Earlier this year we published an article explaining the benefits of enabling HTTPS by default on your website. As a reminder, HTTPS is the protocol used to encrypt website data transmissions, thereby increasing security and privacy for users. An SSL certificate associated with your domain name enables HTTPS.
One of the things we noted was that some day in the future, various browser makers would begin proactively displaying security warnings on non-SSL websites. That differs from the current norm of noting only when a site IS secure and using HTTPS.
Well, that day is almost here. This past fall Google announced that version 56 of the Chrome browser would begin actively marking HTTP-only sites that collect financial or login information as ‘not secure’. This version of Chrome is set to release in January 2017.
Here is what the URL bar may look like in Chrome 56 as compared to earlier versions for a non-HTTPS site:
According to news from earlier this month, Mozilla intends to introduce similar warnings in Firefox 52, also to be released in January 2017.
In both cases, the browser makers explain that this is a first step to warning on all non-HTTPS sites.
What’s to be done if you aren’t already using HTTPS? Thankfully, it is both simple and affordable to quickly add SSL encryption to your site. Most hosting companies provide a control panel to purchase and setup SSL certificates. And the Jake Group offer one to all clients who host with us.
Please contact us if you need help getting your SSL certificate set up!
You can read more about Google’s plans here: https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html, as well as coverage of the Mozilla announcement: https://www.thesslstore.com/blog/firefox-warn-password-fields-insecure/