On July 2018, Google Chrome will mark all websites without a TLS or SSL certificate as “not secure.” Non-HTTPS websites will show a “not secure” notice on the websites address bar. For years, Google has been pushing for websites to adopt an encrypted communication protocol.
If you visit a non-HTTPS website today, you will see an info icon just before the website’s address or URL. Clicking on that icon will show this message:
Your connection to this site is not secure. You should not enter any sensitive information on this site (for example, passwords or credit cards), because it could be stolen by attackers.
Starting with Chrome 68, however, the address bar will show a message that says “Not secure” next to the info icon. This is how it would look like:
Google wants to make the Internet safer for everyone, and it’s a good thing. Most people are not aware of the differences between a secured (HTTPS) and an unsecured (HTTP) website. They don’t realize the dangers of submitting passwords and financial information such as credit card details on unsecured or non-secure websites.
With this upcoming change, more Internet users will be aware of the risks of using non-secure websites. A simple, easy-to-understand warning like this one will hopefully educate Internet users to stay away from non-secure websites, or at the least, avoid giving personal information to these sites.
Previously, only websites that handle credit card and other financial information (such as banks and e-commerce sites) are required to install a TLS or SSL certificate. Google is now pushing for every website to implement this security protocol.
What is HTTPS and Why You Need It
HTTPS stands for HyperText Transfer Protocol (HTTP) and Secure Sockets Layer (SSL). It is a TCP/IP protocol used by web servers to securely transfer and display data over the Internet. Traditionally used for websites that handle sensitive information such as online transactions and online banking data, HTTPS is now being used on a wide variety of websites even if no sensitive data is involved, mainly for authentication purposes.
On the other hand, HTTP is less secure because it transmits or transfers data as unencrypted plaintext, making the data visible to hackers spying on network traffic. An HTTP website is also vulnerable to hacking and other malicious attacks.
How to Make Your Website Secure
To prevent your non-HTTPS website from being tagged as not secure, please install an SSL certificate. SSL certificates are available for cheap on most domain registrars and web hosting companies. Tech Pilipinas is secured by a PositiveSSL certificate from Namecheap for $9 per year (I bought it for less than $1 using a promotion).
If you can’t afford the additional cost yet, you can get a free SSL certificate from ZeroSSL.
In a future article, I will lay out the step-by-step process in getting and installing an SSL certificate on your website.