the not secure update

You may have noticed recently, possibly when accessing something like a website login page, that a fairly prominent Not Secure warning, or a little lock with an ominous red line through it, is now appearing in the browser's (Chrome and Firefox currently, I'm sure the others will soon follow) address bar. Or possibly one of your website viewers may have emailed you asking why this is appearing on your website. Here's is a quick explainer.

The internet, in it's default state is unsecured, meaning that the communication between your computer and the internet is transferred in plain text (i.e un-encrypted). This makes the channel that transfers the data relatively easy to tap into, and listen to, if one was so inclined. This was regarded as acceptable for websites that only presented information about a topic to a user and no sensitive data was transferred. As the internet developed, particularly with the advent of online payment, there became a need to secure this channel to allow data to be transferred that wasn't susceptible to this intrusion.

The industry solution was to allow website owners purchase and install Digital Certificates (commonly known as SSL Cert however the SSL protocol is now defunct and has been replaced with TLS) to secure the data transfer between a computer and the internet. This allowed us to send personal information, credit card info and other info safe in the knowledge it was secured in transit and only went to its intended recipient. The indication of a secure website has evolved slightly over the years, differing from browser to browser, but generally is identified by https:// at the start if the web address and the presence of a lock in the address bar, sometimes green sometimes not.

With a digital cert installed on a website the browsers can inform the user that a web page is secure, otherwise, it was to be assumed it is not secure, but traditionally this was not communicated explicitly to the user. The browser did inform the user if the website tried to use encryption but there was an issue with the security setup (with this message becoming more and more alarming over time), which was a logical step to try and stop users accessing compromised sites impersonating legitimate websites. Even with these measures in place, these sites are still duping unsuspecting users daily in submitted data to websites they really should not.

With this difference in secure and non secure websites exploiting this knowledge gap, there has been a shift by the big players in the internet project to move towards a situation whereby most, if not all, websites integrate digital certificates, not just websites that process sensitive data. Evidence of this can be seen in the likes of Paypal, removing their support of non encrypted requests to their service, Google building in the use of digital certs in to their ranking algorithm and now this latest update of the main stream web browsers to mark some non-encrypted webpages as Not Secure.

This small tweak in the browser interface will spark many queries from user to website owners and in turn from website owners to developers. The solution that will be offered to website owners, by the developer, will be the purchase and install of a digital certificate to remove this warning. As a result a large number of websites will move to secure status taking another large step towards a more secure internet.

Written by Andrew Lynch

Posted in Web Design on 10 September 2017

Meet Our Clients

View Full List