Google Chrome to label some sites “not secure” from January 2017

19
Dec

As of April 2016, Google Chrome was used as the browser of choice by 57% of web queries, followed by Safari (13.4%), Firefox (9.7%) then Microsoft Internet Explorer (9.6%).
The figures speak for themselves, Google’s Chrome is the most widely used Browser by a country mile!

So with potentially more than half of the visitors to your site using it, if they were to see your site market as “not secure”, it’s inevitable this will potentially ring alarm bells and act as a deterrent.

So what is exactly about to happen?
Google has announced the browser will begin explicitly labelling HTTP connections that feature either a password or credit card form as non-secure. The company said the plan is its first step toward marking all HTTP sites as non-secure, though it didn’t provide a timetable for the undertaking.

What do they mean by “secure”?
Typically a website will run using a protocol called HTTP which is the default for any site unless specifically encrypted using something called an SSL Certificate to allow the site to run encrypted. The protocol for this is called HTTPS.

When the connection is encrypted, only the server and the your browser are able to unlock the encryption and in effect get access to the content.

Where a connection isn’t encrypted, it’s possible for attackers to “listen in on” the traffic between browser and server, and potentially either steal information or altering the web server output before it reaches the user’s browser.

So why now?
With Cybercrime on the increase, Google has been taking steps to encourage website owners to migrate their websites to HTTPS in order to improve the user experience and moreover provide a more secure experience.

Is HTTPS a new thing?
Not at all, it’s been around since the beginning of the World Wide Web, however because of the added cost and complexity, traditional only online shops and sites handling sensitive data or with a specific need for security, have used them.

Is it easy to migrate a site to use HTTPS?
There are a lot of factors that can get in the way. Some website hosts make it easier than others, add to this some website platforms are easier than others.

A further consideration is that when a site is migrated to HTTPS, this can often result in numerous broken links that can play havoc with search engine listings.

With WordPress for example, migration is usually simple on smaller sites, however off-the-shelf themes aren’t always 100% compatible with running under HTTPS.

Chrome currently indicates HTTP connections with a neutral indicator. This doesn’t reflect the true lack of security for HTTP connections.

What next?

To get your website and hosting assessed and migrated, get in touch and we’ll be happy to assess and advise you.

Further reading:

https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html
https://threatpost.com/chrome-to-label-some-http-sites-not-secure-in-2017/120452/

Archive