If you’re using Google Chrome as your internet browser, you may have noticed a slight change in the past 2 months. Some websites are now labelled “Secure” and some are labelled “Not Secure”. Why is this? Are some websites more secure than others?
Earlier this year Google announced they would make a push to make the web more secure by strongly encouraging websites to adopt HTTPS encryption. With their version 68 release in July 2018, Google Chrome began labelling websites without SSL Certificates as “Not Secure”.
In contrast, websites with SSL Certificates installed are labelled “Secure” and have a Green lock icon. Websites with SSL Certificates start with “https” instead of “http”.
Are websites without SSL Certificates really not secure?
To a degree, yes. The security of these websites has not changed. The only thing that has changed is how Google is labelling them. At the same time, SSL Certificates do add a layer of security to websites.
What are SSL Certificates and how do they work?
SSL (Secure Sockets Layer) is a security technology that allows the connection between the server (where your website is hosted) and a user’s browser (your customer) to be encrypted. When a site has a valid certificate in place, that web address will begin with HTTPS instead of HTTP, showing that it is now secure.
SSL certificates are important for two reasons: 1) trust, and 2) encryption. A valid certificate confirms that your site is who it says it is. And encryption means that information passed back and forth is protected from prying eyes or hackers.
A SSL certificate is a digital document with two parts: 1) your website information and 2) a signature from a trusted certificate-issuing authority. The first part tells the browser that your website is who you say it is. It includes information such as the name of the holder, serial number, expiration date, and a copy of the certificate holder’s public key. The second part confirms that your certificate is valid. Kind of like how your passport shows your identity and the witness signs your application to confirm your legitimacy.
SSL certificates do come with expiry dates for security reasons. So it is important to keep your certificate up to date.
Do all browsers use the “Not Secure” label?
No. At this time it is only Google Chrome that has made the change. An estimated 43-62% of all internet traffic go through Google Chrome (14-22% use Safari, 4-6% use Firefox, and 3-7% use Internet Explorer/Edge).
Do I really need a SSL Certificate?
Yes and no. Your website will still work without a SSL Certificate. But as more and more websites install SSL Certificates, people may start being wary of the “Not Secure” label. The “Not Secure” label makes websites look not professional.
As the internet evolves, our team stays up to date and informs our clients how the adjustments we recommend to keep their business growing in meaningful ways. Over the last few months we’ve explained this change to all our clients and recommended that they install SSL Certificates to their websites. 90% of our clients have gone ahead to make this change so far. If you need help installing a SSL Certificate, let us know.