Does every website now need a secure certificate?
You may have noticed a subtle change in the address bar of Google Chrome recently. Many websites will now have an info icon like this next to the url:
If you click on the information icon you will see the following message:
Your connection to the site is not secure.
You should not enter any sensitive information on this site (for example, passwords or credit cards), because it could be stolen by attackers.
In addition to the address bar, form fields for passwords or credit card fields will also be modified.
What's going on?
In September 2016 a blog post called "Moving towards a more secure future", by Emily Schechter from Chrome's Security Team, discussed the changes in more detail. Essentially, until now, Chrome has indicated that a site is secure with an icon in the browser. But since Google announced that more than half of web pages served by Chrome for the desktop are now secure, they believe it makes sense to assist the end user to point out the reverse, i.e. when a page is not secure.
Eventually, Google plans to replace the info symbol with a red triangle saying "Not secure".
What do I need to do?
When you add a secure certificate to your website the address bar will look like this:
My site doesn't ask for passwords or credit cards. Do I still need it?
Our advice is that every site now needs a secure certificate. When the symbol changes to a red triangle the end user is not always going to understand that technically, it is ok because your website doesn't ask for passwords or credit cards.
We believe the red triangle is going to be seen by most people as a marker that there is something wrong and ultimately not secure with your site, which could have users hastily reaching for the "Back" button.
It's not all bad!
As security and trust on the web becomes a more prominent issue, search engines have begun to make it a ranking factor, so you may see an uplift in traffic as a result of doing this.
We will be contacting all of our customers. For some, their sites are already fully secure so no action will need to be taken. For others, they may be only partially secure so we will be looking to move them to a fully secure site whilst some customers may need to purchase a new secure certificate.
Not a Kontrolit customer and unsure about what to do? Please get in touch with any questions you may have.