Google’s Next Steps Towards a Secure Web
Google is making additional strides in their drive to make the web a safer place, and come October 2017, there will be two more situations where Google’s Chrome browser will show a security warning to visitors on a website.
This development was hinted at months previously in a statement by Google, “Beginning in October 2017, Chrome will show the ‘Not secure’ warning in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode.”
The search engine giant has already recently sent email notifications to webmasters who have forms on webpages over HTTP. Needless to say, now would be a good time to switch to something more secure.
Indeed, it has never been cheaper or easier to integrate HTTPS with your website.
But you may be wondering why all the fuss about HTTPS.
Why HTTPS is Important for Your Website
There are 3 principal reasons why HTTPS is important to your website--any website, and not just those that handle sensitive information like banking websites and hospital websites.
1. With HTTPS You Can Preserve the Integrity of Your Website
HTTPS protects your website from malicious intruders who seek to tamper with the communications between your website and your audience. And it’s not only malicious intruders you have to worry about—there are legitimate, but intrusive, companies like Internet Service Providers (ISP) and Hotels that inject ads into your web pages. HTTPS can help you prevent actions like these as well.
Without HTTPS, intruders are free to exploit the unprotected communication stream between your audience and your website. It then becomes easy to trick your users into revealing sensitive information, install malware, and insert advertisements that are not relevant to your content into your website.
These destroy user experience and create security risks for your website visitors.
Passing up in HTTPS leaves every resource on your website vulnerable to intruders: cookies, scripts, HTML, images for example, and these can be exploited at any point of the network including a WIFI hotspot, a user’s machine, or a compromised ISP just to name a few.
2. Protects the Privacy and Security of Your Visitors
Without HTTPS, intruders could passively listen to communications between your website and your users.
Its commonly believed that only websites that handle explicitly sensitive communications are truly in need of HTTPS…but this could not be farther from the truth. Intruders compile loads of seemingly benign information to create remarkably accurate portraits of those communicating, as well as their possible behaviors.
In effect, every unprotected HTTP request could potentially reveal personal information about visitors to your website.
For example, employees may accidentally hint at sensitive health conditions to their employers merely by reading unprotected medical articles.
3. HTTPS is the Future of the Web
There is no way around this. Pretty much every new web platform feature such as recording audio with getUsermedia( ), taking pictures, enabling offline app experiences with service workers, or building progressive web apps, require explicit permission from the user before executing—and rightly so!
Older application interfaces such as geolocation among others are being updated to seek permission before execution.
Given that HTTPS is a key component of the permission workflows for these new and updated features, it’s not hard to see why it is the future of the web and therefore meant to be integrated into your website as soon as possible.