Say “yes” to HTTPS: Chrome secures the web, one site at a time

ssl-certificate-from-spearhead-multimedia

Editor’s note: October is Cybersecurity Awareness Month, and we’re celebrating with a series of security announcements this week. 

Security has always been one of Chrome’s core principles—we constantly work to build the most secure web browser to protect our users. Two recent studies concluded that Chrome was the most secure web browser in multiple aspects of security, with high rates of catching dangerous and deceptive sites, lightning-fast patching of vulnerabilities, and multiple layers of defenses.

About a year ago, we announced that we would begin marking all sites that are not encrypted with HTTPS as “not secure” in Chrome. We wanted to help people understand when the site they’re on is not secure, and at the same time, provide motivation to that site’s owner to improve the security of their site. We knew this would take some time, and so we started by only marking pages without encryption that collect passwords and credit cards. In the next phase, we began showing the “not secure” warning in two additional situations: when people enter data on an HTTP page, and on all HTTP pages visited in Incognito mode.

http search

It’s only been a year, but HTTPS usage has already made some incredible progress.

  • 64 percent of Chrome traffic on Android is now protected, up from 42 percent a year ago.
  • Over 75 percent of Chrome traffic on both ChromeOS and Mac is now protected, up from 60 percent on Mac and 67 percent on Chrome OS a year ago
  • 71 of the top 100 sites on the web use HTTPS by default, up from 37 a year ago
percentage of page loads over HTTPS in Chrome by platform
Percent of page loads over HTTPS in Chrome by platform

We’re also excited to see HTTPS usage increasing around the world. For example, we’ve seen HTTPS usage surge recently in Japan; large sites like RakutenCookpadAmeblo, and Yahoo Japan all made major headway towards HTTPS in 2017. Because of this, we’ve seen HTTPS in Japan surge from 31 percent to 55 percent in the last year, measured via Chrome on Windows. We see similar upward trends in other regions—HTTPS is up from 50 percent to 66 percent in Brazil, and 59 percent to 73 percent in the U.S.!

Ongoing efforts to bring encryption to everyone

HTTPS is easier and cheaper than ever before, and it enables both the best performance the web offers and powerful new features that are too sensitive for HTTP. There’s never been a better time to get your site secured by Spearhead Multimedia

Reminder: Google Insecure Forms Warning 

No-SSL-No-Conversions

With the release of Chrome 62, Google will mark any website with an insecure form “Not Secure.”

If you haven’t added SSL to your website, you may want to—an important deadline is coming up. Starting in October with the release of Chrome 62, Google will be marking any website with an insecure form “Not Secure.” This isn’t just a warning for pages with an insecure login/password field, now it’s any field—anywhere a user can input information.

Insecure Password Warning, Firefox 52
The warning for an insecure password field.

This is keeping with Google’s push for universal encryption. The company has continued to ramp up pressure for websites to add SSL. And Google doesn’t plan to stop at just warning Chrome users about insecure forms, either. Google plans to roll out a warning for all HTTP websites sometime in 2018.

HTTP website

So heed this warning, if your website is anything more than a blog or a personal website, you need to encrypt. Whether you’re just collecting an email address as part of a capture strategy or you’ve got a signup form somewhere, you’ll be sorry if you don’t secure it before Chrome 62 drops in October.

“Not Secure” warnings kill conversions

Nothing is going to kill your conversion rate faster than Google placing a “Not Secure” warning in your address bar or drop an interstitial warning when a customer attempts to type in one of your website’s fields.

And it’s not just Google, the other browsers are also adopting similar policies with regard to encryption and insecure websites.

Think about it, people tend to trust their browsers. When one of them tells a user that he or she is not safe on a website, the vast majority of people are going to leave. Nobody is sitting at their computer saying, “this seems like a worthwhile risk to take.”

So remember, if your website has any forms on it—install SSL. Waiting until Google flags your website is playing with fire. It’s time to add SSL. Contact us today for a free evaluation to provide your site the correct level of security for a reasonable price.

Next steps toward more connection security

Chromium Blog

News and developments from the open source browser project

Thursday, April 27, 2017

In January, we began our quest to improve how Chrome communicates the connection security of HTTP pages. Chrome now marks HTTP pages as “Not secure” if they have password or credit card fields. Beginning in October 2017, Chrome will show the “Not secure” warning in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito modeFix your website now…

http not secure

Treatment of HTTP pages in Chrome 62

Our plan to label HTTP sites as non-secure is taking place in gradual steps, based on increasingly broad criteria. Since the change in Chrome 56, there has been a 23% reduction in the fraction of navigations to HTTP pages with password or credit card forms on desktop, and we’re ready to take the next steps.

Passwords and credit cards are not the only types of data that should be private. Any type of data that users type into websites should not be accessible to others on the network, so starting in version 62 Chrome will show the “Not secure” warning when users type data into HTTP sites.

 

non secure in incognito mode

Treatment of HTTP pages with user-entered data in Chrome 62

When users browse Chrome with Incognito mode, they likely have increased expectations of privacy. However, HTTP browsing is not private to others on the network, so in version 62 Chrome will also warn users when visiting an HTTP page in Incognito mode.

Eventually, we plan to show the “Not secure” warning for all HTTP pages, even outside Incognito mode. We will publish updates as we approach future releases, but don’t wait to get started moving to HTTPS! HTTPS is easier and cheaper than ever before, and it enables both the best performance the web offers and powerful new features that are too sensitive for HTTP. Check out our set-up guides to get started.

Posted by Emily Schechter, Chrome Security Team

Spearhead Multimedia gas very inexpensive solutions to make your site secure.  Find out here…

Google Gives A Ranking Boost To Secure HTTPS/SSL Sites

google-ssl-https-secure

Google Gives Secure Sites A Ranking Boost

Google has announced that going HTTPS — adding a SSL 2048-bit key certificate on your site — will give you a minor ranking boost.

Google says this gives websites a small ranking benefit, only counting as a “very lightweight signal” within the overall ranking algorithm. In fact, Google said this carries “less weight than other signals such as high-quality content.” Based on their tests, Google says it has an impact on “fewer than 1% of global queries” but said they “may decide to strengthen” the signal because they want to “encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.”

Google also said based on their tests for the past few months, the HTTPS signal showed “positive results” in terms of relevancy and ranking in Google’s search results.

As you may remember, at SMX West, Matt Cutts, Google’s head of search spam, said he’d love to make SSL a ranking factor in Google’s algorithm. Well, less than five months after that announcement, and while he is on an extended leave, Google is making it a reality.

SEO Concerns With Going HTTPS

Should you be concerned when switching from your HTTP to HTTPS site for SEO purposes? Not so much. Google has been telling webmasters it is safe to do so for years. But you need to take the proper steps to ensure your traffic doesn’t suffer. That means make sure to communicate to Google that you moved your site from HTTP to HTTPS. Google promises to release more documentation in the future, but for now has provided the following tips:

  • Decide the kind of certificate you need: single, multi-domain, or wildcard certificate
  • Use 2048-bit key certificates
  • Use relative URLs for resources that reside on the same secure domain
  • Use protocol relative URLs for all other domains
  • Check out our site move article for more guidelines on how to change your website’s address
  • Don’t block your HTTPS site from crawling using robots.txt
  • Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag.

Google has also updated Google Webmaster Tools to better handle HTTPS sites and the reporting on them.

One last thing: You will want to make sure to track your HTTP to HTTPS migration carefully in your analytics software and within Google Webmaster Tools.

Postscript: Google webmaster trends analyst John Mueller is also answering some questions about the change here on Google+.

Spearhead Multimedia offers multiple choices for SSL Certificates.  Get yours here today.

From http://searchengineland.com 

Positive SSL