SSL Certificates and Google Chrome: What it Means for You
Google has recently announced that it will be changing the way that websites are viewed within its browser (Google Chrome). They have indicated that they are going to show a warning next to any site that does not have an SSL certificate issued.
What is an SSL certificate?
An SSL certificate (Secure Sockets Layer) is a special handshake code used to encrypt data when sending a request. Any time you fill out a form on a website, you are sending a request. Most times, you might be signing up for something, or showing interest in a service, or a doctor's appointment, etc. In many scenarios, this information is not encrypted because it is not sensitive data. We typically use SSL Certs. for when sensitive information is being passed along like Credit Cards, Social Security Numbers, etc. This data must and should be encrypted so that even if the data was intercepted by an unwelcome source, the information would be jumbled, and information would be useless. Many times, one will see a padlock on a site indicated the connection is secure. This indicates an SSL cert is installed and valid on the server.
Why will Google Chrome show the warning if my site doesn't collect credit card information or sensitive information?
Early in 2014 Google started toying with the idea that sites with an SSL certificate were more worthy of rankings, and so they began factoring the SSL certificates into ranking for SEO, albeit slight. Since then, we have seen exactly that: a slight favoritism to sites that have an SSL cert. Now, Google is leveraging the popularity of Chrome to entice/shame users to get an SSL, by displaying that the site is not secure with a warning. What this means is that the information submitted on site is not encrypted. Again, this isn't really a bad thing in our eyes, as long as the information submitted is not sensitive in nature. Visitors to the site won't see it as only an un-encrypted page however; instead they will think that the site has been hacked or compromised in some way. In my opinion, they are going to be shaming site owners who do not have an SSL despite not needing the added layer of encryption.
Should I get an SSL for my site?
That is completely up to you. You don't need an SSL per se if you are not handling sensitive data, however it is never a bad idea to have one. From the prior paragraphs, you have probably deduced that I don't really support the way that Google is going about this, however secure sites are the future, and though I do not like the direction, doesn't mean we aren't going that way anyways. If you are getting this email from me, it indicates that you have at least one site that isn't encrypted with SSL. The cost to add an SSL certificate to a site relies completely on how complex your site(s) is/are. On most sites, to integrate a certificate, it would be roughly 2-3 hours of work plus the cost of an SSL certificate (~$25 annual charge).
What will happen if I don't use an SSL for my site?
Google Chrome, and likely to follow Firefox, Explorer, Edge, and Safari will begin to display the insecure connection of the site for certain pages. At first, they have indicated they will do this for any pages that have a password field, but they expect eventually all pages to have this warning. The warning will appear something like this.
I want you to incorporate an SSL on my site ASAP, what should I do?
Should you desire to have an SSL on your site(s), talk to us at Toledo Graphics. Our goal is to make sure that we are on the cutting edge of the latest features and issues in an online world. Contact us today!