Google wants everything on the web to be travelling over a secure channel. That’s why from January 2017, your Chrome browser will flag un-encrypted websites as insecure, displaying a red “x” over a padlock in the URL bar.
With this upcoming change in Chrome, Google makes it clear that all sites should all be encrypted, in other words, should be served over HTTPS, which is essentially a secure layer on top of the usual HTTP web protocol.
“The goal is to clearly display to web users that
HTTP provides no data security.”
HTTP has been used to carry the information passed back and forth between you and the websites you visit. However, using HTTP is like sending a postcard, anyone who handles it can see what's written on it. The solution to this is to use HTTPS instead, which wraps the insecure HTTP connection in a secure encrypted stream called SSL (Secure Socket Layer).
Enabling SSL on your website is like putting the postcard in a safe with a secret combination known only to you and the website you're visiting. This means that anyone in the middle that is handling your data can only pass it on, they cannot read it. In order for this to work the website must be able to verify its identity, which is what an SSL Certificate does.
This isn't the first time that Google has taken steps to encourage site owners to switch to HTTPS. Two years ago, Google made some changes to its search engine algorithm to rank websites that use encrypted HTTPS connections higher in search results.
HTTPS will provide the following advantages:
- Security to all websites and pages regardless of content
- Search engine optimisation benefits on Google (help with higher rankings)
- Mitigate known vulnerabilities such as SSLstrip and Firesheep
- Provide browser user privacy
- Higher trust indication with a green lock icon
With proper installation of an SSL certificate, the “not secure” warning will disappear and be replaced by a green lock icon, assuring web visitors that your site is secure.