The Challenge: One of the largest browsers will begin marking websites as “not secure” if they don’t have SSL / HTTPS.
What We’re Doing for Clients: Any and all websites hosted and maintained by Boomajoom have SSL / HTTPS included by default.
Google Chrome enjoys an approximate 58% marketshare in the United States (source). This means that more than one in two users go online with Chrome. In addition, the underlying engine of Chrome, called Chromium, powers many other browsers with smaller marketshare including Opera. Beginning with the July 2018 update to Chrome (called Chrome 68), Google Chrome will begin displaying warning messages to users who access websites that don’t include SSL / HTTPS. The warnings look as follows:
You may be wondering a few things. Let’s go through the basics.
What is HTTP vs HTTPS?
Your browser (Google Chrome, Mozilla Firefox, Apple Safari, Microsoft Internet Explorer, etc.) all make requests to other computers connected to the internet that host websites. The protocol of this request allows any client (browser, program, other website) to make a similar request and read the response received from the website. This protocol is called “Hyper-Text Transfer Protocol” or abbreviated as “HTTP”. When your browser makes an HTTP request to a computer hosting a website, an HTTP response is sent giving you the website page you’re requesting – or an error message if something goes wrong. This occurs in “plain text” which means that my browser might say “give me example.com” and the responding computer says, “here is example.com”.
HTTPS is an added layer of security. Instead of “give me example.com”, your browser sends a scrambled code to the other computer that has the key to unscramble the code. Then it sends a scrambled code back to the user and the browser unscrambles everything to show you the web page you wanted to see. This is a very simplified way to explain it.
Why is SSL?
SSL is just an acronym standing for “Secure Socket Layer”. It’s the line of communication between the client (browser, program, other website) and the website the client is requesting information from. When SSL exists, HTTPS communication can happen.
Why Do I Want HTTPS / SSL?
First because browsers are beginning to flag websites as “not secure” that use standard HTTP. We’ve met with clients who have customers who refuse to fill out forms on websites because they don’t support HTTP / SSL. If a hacker attacks the user or the computer hosting the website, they can intercept all the plain-text information sent between the two. Encrypting the information in code makes that harder.
Second, some professions almost always require it by law. For example, banks and online stores handle sensitive financial information. If they didn’t have HTTPS / SSL, they risk exposing bank logins and credit card numbers to attackers. As another example, attorneys and medical professionals handle sensitive information belonging to the people they meet with. Not protecting that information can mean their customers could be blackmailed or prosecuted wrongfully, and could mean fines and punishment for the professional that didn’t protect that information.
In summary, HTTPS / SSL is the future of much of the web. Not all websites require it, particularly if the website doesn’t have any forms to fill out or otherwise collect sensitive information. But most business owners should consider insisting on a secure website. HTTPS / SSL is becoming easier than ever to set up thanks to the work of outstanding non-profits like the Electronic Frontier Foundation.