Google Chrome will mark all non-HTTPS websites as “Not secure”.
Originally published on https://subsign.co/stories/non-https-websites-not-secure/.
How will this affect your browsing experience?
Short answer; it won’t. You’ll still be able to browse non-HTTPS websites as earlier. The idea behind the initiative is to let users know that their personal information is at a higher risk of getting into the wrong hands while browsing non-HTTPS sites.
“For the past several years, we’ve moved toward a more secure web by strongly advocating for HTTPS encryption, and helped users to understand that HTTP sites are not secure. Developers transitioning their sites to HTTPS have made the web safer for everyone.” — Google said in a blog post.
Will this affect websites that do not employ HTTPS?
Yes, websites that do not use HTTPS might witness a potential dip in traffic, as a yellow triangle with “not secure” plastered next to it has the potential to scare away some of the more paranoid users. But, it is a good thing in the long run as it will incentivize more developers to use HTTPS on their websites.
Honestly, there’s no reason developers shouldn’t adopt it. It’s cheaper and easier than ever before. Undertakings such as Let’s Encrypt and Google’s SSL for Google App Engine makes it a lot easier for HTTPS to be implemented. There are also tools like Lighthouse, which identifies website resources that are ready to be upgraded to HTTPS.
What Should I Be Doing to Secure My Pages?
If you believe as I do that HTTPS is going to be the new standard, then I bet you’re thinking about what you actually need to do to ensure your corporate web pages and landing pages are secured. The three steps below are meant to get you started on the right path.
STEP 1: Check if your Corporate Domain is Secure
While the title of this step sounds like you need to have mad technical skills — you really don’t. All you need to do is to type your corporate website URL into any browser. For me, it’s opening up Chrome and typing, www.subsign.co . You’re looking to see if the address bar says HTTP: or HTTPS: and/or if using Chrome, you’re looking for the green lock and word “secure” when your page loads. If you see HTTPS, your corporate site is secure. It’s that easy.
If your corporate site is not secured, you may want to do a quick audit of your pages. You’ll want to note the address of any page that has a form or collects information. With the recent update to Chrome 62, it’s those HTTP pages that collect data that will display the “not secure” warning in the address bar. This list will also give you a starting point for the discussion you’ll need to have with your IT and web teams in the next step.
STEP 2: Meet with an experienced Web Team
It’s now time to enlist your experts. Schedule a time to meet with whoever is responsible for your corporate website or others you trust and have a proven track record. You’ll want to be sure they know of the changes to Chrome browser, and you’ll want to know of any plans that may already be in place to secure your corporate pages.
Google also shared the following statistics regarding web traffic.
- Over 68 percent of Chrome traffic on both Android and Windows is now protected;
- Over 78 percent of Chrome traffic on both Chrome OS and Mac is now protected;
- 81 of the top 100 sites on the web use HTTPS by default.
That being said, even HTTPS isn’t one hundred percent waterproof, however, it is a step in the right direction to ensure a more secure browsing experience for everyone.
Feel free to get in touch with us at email@example.com if any questions appear or even if you need help with securing your website.