Google Chrome to label non-HTTPS sites “not secure” starting in July 2018 — SSL is now a must-have

According to netmarketshare.com, as of May 2018 Google Chrome is by far the most popular web browser in the world, with a total market share of 60.98% (as a comparison, the second place is Internet Explorer at only 12.18%). That means if Google wants to shape the Internet in a certain way—hopefully for the better, all webmasters and site owners have a very good reason to take notes.

That’s exactly what they have been doing with HTTPS, the secure web browsing protocol that requires the use of  trusted SSL certificates.

HTTPS usage on the web has taken off in recent years as Chrome evolved its security indicators. For several years, Google has moved toward a more secure web by strongly advocating that sites adopt the Secure HyperText Transfer Protocol (HTTPS) encryption. Last year, Google began marking some HyperText Transfer Protocol (HTTP) pages as “not secure” to help users comprehend risks of unencrypted websites. Beginning in July 2018, with the release of Chrome version 68, the browser will mark all HTTP sites as “not secure.”

Chrome’s move was mostly brought on by increased HTTPS adoption. 81 of the top 100 sites on the web default to HTTPS, and the majority of Chrome traffic is already encrypted.

Here’s how the transition to security has progressed, so far:

  • Over 68% of Chrome traffic on both Android and Windows is now protected
  • Over 78% of Chrome traffic on both Chrome OS and Mac is now protected
  • 81 of the top 100 sites on the web use HTTPS by default

HTTPS: key benefits and differences

What’s the main difference between HTTP and HTTPS? With HTTP, information you type into a website is transmitted to the site’s server with almost zero protection along the journey. Essentially, HTTP can establish basic web connections, but not much else.

When security is a must, HTTPS sends and receives encrypted internet data. This means that it uses a mathematical algorithm to make data unreadable by unauthorized parties.

#1 HTTPS protects a website’s integrity

HTTPS encryption protects the channel between your browser and the website you’re visiting, ensuring no one can tamper with the traffic or spy on what you’re doing.

Without encryption, someone with access to your router or internet service provider (ISP) could intercept (or hack) information sent to websites or inject malware into otherwise legitimate pages.

#2 HTTPS protects the security and privacy of your users

HTTPS prevents intruders from eavesdropping on communications between websites and their visitors. One common misconception about HTTPS is that only websites that handle sensitive communications need it. In reality, every unprotected HTTP request can reveal information about the behaviors and identities of users.

#3 HTTPS is the future of the web

HTTPS has become much easier to implement thanks to reduced SSL certificate prices and several services that automate the conversion process, such as Let’s Encrypt and Google’s Lighthouse program. These tools make it easier for website owners to adopt HTTPS.

Chrome’s new notifications will help users understand that HTTP sites are less secure, and move the web toward a secure HTTPS web by default. HTTPS is easier to adopt than ever before, and it unlocks both performance improvements and powerful new features that aren’t possible with HTTP.

#4 HTTPS can actually make your website faster if implemented properly

In the old days, HTTPS had a bad reputation of slowing websites down due to the increased overhead that occurs during “SSL handshake”. This reputation is still out there today, and it’s still true to some extent if your web host uses slow servers and outdated technology (unfortunately many low-end shared hosting providers do).

However, if implemented properly with good hardware and updated server software, HTTPS overheads are no longer relevant today. In some cases HTTPS can actually improve the overall performance of your website thanks to several important technical developments in recent years. Newer web server technologies such as the “HTTP/2” protocol, with performance-enhancing features including “multiplexing” (simultaneous connection streams)  and “server push”, are only available through HTTPS. For example, FelinePC’s recently launched new website already takes advantage of these technologies.

Once “optional”, then “recommended”, now it’s time to consider HTTPS/SSL a “must-have”

Starting from July 2018, if your website still isn’t HTTPS/SSL enabled, there is a very good chance that some of your visitors will begin to notice the ugly “not secure” message. It’s time for small business owners who’re still behind at this point to take actions as soon as possible to avoid losing trust or even sales from potential site visitors and customers. FelinePC managed IT clients can receive free assistance on HTTPS/SSL implementation. If you’re not a FelinePC client, please feel free to contact us and get started today.