Red alert: All you need to know about Google’s new website security measures
July 18, 2018
Google Chrome, boasting an almost 60% market share in today’s browser market, is now cracking down on websites that haven’t migrated from the standard HTTP (Hypertext Transfer Protocol) to the more secure HTTPS (Hypertext Transfer Protocol Secure).
What action is Google taking?
Following a statement issued in February, the tech giant’s browser now marks every website that hasn’t migrated to HTTPS as “Not secure”.
The message appears on the address bar, next to the website’s URL. Secured sites display a green padlock next to the message “Secure” in green text, while non-secure websites display an “info” icon next to the URL, warning users that the site might not be secure.
In an effort to better inform users, Chrome will slowly make the message more pronounced, to discourage users from sharing confidential information, such as credit card numbers.
‘Red warnings’ in October
Come September, the browser will remove the “Secure” icon, keeping the padlock in place for a month, and as from October, any website not using an HTTPS protocol will trigger a red text warning reading: “Not Secure”. Google’s thinking behind removing the green text is that “Secure” should be the default setting of all websites, making the red text warning even more effective as it will immediately catch the user’s eye.
The standard HTTP is an application layer protocol, used to send information from the user’s browser to the website visited. The problem with this kind of technology, however, is that malware can be used to intercept the dataflow, allowing for third-party access.
As such, HTTPS uses a separate protocol called SSL (Secure Sockets Layer), encrypting the information sent, minimizing the risk of hacking as much as possible.
HTTPS has now become a standard feature for websites, especially those in retail and dealing with payments. An HTTPS website is also faster, as it is already certified as a secure so there is minimum scanning and filtering involved.
Still reeling from the Cambridge Analytica scandal and the aftermath of the GDPR enforced requirements, users are now far more concerned with personal data protection and are expected to steer away from websites clearly marked as non-secure. And with Google now actively branding unsecured websites, HTTPS is expected to become the standard tool for website development.
Always ahead of the game, Action Digital has already migrated the bulk of its clients’ websites to HTTPS, adhering to Chrome’s security requirements.
If you need help migrating your website to be HTTPS ready, do not hesitate to contact us.