Keeping the Internet safe is one of the long-term goals that Google is working on for its users. So much so that in September 2016, they announced that they would label HTTP websites (those without SSL certificates) as ‘non-secure’– especially for web pages that collect credit card information and passwords. Since January 2017, they have started labeling some HTTP websites as non-secure. This is in conjunction with the release of Chrome Browser version 56.
For the past few years, Google has been pushing for website owners to switch their sites to HTTPS. Secure Socket Layer or SSL helps to encrypt data as it travels from the user’s web browser to the web page’s server. This move ensures that users can browse and enter their private information without it being compromised by cyber hackers. We wrote another article that explains more on HTTPs and SSL in great detail: Why You Need to Convert to an HTTPs Website Today
Chrome Browser’s ‘Not Secure’ Warning
When a website has a ‘Not Secure’ label on the URL address bar, it means that data transmits through an unencrypted network. HTTPS is the secure counterpart of HTTP (HyperText Transfer Protocol). It allows for a more secure protection against people with malicious intent to eavesdrop or modify the data.
Starting October 2017, Google will step up its web security campaign even further by having the Chrome browsers show the ‘Not Secure’ label when users enter any type of data on an HTTP web page, even in Incognito mode. This includes any text entered into the search box.
This extended warning will put pressure on website owners to implement the much-needed SSL /TLS certificates. The security warnings influence the perception of the visitor on the site; visitors may leave your site if they feel that their information transmitted to the site could be intercepted by a third-party operator.
Google’s Plan to Distrust Symantec Certificates
Google disclosed its plan to distrust all Symantec certificates issued before June 2016. This is alongside the release of Chrome 66 on March 15, 2018, and Chrome beta users on April 2018. In September 2017, the Google Chrome team announced their decision to distrust Symantec SSL certificates to ensure that user’s security and privacy when browsing on the Internet are consistently maintained.
It was revealed that Symantec Corporation has issued authentication certificates to suspicious websites based on public reports shared by a Google group – mozilla.dev.security.policy. Symantec’s PKI (Public Key Infrastructure) business runs a series of Certificate Authorities under different brand names which include VeriSign, Thawte, GeoTrust, Equifax, and RapidSSL. These CAs issues a huge number of certificates which do not adhere to the CA/Browser Forum Baseline Requirements.
After several investigations, Google found out that Symantec entrusted various organizations with the power to issue certificates without the need for supervision and has been aware of the security lapses for some time now. This and other series of security blunders done over the years by Symantec were the reasons why the Chrome team decided to distrust Symantec’s infrastructure.
On October 31, 2017, DigiCert announced that they have acquired Symantec’s Website Security and PKI business as Symantec will work on regaining trust from customer’s with a new infrastructure. DigiCert will manage all affected certificates for free without any interruptions to their service. From December 1, 2017, Chrome will no longer trust all certificates issued from the old Symantec infrastructure. When Chrome 70 will be released on October 23, 2018, it will completely remove its trust in Symantec’s old infrastructure and all the security certificates it has issued. The rest of the independently-operated and audited CAs trusted by Google will not be affected by this transition.
In lieu of this news, our Vodien Web Security Team will re-issue new SSL certificates to those who are affected. For non-Vodien hosting customers that purchased SSL certificates from us will need to contact our Customer Support to request a re-issue of new certificate and update it by themselves at the externally-hosted website.
Do you have an HTTP Website?
Find out if your website will be affected by this non-secure warning by asking these questions:
- Is your website still running on HTTP on the web address bar?
- Do you require users to input their information on your website? This information may include usernames, passwords, credit card numbers, contact forms and the search bar.
If your answer is “yes” to these questions, then you need to implement SSL as soon as possible. This is to ensure that the ‘Not Secure” label won’t show for your site. You need to force HTTPS on your website. Allow pages to redirect to its HTTPS versions so that users will not unintentionally browse the insecure version of your site.
Why it’s Important to Convert to HTTPS?
Web security is the very reason why HTTPS came into being. The ‘s’ in HTTPS stands for secure. It indicates that all communications between the browser and server are encrypted or protected against being hijacked by third parties.
The authentication and encryption offered by SSL prevent ‘man-in-the-middle’ attacks by blocking third parties from intercepting your website.
More than just a tool to protect a user’s access to a certain site, a non-secure warning serves as a wake-up call for website owners who still serve HTTP web pages to their users. Psychologically speaking, users tend to trust sites marked ‘secure’ more than those who aren’t.
It serves as a visual clue for users as they navigate around sites to look for them before they input any personal information.
In 2014, Google said that HTTPS will be part of their ranking signal. While we can’t deny it’s value to users, it’s still a small ranking factor. It may, however, change in the future as Google works aggressively towards keeping the web safe.
How to Avoid the ‘Not Secure’ Warning
You have to install an SSL Certificate and configure your site to run over the HTTPS protocol. It offers more than just encryption when accepting online payments and logins. Having an HTTPS website provides your visitors with a peace of mind, knowing that they can enter their information without any worries of third parties intercepting their information as it travels through several networks.
Beyond Web Security
We understand that along with the security offered by SSL certificates is the obvious concern of additional cost. However, think of it this way. The prospect of avoiding incurring penalties from Google and the benefits of encrypting your user’s access will far outweigh the cost associated with it.
By installing an SSL certificate, you are adding an extra layer of protection to your site against possible third party attacks that may damage your brand and reputation. Keep your customer’s information private and secure by installing Vodien’s Thawte-certified SSL certificates.
It offers up to 256-bits data encryption on the root level that protects all data against spoofing and phishing. To know how you can start with Vodien Web SSL certificate today, just click on the link below.