Your Connection Is Not Secure: *Spoiler Alert* HTTP Is Dying
While browsing the web over the last few months, you may have noticed an increase in the latest web trend: tiny little broken locks. These little icons often accompany additional warnings such as "this connection is not secure", "logins entered here could be compromised" or "you should not enter sensitive information on this site." What exactly do these messages mean and what can you do as a website owner to avoid these types of messages that scare off users?
Why Is HTTP Dying?
With the release of the latest versions of Chrome and Firefox, webpages that do not run over the HTTPS protocol and contain forms/input fields started showing security warnings. Does that mean the website you're visiting was hacked or somehow less secure than it used to be? No. You may ask, "Then why are they making such a big deal of this and making me uneasy about entering my data on the Interwebs"? It's because the internet community is slowly killing HTTP...and that's a good thing.
HTTPs and SSLs to the Rescue
In order for a website to run over HTTPS, it needs to have a Secure Socket Layer (SSL) certificate installed. This certificate helps secure the connection between the web server and the browser. The secure connection and encryption that an SSL provides guards against things such as wiretapping and man-in-the-middle attacks. If you have time and want to depress yourself learning more about these and a few other ways hackers can get to data transmitted without an SSL, read this article. The takeaway is that this type of certificate assures that no one can steal your data on its way from your browser to the website's web server.
How to Tell If a Website Has an SSL
The indicators to designate HTTPS vary from browser to browser, but they are generally all located in the same place. If a website is running over HTTPS, there should be a lock icon next to the URL in the browser address bar.
Want to Help Finish Off HTTP?
If you are running a website that has any type of form on it, I would strongly suggest adding an SSL. Now that browsers are starting to display these security warnings, it doesn't matter if the data being entered on the form is sensitive or not. An SSL is strongly recommended.
Does this only apply to websites with forms? Absolutely not. Adding an SSL and running any website over SSL is a good idea. In addition to being a good steward of internet security, there are a number of additional advantages to running a website over HTTPS: data reliability, consumer confidence, search engine optimization (SEO) and many more.
Running a secure site with an SSL also avoids any potential of a user leaving the website prematurely due to the uncertainty of these new security warnings. Not every user is like my Grandma who completely ignores any security warning put in front of her. As users become more savvy and aware of security on the web, a small warning like this could be enough to drive them away from your website.
Depending on your website set up, the difficulty level to install and serve a website over HTTPS can vary. Overall it's a pretty easy process, but there is generally an annual cost involved. While some companies do advertise free SSLs, this is often only a temporary promotion. Most SSLs have an annual renewal fee and a web developer will need to do some annual web maintenance to update the SSL. However, once the website is configured for HTTPS, the maintenance is very minimal.
Interested? Contact your friendly neighborhood web developer today to discuss your options.
To get our latest articles when they are posted, please subscribe by e-mail or RSS.