Earlier in the year, Google began a process to encourage the use of HTTPS rather than the traditional HTTP protocol for web pages. Beginning in October of this year, Google will continue this process by adding the warning message, “Not Secure” for two additional circumstances. Those circumstances include whenever a user enters information into an HTTP page, and when users visit a page by way of Google Chrome’s Incognito (privacy) mode. In this post, we will discuss the differences between HTTP and HTTPS and why Google Chrome is making the move toward using HTTPS under all circumstances.
HTTP vs. HTTPS
Traditionally, the HTTP protocol was the standard protocol used for web pages that did not require any input from users, such as their user name, password, credit card name and the like. HTTPS is a secure protocol that protects personally identifiable information (PII) provided by users. Many organisations used a blend of these protocols, using HTTP for pages not requiring input and using HTTPS for pages that gathered user information. Using HTTPS encrypts all data, thus ensuring a safe route for users to provide sensitive data to a website.
Increasing Protection for Users
Some may ask why Google wants to discourage the use of HTTP within their Chrome browser. Since changing their policy on pages using HTTP, Google has seen a 23% reduction in users providing sensitive information such as a password or a credit card number on a page only using the HTTP protocol. This is good news for users because it means their PII is safer from hackers and identity thieves. In addition, by warning people who use Chrome’s Incognito feature, users will actually get more of the privacy protection they expect, since that is why individuals opt to use the Incognito mode anyway.
So what does this mean for website owners? Fortunately, a SSL certificate required for HTTPS pages is less expensive and easier to obtain than ever.
Contact us to learn more about how to prepare your website for the transition to HTTPS.