TL;DR

  • Get a security certificate, fast. We can help you: Get in touch
Very soon, websites without an SSL certificate will be shown as “insecure” in the Chrome web browser. Chrome v56, due to be released late January 2017 will mark all insecure websites as “(!) Not Secure” in the browser bar to further Google’s work in ensuring the entire web soon runs on HTTPS only.

This is great for consumers — valid security certificates prevent “man-in-the-middle” attacks, where third parties can listen in to unencrypted information. When filling out web forms on payment gateways or even when logging in to a service or leaving your contact details, as a consumer you should always look for security marks to ensure your data will not be stolen.

What exactly is going to happen to HTTPS security in Chrome v56?

The Chrome team will start rolling out the “(!) Not Secure” warning in the latter half of January 2017 to web pages which collect personal or payment card data. We expect this to continue to include all websites in coming versions.

Currently, you may see in the Chrome browser one of the two following markers in the address bar:

Credit: Google, September 2016

However, the master plan has also been revealed; if like me, you have already set some of Chrome’s settings to show you bleeding-edge features, you will notice the exclamation mark is destined to turn red in the future. This will act as a real warning to your website users and it’s this we expect to begin to see on insecure pages in the future.

Credit: Google, September 2016

Why should my website be secure?

I’m glad you asked! There are no longer any downsides to HTTPS pages (it used to mean slower speeds, but the web architects of the world have solved this in many ways now).

  1. Control your browsing experience fully – no snooping, code injection or malware
  2. Better conversion rate for your store/forms – your users know your website is secure and the connection cannot be listened to so greater trust is felt
  3. Security – you accept personal or financial data with much less to worry about

If you’re a programmer / server person

Then you can go secure right now!

We’re HUGE fans of Let’s Encrypt, an open source solution to SSL certificate distribution. What’s more, Let’s Encrypt certificates can also be configured to auto-renew meaning the solution is future proof. Ordinary, signed certificates expire usually every 1 – 5 years, but there are also a number of additional benefits of going with more costly solutions too, such as your company name appearing with a padlock in the browser bar.

If you’re not a web developer

Then you can still go secure very quickly… Security certificates are now easier to come by than they ever have been. A paid-for SSL certificate (with warranty and all the good stuff I hint at above) can be picked up for under £100 and there are now free* options available too. Talk to your web developers to see how quickly you can patch this problem for your business soon!

* Free references the certificate cost, not the time and energy required to install, configure and test the certificate up front.

Further watching below;

Why HTTPS is important in a forward-thinking web world.

Aaron Dicks

Managing Director

Managing Director of Impression. Search engine optimisation consultant, web developer and digital all-rounder. @aarondicks