If You Ask Users To Input Data, You Need An SSL Certificate
If your website has forms, login fields or any other input sections across its pages then you’re running out of time to avoid Google Chrome marking them as not secure.
As we wrote back in February, Google has already been marking non-https websites that require credit card details or passwords as not secure for some time now. The latest move is a further attempt to encourage website owners to embrace user security.
WHAT IS HTTPS?
HyperText Transfer Protocol Secure – or HTTPS – is a language used for passing information between clients and webservers. The ‘S’ addition to HTTP means that users will benefit from a secure connection whilst inputting private data.
With HTTP sites, there is a possibility that unauthorised parties could observe information being passed between your computer and the site in question.
If you’re entering sensitive information such as passwords and card details, then it’s vital it’s properly protected. An HTTPS connection provides this through the use of an SSL/TSL certificate.
The certificate encrypts any data being passed, protecting it from corruption during transfer. This is something that all users of your website have a right to expect. Google clearly thinks so, hence the move that’s been made via Chrome.
Hang On! I want to know more about an SSL certificate
SSL stands for Secure Sockets Layer. It is used with HTTPS versions of websites for the encryption of sensitive data. When data is passed between a website and the user, the SSL connection is established before any information is sent.
The best way to think of the certificate is as the extra ‘S’ that turns an HTTP website into an HTTPS website.
What message does Chrome display for non-HTTPS sites?
For any credit card or password-related field loaded on an HTTP site via Chrome, a red box with a ‘crossed’ padlock now appears. This comes coupled with a ‘Not secure’ message in the search bar.
This clearly shows users that the website they’re visiting can’t guarantee the safe passage of personal information. Any companies due to be affected by the change now only have more reason to ensure they move their site to HTTPS.