At the end of last year, Google started prioritising websites using SSLs (with a web address starting with https) over those without in their search rankings. This was widely seen as Google’s first attempt to move towards a “secure web”. Recently, Google have started going a step further towards a secure web, by starting a transition towards marking websites without SSLs with a broken red padlock warning image at the left of the address bar.
Wait, what? Isn’t the web already secure?
Some parts of the web are secure. Have you ever seen the lock in the left corner of the address bar in your browser? A green lock there means that the information that you are sending and requesting from a website is secure, as it has an SSL which encrypts the information.
Information can fall victim to a “man in the middle” attack, where someone reads or changes the information that is being sent between you and a website. This means that if the attacker is able to read the data, they could do things like altering links in a web page to send you to sites filled with viruses, or copy those vital credit card details for a “free” shopping spree. SSL’s stop this using encryption.
These attacks can easily be done on an open wifi or by an attacker making their own “free” wifi, something which is done by many on a daily basis in Britain.
So what is an SSL? What is encryption?
An SSL is a digital certificate that is signed by the website which owns the SSL and the certificate authority (a super trustworthy organisation that manages SSLs). This means that the encryption used is strong enough to prevent someone reading or tampering with any information flowing between you and a website. This also means that information is signed, so your computer knows that it’s coming unaltered from the website that you wanted it to come from and that it is trusted as it is countersigned by a certificate authority.
Encryption is how websites scramble information so that it cannot be read or altered, like a code used by spies. In the type of encryption used by SSL’s, the sender uses a specific set of instructions to scramble the information using a unique “key” and the decoder (who possesses the same copy of the key) uses the same instructions, but in reverse.
What does this mean for my website?
As a website owner, this means that if you do not have an SSL, your website is earmarked to be displayed as insecure in the near future. This will inevitably mean a drop in traffic, with the increasingly security-savvy end user avoiding your website with its red padlock warning icon.
What does this mean for me using the internet?
As a web user, this means that your information will be kept out of the hands of unscrupulous types who want your information for their own nefarious purposes. It also means that, as no one can change the information sent between you and a website, you are safer when using public networks (like open wifi hotspots).
What I see for the future
Following this trend towards “marking down” websites with SSLs in search results and showing them as insecure, I believe that in the future, websites without SSLs will be blocked (like the image below). Why sit back and let this affect your web traffic? Go and get an SSL for your website now to futureproof your online presence.