Some BIG changes are coming to the way many users view websites on the internet.
In January of 2017, version 51 of the Firefox web browser was released, followed shortly after in February by version 56 of the Google Chrome web browser. These releases marked a significant change to the way the browsers display websites that are not encrypted using an SSL certificate, otherwise known as HTTPS.
SSL is used to encrypt data between the web browser and the server, ensuring the security of the data being transmitted. This is what causes the browser to show the ‘Lock’ icon when visiting secure websites, such as those of banks and other financial institutions.
Google and Mozilla (the makers of Firefox) are strongly encouraging website owners to switch to HTTPS, and they have already taken the first of multiple steps in that direction. Chrome and Firefox together account for approximate 60% of all web traffic.
Starting with version 56 of Google Chrome any website that is NOT running HTTPS will be shown as “Not Secure” if it asks for passwords or credit card information. This step has already been completed, and Chrome is already showing the following warning on these pages:
Starting with version 51 of Firefox any web page that asks for a password will show a broken lock icon. Clicking the icon will show a message saying “Connection is Not Secure: Logins entered on this page could be compromised”, as can be seen here:
Google Chrome has a built-in privacy mode, called Incognito Mode, that offers users some additional privacy protections. The second step in Google’s plan is to label ALL pages that are not HTTPS as “Not Secure” in Incognito Mode. This change is expected in the very near future.
Then, as the final step in this plan, both Chrome and Firefox will start to show ALL pages that are NOT HTTPS as “Not Secure” in all cases. At this stage Google and Mozilla also plan to make the warning messages more obvious to users, an example of which can be seen in the image below:
Mozilla is also taking an extra step with Firefox, and will show a warning message right on your page if it asks for login details and is not served using HTTPS. An example of this message can be seen here:
This is a significant concern for website owners as many users will interpret the “Not Secure” warning label in the address bar, and directly on the page, to mean that there is something wrong with your website, that your website may have been hacked, or that it could potentially harm their computer. It can discourage sales, sign-ups, and contact through your website, as users may feel like it is not safe to submit information through your site.
The impact on website owners
As stated above, with the latest versions of Chrome and Firefox any page on your website that has a password field, and is NOT secured with SSL, will cause the browser to show a “Not Secure” warning in the browser’s address bar. This will include your website login pages, registration forms, shopping carts, etc.
In a future version of Chrome and Firefox ALL of your pages will display a warning if not served using HTTPS, even pages that do not ask for user information or passwords.
Your site visitors, unaware of these changes to the browsers, may misunderstand the warning to mean that your website is not safe to use, has been compromised, or could somehow harm their computer.
What to do if your site is not HTTPS
If you currently do not have HTTPS running on your website we do recommend that you consider doing so. There are a number of benefits to running HTTPS on your site, including:
- Encryption of your data between your server and your users.
- Google uses HTTPS as one of the factors when determining your rank in the search results. So using HTTPS could result in a better Google ranking.
- Websites running on HTTPS often have better performance, load faster, etc., due to server optimization.
- When you use HTTPS it increases user confidence in your website. When a site is secured using HTTPS a “Secure” lock icon is shown in the browser address bar, as shown below:
How TiVaHost can help
TiVaHost offers a wide variety of SSL certificates to suit your needs. Our full selection of SSL certificates can be found on our SSL Certificates page. If you are unfamiliar with SSL certificates and would like some help deciding what type of SSL certificate you need, you can give our SSL Wizard a try, or simply open a ticket with our sales team.
All SSL certificates sold through TiVaHost include free setup for TiVaHost customers. So you don’t need to know anything about SSL, we’ll handle all the technical stuff for you!
As always, if you have any questions or comments please feel free to Contact Us, or leave a comment below.