Hi! OK... 1st things 1st... make yourself a cuppa, take a seat then have a read - it's worth it.
Further to our recent blog posts on the importance of SSL and the looming deadline from Google (to warn website owners to upgrade their websites to be HTTPS - so they don't show 'WEBSITE IS NOT SECURE' in Chrome and destroy your Google listings).... here's another one....
Safari has now caught up (as of yesterday) and is doing the same thing (i.e. marking websites that are not HTTPS as 'NOT SECURE').
So please read on, as everyone needs to be aware that this will effect ALL types of websites with enquiry forms/registration forms/admin logins, etc...
Can you risk not having SSL?
Don’t have an SSL Certificate? Web browsers are going to flag your website even more prominently now...
We turn to the internet for everything. From selling to buying, it is the introduction of an e-world. With this dominating trend, online security has become a necessity.
Undoubtedly, Google loves its users and therefore, is coming up with every possible way to make us feel secure here on the internet. With its recent announcement, earlier this year, Google will flag all the unencrypted websites as unsafe.
This means if your website doesn’t have an SSL certificate, it will display a ‘Not Secure’ in the URL bar. We appreciate it's an additional cost but it could mean a dramatic loss in business if your website shows 'insecure' just because it doesn't have a padlock (SSL certificates are a good thing.... honestly).
When Do You need to Worry About SSL?
With the lastest Chrome and Safari updates released, websites with any kind of text input will need an SSL certificate.
- Does your website take text inputs in the form of login panels, contact forms, search bars, etc.
- Is your website on HTTP://?
If it’s a YES to both these questions, you should allow us to install SSL to avoid any risks or warnings. If you don’t implement SSL soon, your visitors will see a “Not Secure” warning on visiting your site.
Is SSL on all websites over-kill?
Well, not for websites that require a customer to register or login (like subscription-based websites, eCommerce websites, booking websites) as it’s definitely required but we do think it’s a bit over-kill for all websites with just an enquiry form and an admin login. But it’s best to be ‘safe’ than ‘sorry’ as they say, so if you’d like SSL installed please contact Kirsty (firstname.lastname@example.org) to sort it out for you.
What's SSL and How Does It Work?
SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.
If you don’t have the SSL certificate, a secure connection cannot be established, that means, your company information will not be digitally connected to a cryptographic key.
SSL Certificates have the following information:
- Name of the holder
- Serial number and expiration date
- Copy of the certificate holder’s public key
- Digital Signature of the certificate-issuing authority
We use high quality SSL certificates for each individual domain - we don't share the certificate with 1000's of other sites.
Why are SSL Certificates now critical?
Here are some of the reasons to have SSL Certificates:
1. Encrypts Sensitive Information
The information you send on the Internet is passed from computer to computer to get to the destination server.
Any computer in between you and the server can see your credit card numbers, usernames and passwords, and other sensitive information if it is not encrypted.
When an SSL certificate is used, the information becomes unreadable to everyone except for the server you are sending the information to. Therefore, having SSL installed on your website is a good idea. But not only that but it will affect your Google listings come July if SSL is not installed…
2. Protects You From Cybercriminals
They are clever! According to Cybersecurity Ventures, cybersecurity damages will cost the world over $6 trillion annually by 2021.
It is impossible to escape the rising tide of cybercrime if your website doesn’t have an SSL certificate. They will identify weakness(es) in your network…mostly, when information is transmitted. Recently, the black eye masked people have been refining malicious strains that are specifically designed to capture data while moving between destinations. By having SSL installed on your website will offer a vital means of defending against transit-based hacks.
3. Builds Trust & Brand Power
With SSL certificates, your customers will see a padlock icon and a green address bar that indicates a well-trusted encryption is in use (we use a high-quality SSL that is attached to your hosting). So when a customer sees this on your website, they can be assured that their information is traveling safely. Undoubtedly, this will add brand power and boost the credibility of the brand.
Before Google flags your website, (Safari may have already done this) secure it today with our SSL Certificate.
Safari Warns about Unsecure Logins
The latest version of Apple’s browser, Safari 11.1, was released yesterday (18th April 2018) for iOS and macOS. The new update brings a warning for websites that offer login forms over un-encrypted HTTP (those websites without a padlock), which has become standard UI for most major web browsers.
Safari’s warning appears in red and reads “Website Not Secure” when the login form has ‘focus’ - meaning the user has it actively selected. This replaces the URL entirely. If the user does not have the form selected, the warning reads “Not Secure” and appears at the left-hand side of the address bar along with the domain.
There are a few conditions for seeing the warning. It is only triggered by fields in a HTML element - an input field on its own will not cause a warning. In addition, the warning will only appear once the user has interacted with the form, instead of on page-load. Once the user has interacted with the form, the warning remains until they leave the page - it will persist after a refresh.
On iOS the warning appears and functions in the same way.
Safari 11.1 ships with macOS 10.13.4 (and is available for versions back to 10.11.6) and iOS 11.3. This is a good step forward for Apple’s browser, which often waits until the other major browsers make changes to their security UI. Both Google Chrome and Firefox have displayed similar warnings for unsecure login forms since early last year. Unlike those browsers, Safari does not allow you to click the message for more information, so users may not understand why this warning appears or how it should affect their behaviour.
There are no indications when or if Safari will expand the warning to all HTTP traffic like Chrome has planned for their July release. Read: Why have my Google listings dropped.
Major browsers have changed their security expectations over the last few years as part of a very public campaign to push the web towards HTTPS. So far this has been incredibly successful with the proportion of overall HTTPS page loads increasing by an average of 11% year over year since 2015.
Websites that remain on HTTP will continue to receive warnings and be restricted from using major features such as HTTP/2 or Service Workers (earlier this year, Firefox announced all new features added to their browser would require HTTPS).
Get more secure!
If you have not yet adopted HTTPS for your website please contact us and we will install SSL on your website and provide the SSL certificate. Email Kirsty: email@example.com
Written by Kirsty Paget