Chrome Security Product Manager Emily Schechter recently shared an important update regarding the use of HTTPS for websites on the Google Security Blog. She said that the search engine giant has started marking a bigger subset of HTTP websites as “not secure”. After years of trying to keep users safe from unencrypted websites, this move from Google Chrome aims to motivate developers to buy HTTPS encryption for security purposes.
A secured version of HTTP (HyperText Transfer Protocol), HTTPS (HyperText Transfer Protocol Secure) offers protection between the user’s browser and the website being visited. This ensures that nobody is able to tamper with the traffic. Without this encryption, anybody who has the access to the user’s router or ISP is free to intercept the information being sent to websites or insert malware into them. Google plans to make it compulsory when it launches the new Chrome 68 version of its own browser.
One of the reasons for this move is the increased adoption of HTTPS. Currently, more than 68 percent traffic that comes to Chrome from Windows or Android devices is on HTTPS websites. More than 78 percent traffic to the browser that coming from Chrome OS and macOS are also on HTTPS websites.
Starting with Chrome 68, the push will ensure that owners of these websites upgrade to HTTPS encryption, which provides protection against malware injection and information interception. Also, HTTPS not only unlocks performance improvements but also provides powerful new features that are too sensitive for HTTP.
The search engine company has already started pulling down rankings of HTTP websites on Google search results. Additionally, they have issued warnings for website owners to take care of password fields that could be unencrypted. Even with Chrome 64, HTTP websites were marked. However, some of them currently display an “i” icon that, which opens a non-secure warning when it is clicked.
What happens if your website is not HTTPS?
If Google marks non-HTTPS websites as “not secure”, it could result in users shying away from HTTP websites. This would force website owners to reconsider upgrading to HTTPS. When computers see HTTPS, they look for a predecided ‘code’. Computers then scan the messages with the help of that ‘code’. This is helpful because no one apart from the two parties can interrupt. This way, HTTPS keeps information safe from hackers and prevents cyber stealing.
Schechter said that HTTPS is important to ensure online security and is quite cost-effective when it comes to implementation. The upgrade is also quite simple and has automated services that ensure efficiency for website owners.
However, it is notable that not all website requre an HTTPS. Many experts believe that it should only be a pre-requisite for websites where sensitive used data is being exchanged such as for banks and e-commerce websites. If that is true, Google could be arm-twisting website owners to invest in HTTPS.?
Do you think HTTPS is important to you when you open a website? Tell us in the comments below!