closest competitors Microsoft Internet Explorer (19.71%) and Firefox (11.77%) each have no more than a third of Google's market share.
The most obvious downside to obtaining an SSL certificate is the added cost. Logically speaking however, the avoided penalties coupled with the added benefits of encryption, maintaining data integrity and authenticating the identity of your website arguably render the added cost negligible.
Images courtesy: https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html