Google To Make Internet Safer in the New Year

Google has recently announced that it’s going to make the Internet safer by issuing alerts on websites not enabled with HTTPS. Starting January 2017, Chrome browser users will be alerted when accessing websites that don’t use an encrypted connection.

This move marks the beginning of a long-term plan to mark all HTTP sites as non-secure. A ‘not secure’ warning will appear on any website that uses unencrypted HTTP connections. The new requirement will require HTTPS for any websites that require a user name and a password or a credit card. Websites that are not HTTPS enabled will display a red lock.

Google HTTPS

Source: Google Security Blog

What’s the difference between HTTP and HTTPS? HTTPS stands for HyperText Transport Protocol Secure. HTTPS uses a secure socket layer (SSL) for security. This establishes an encrypted connection between a web server and a browser. It also authenticates the server you are connecting to and protects transmitted data from unintended recipients and hackers, including, username/password logins, credit card/payment details, contact capture data, etc.

In the statement Google explains, “Studies show that users do not perceive the lack of a ‘secure’ icon as a warning, but also that users become blind to warnings that occur too frequently. Our plan to label HTTP sites more clearly and accurately as non-secure will take place in gradual steps, based on increasingly stringent criteria.”

The alert will automatically begin displaying at the top left of the Chrome’s address bar. Secure sites will display the green padlock symbol which guarantees visitors they are accessing the intended website and that they will be protected against hackers.

Users will not be blocked from accessing unsecure sites in January, however they will be warned. SSL will help prevent an unauthorized party from monitoring information between two users, which will protect the user’s privacy. SSL is also required for Accelerated Mobile Pages (AMP). See our AMP article for more information.

“We recently hit a milestone with more than half of Chrome desktop page loads now served over HTTPS. In addition, since the time we released our HTTPS report in February, 12 more of the top 100 websites have changed their serving default from HTTP to HTTPS,” according to Google.

“In following releases, we will continue to extend HTTP warnings, for example, by labeling HTTP pages as ‘not secure’ in Incognito mode, where users may have higher expectations of privacy. Eventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS.”

Source: Google Security Blog

Switching over from HTTP won’t affect sites’ search rankings. Google will start indexing mobile, however in order for a mobile site to be indexable, Google is recommending migrating to HTTPS.

“It’s not just good for security, Google has also implemented HTTPS into their SEO algorithm so having SSL is also good for SEO,” said Joshua Alexander, Sprout’s Director of Website Development.

“If you think your site is safe from hacks feel free to watch this link for a few minutes http://map.norsecorp.com. There are over 30,000 hacked sites a day. Yahoo’s recent troubles involved over 500 million emails hacked. There are over 10,000 viruses being created everyday. Add that with the new Internet of things, including your coffee maker, fridge, and oven that can be the weakest security point in your network. Make sure you are taking steps to get your site protected today,” concluded Alexander.

If your website does not meet HTTPS requirements, please contact info@sproutcommunications.ca for assistance.

For more information about Google’s HTTPS plan please see Google’s Security Blog.