By: Caitlin Barbin and Oren Baum
Google has been pushing for secure sites and if you haven't done so already, now is the time to switch. If you've noticed the Chrome address bar, it displays whether the site you are on is "secure" or "not secure." This started with Chrome's July 2018 update, and coming this September and October 2018, Google will remove the "secure" marking for sites that are encrypted with HTTPS. Instead, non-secure sites will be marked with "not secure" and this marking will turn red when users enter information such as an email or password.
This is an evolution in the practice of whether or not we need to consider a website secure or not. Encryption is used to avoid eavesdropping by any parties between the web browser and servers handling the information. In ‘the old days’, it was practice that only sites that dealt with secure information or e-commerce needed to be encrypted. Previously, such a label was reserved for websites that, for example, had their encryption certificate expire, or not match the domain a user visited.For many reasons, most of them considered positive, best practices have been moving in the direction that all websites should be secured with encryption. In order to help nudge that mindset in the right direction, Google, through its chrome browser, started labeling sites without encryption as 'insecure'. Google also modified their search ranking algorithm, to give preference to sites that are encrypted over those that are not. Together these and other 'carrot and stick' initiatives help move the bar of what is considered a safe, optimized, and protected website.
HTTP and HTTPS Explained
HTTP stands for HyperText Transfer Protocol and it moves information in plain text between your browser and the web server. Anyone who intercepts this transfer of information can read the plain text, making it insecure. It’s important to keep sensitive data such as passwords and credit cards on websites. HyperText Transfer Protocol Secure (HTTPS) was introduced where an encryption protocol called Secure Socket Layer (SSL) was combined with HTTP, making sites secure. However
HTTPS does not protect you from everything such as hacks or hiding your identity — it just makes transferring data safer.