With the release of Chrome 56 on January 2017, Google is set to label all HTTP domains as non-secure. The entire web industry is shifting to a higher level of protection with HTTPS.
HTTPS or Hypertext Transfer Protocol Secure is a communication protocol that enables safe internet browsing. It protects confidential information, such as passwords and credit card numbers, which users input on a website. More importantly, HTTPS protects any other forms of data transferred between a server (computer) and browser (internet).
For this, Google has called out for encryption of data through HTTPS everywhere in the web. They’ve always been in the move for security, and has invested a lot to ensure safe web browsing and development for everyone. Firefox and other browsers also support the movement.
Websites aren’t necessarily required to follow the call and change to HTTPS. But, it is highly advised that they do so for everyone to receive a fair share of improved security.
As of June 2016, 45% of the entire web have already been encrypted with HTTPS.
Users are encouraged to be aware of their browsing security. However, most can be negligent with such concerns.
To help users determine whether the website is secure, a security indicator (in the form of a small letter i enclosed in a circle) can be seen in the address bar. It serves to tell users that their connection is not private or that it isn’t secure.
Eventually, the indicator will be changed to a red triangle that is similarly used for broken HTTPS. Google emphasizes it to be a long-term change, and is set to warning everyone about it.
WHAT ABOUT SECURITY?
HTTPS can be applied in a lot of situations where confidential data is concerned. It includes ecommerce stores as well as membership sites. WordPress and other platforms are set to implementing it as well.
Imagine logging into your favorite social media site. You put in your username and password in the fields indicated. If that website runs on HTTP, your password and other confidential information can be easily obtained through phishing and other malicious attacks.
Malware and third-party interceptions can also steal your valued data in a number of ways. Even before you get to access your account, an attacker can modify any available info beforehand. Know more about hacking here.
- Authentication – To whom are you talking? Who are you negotiating with? It ensures the user that he is not dealing with a fake identity, and builds trust between parties.
- Data Integrity – Who can change or edit the data you input? Whether done on purpose or not, data is not to be altered during any transaction or transfer. Users should know when a change is being imposed.
- Encryption – Who can see your data? Security serves to ensure that any data provided is kept confidential. No third party should be able to trace or steal it.
WHAT ARE THE BENEFITS OF HTTPS?
A number of concerns have come up regarding HTTPS. Website owners and developers particularly worry about the costs and the quality of service they think it entails.
It is good to note, however, that this huge transition is not just a Google trend. It affects the entire web industry. This presents the possibility of all websites having to transfer to HTTPS since a lot of websites are slowly adopting the change.
With such an advancement in security, who would want to lag behind competition?
1. A POSITIVE BOOST
In an effort to create a more secure environment, Google gives HTTPS websites a small ranking boost which they plan to increase in the long run.
To boost a website’s ranking, Google indexes the site’s SSL/TLS certificate. It is said that they keep 3 data points when accessing the certificates:
- day that Google’s crawlers first saw the certificate
- most recent day
- number of days the certificate was seen in between
HTTP serves as a method of exchange between a computer and the internet. With it, anyone can just send and receive data. This, however, does not provide data security.
With HTTPS, protection is provided through the SSL certificate which encrypts the data exchanged online. The certificate has the computer owner’s public key, which gives data access exclusively to those with whom the key is shared.
To get the boost, hence, websites simply have to acquire an SSL certificate for them to be redirected to HTTPS.
2. FREE SSL CERTIFICATE
Thanks to successful projects like Let’s Encrypt, anyone can now have a free certificate to enable HTTPS. Since its public release in 2015, there are now more than 17 million fully-qualified active domains that use encryption for security.
SSL certificates serve to guarantee the identity of a website. It ensures the data recipient that what he sees is real and not just some imitation of the actual website.
To determine whether the website is secure, simply look for the green lock in the address bar. You can also check the site’s security status through Google’s transparency report.
3. OPTIMIZED PERFORMANCE
Many worry that SSL would slow down the performance of their websites. Google, however, debunks it as a myth.
Google argues that “everything else can be optimized” if only a lot of sites would use SSL. Good news is improvements have been made to reduce the latency costs.
“We found that enabling and prioritizing ECDHE cipher suites actually caused negligible increase in CPU usage. HTTP keepalives and session resumption mean that most requests do not require a full handshake, so handshake operations do not dominate our CPU usage.” -Jacob Hoffman-Andrews, Twitter
WHAT ABOUT SEO?
When a website shifts to HTTPS, the search engine can get confused with its two versions. For this, Google offers the following tips to properly get started in moving a website:
- Decide the kind of certificate you need: single, multi-domain, or wildcard certificate
- Use 2048-bit key certificates
- Use relative URLs for resources that reside on the same secure domain
- Use protocol relative URLs for all other domains
- Check out our Site move article for more guidelines on how to change your website’s address
- Don’t block your HTTPS site from crawling using robots.txt
- Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag.
Learn how to enable HTTPS on your servers here.
Security is a highly important aspect to consider when browsing online. When it fails, businesses and other online websites that require confidential information may fall prey to various malicious attacks. Security failure can be harmful to both sender and receiver of data.
Google’s move towards enhancing security throughout the web provides promising advancements. However, moving to HTTPS still does not obliterate any other possibilities of malicious attacks.
Questions, such as “Are SSL certificates and the shift to HTTPS available only to good guys?” and “Are all data protected in HTTPS trustworthy?”, may require pertinent answers to relieve concerns.
Nonetheless, this is a good start towards a better and more secure tomorrow. Cheers!