In July of this year, Google will take another step forward in their crusade to secure the internet. They will introduce a new feature on the 68th version of their Chrome browser. Its purpose? To warn users whenever they visit an HTTP website. A large “not secure” icon within the browser’s navigation bar will display. Google hopes to steer their users away from websites that don’t use a proper Transport Layer Security (TLS). This could create many challenges for web owners and designers. Traffic and revenue losses, as well as drops in organic search rankings, could all be consequences.
Google’s Quest For Security
Previously, Google only had non-secure warnings on pages that featured password input elements and credit card fields. This standard has now been dramatically modified with Google’s new warning system. By July, Google will require ALL websites to have their entire domain set up as HTTPS.
This comes after several years of successful browser updates. Google was able to vastly increase the percentage of secure websites. In the last year alone, the number of protected websites on Chrome’s browser grew from 67% to 75%. Even more, 71 of the top 100 sites on the internet now use HTTPS by default. This is an increase from 37% one year ago. Google has surpassed all other browsers as the most used browsing platform. This means that Google’s policy update will have major implications on your site’s web performance.
HTTPS sites guarantee a secure platform
What makes HTTPS different?
Before stressing over the potential impact of this update, it’s important to recognize the countless benefits of establishing a secure connection via TLS. If your website is HTTP, as opposed to HTTPS, it means there is no active TLS. A TLS Certificate is a data file that binds a cryptographic key to all of a website’s details. In other words, this certificate creates an encrypted connection between a web server and your browser. This means that the connection between both points is unsusceptible of being hijacked or intercepted.
When you load an HTTP website, someone else on the network can look at or modify the site before it gets to you. This can create a world of problems for both website owners and users alike. In a recent post on Google’s developer blog, Kayce Basques explains the potential damage that can occur on an unprotected website:
“Intruders exploit unprotected communications to trick your users into giving up sensitive information or installing malware, or to insert their own advertisements into your resources. For example, some third parties inject advertisements into websites that potentially break user experiences and create security vulnerabilities.”
In addition, if you submit sensitive information via a form or credit card field on an unprotected site, it can be intercepted before reaching the web server. This creates a number of threats, including identity theft, fraud, and invasion of privacy.
What are the implications of Google’s update?
Google is increasingly using security as an algorithmic ranking factor within their Search Engine Results Page (SERP). In 2014, Google publicly announced that websites would receive a boost in rankings if they switch from HTTP to HTTPS. And in-line with that policy, sites that remained HTTP would be at risk of losing rankings. This is a serious threat to the acquisition of organic traffic on HTTP websites.
There is also an added risk of dropping conversion rates and losing customers. Studies show that 85% of web users would choose not to make purchases from a website if it was labeled as “non-secure”.
If you’re concerned about the potential impact of this upcoming Chrome update, or the security of your site, contact the experts at Atlantic BT.