Why security and HTTPS are the future for all sites, not just banks
As the web has developed and we all perform more and more of our daily tasks online, online security has become increasingly important – but 2017 will be the year that security becomes important to even the simplest of websites as Google will start to highlight websites that are insecure.
Security should have been the watchword for 2016, but after millions of account details hacked from Talk Talk and lax security knowledge resulting in a Democratic Party email scandal, it appears many people didn’t get the memo.
Back in 2014, Google called on website developers to use HTTPS everywhere and started to use secure connections as a signal in search result rankings. So, for the last two years if your website ran only on standard and unencrypted HTTP then it may well be a few places lower in the search results than would otherwise be the case – possibly pushing your site onto the dreaded second page.
Beyond a Google bump (and likely a Bing and Duck Duck Go bump too), HTTPS can also improve user trust. That padlock icon in the browser is always a positive sign, even better if its a green bar, and since the early days of the web people have understood that this means their data is being protected.
Twenty years ago, we may only have thought we needed a secure connection when using online banking, but with us sharing ever more data online our email and social media accounts can offer hackers all the information they need to get infiltrate every aspect of someone’s life – this means it would be simple for them to reset the login details for your bank or worse.
A new warning
The moves from the likes of WhatsApp to encrypt all communication shows that big corporations are finally understanding the value of all the data they hold on their users. All websites want to maintain user trust and if you run a website you do not want to be left behind on this trend.
All developers should be moving their sites towards better security already, but as an extra incentive from January 2017 Google will start to flag sites that do not use HTTPS secure connections within its popular Chrome web browser. At first these warnings will only be shown on websites that ask for passwords or credit card details without HTTPS, but the search giant as strongly implied that this is only the first step and they will soon also flag any site that doesn’t use secure protocols.
Hopefully 2017 will be the year that everyone starts taking security more seriously, with website owners doing more to protect their users, but with Google’s help maybe we can get the public to think about their security as well – no-one should be using “123456” as a password in this day and age.
Explainer: What is HTTPS?
HTTPS stands for “HyperText Transfer Protocol Secure” and in simple terms means that the user’s browser and the website they have connected to have agreed on a secret code, so that they can scramble the data sent between them, so it cannot be intercepted, read, and altered by hackers. They use this secret code on a Secure Sockets Layer (SSL), sometimes called Transport Layer Security (TLS) to send the information back and forth for the duration of the user’s visit to the site.
Photograph by Pixel Creatures