As Google Chrome steps up its fight against the unencrypted web, r//evolution’s head of development, Sam Leaver, explains what the changes will mean for website owners and how you can prepare…
Have you ever noticed that, when you click on your basket on an ecommerce website the browser address suddenly changes from HTTP to HTTPS? Have you ever really thought about what that means?
In a nutshell, HTTP (HyperText Transfer Protocol) is particularly insecure for login and transactional pages as it can allow an attacker to intercept passwords or card information as they travel across the network. HTTPS (HyperText Transfer Protocol Secure) on the other hand, ensures that the computers agree on a ‘code’ and scramble data to ensure that no one can intercept and read the information.
When Google released Chrome 56 back in January, the technology giant embarked on a long-term plan to mark all HTTP login pages as non-secure - but what does that mean for you and your business?
If you have an ecommerce website or separate area for members that requires users to log-in, an SSL Certificate is a necessity. An SSL Certificate, when installed on a web server, activates the HTTPS protocol and allows secure connections from a web server to browser.
Without the SSL Certificate, anyone who attempts to log in to your website or enter their card details using Google Chrome will receive a message to say your page is not secure - which isn’t great for customer confidence.
What would you do as a consumer if you were about to enter your password into a website - only to see a warning message to say that the site is not secure? Chances are, you would hit the back button without hesitation and find another website from which to purchase. You don’t want to drive your potential customers away into the waiting arms of your competitors!
To check whether your login is secure, navigate to a page on your website where you have to enter a password to login and check whether the URL in your browser bar starts with https:// or http:// - if it is the former, your login is secure and you should be fine.
If you your website doesn’t have an SSL certificate however, you need to obtain one as a matter of urgency - we can help with that!
On the whole, it’s great that Google are clamping down on unsecured sites, the labelling of HTTP pages which collect passwords or credit card information as non-secure is a logical step to improving the security of website logins.
If you have any questions about the security of your website or would like us to help you with our SSL certificates, don’t hesitate to get in touch.