Have you looked at the address bar in your browser recently? If you have, you might have noticed some changes sneaking in. One is the increasing use of secure (https) sites even if there is no interaction with the visitor. The second is the appearance of icons which show you explicitly whether the site is secured.
What does https do?
We are all used to seeing the green bar in the address bar of websites such as Amazon and the banks. This is the top notch security: not only is all inteaction with the website encrypted but the certificate authority has verified that the company is who it says it is. This involves heavyweight paperwork but is what you would expect considering how much they know about our finances.
The more basic https certificate used by smaller companies requires basic ownership checks and provides encryption of all traffic to and from the website. This means that noone can tamper with the content of the website en route to your browser, or any messages you send back to the server.
Why the changes?
Many sites moved to https post-Snowdon. Some of these should probably have been secure all along, but some made the change as an antidote to possible snooping.
The padlock in the address bar of a secure site has been around for a while, and was augmented by the green bar some years ago. The new unlocked icons are a recent addition to Chrome and Firefox browsers. It may be an unlocked padlcok or a little “i”. Click on the icon and you get an information panel and you get a message:
Connection is Not Secure
Your connection to this site is not private. Information you submit could be viewed by others (like passwords, messages, credit cards, etc.)
The change is advisory, but there is an underlying current that Google and the like are using it to nudge websites along the secure route. Although there is nothing to suggest it affects SEO at present, this may change.
Should my website be https?
If your site is an online shop, you should be using a security certificate. Even if you are using PayPal (or similar) to manage the financial aspects of the transaction, you must protect information entered into your site. You are also obliged to ensure that the link between your site and the payment manager is secure and cannot be hijacked.
If you are running a membership website, your members are likely to expect an https site. It shows that you are protecting their information and that the extra information you provide to members logged into the site has a value.
For most sites, the biggest risk comes from managing the site. If your website uses a management system such as WordPress (and almost all modern sites do), you log into the website (albeit the back of it) to manage the site. Your interactions with the site are passed unencrypted across the internet. While the risk this poses is small, it is not zero and there are repercussions if a third party steals and used your credentials to hack your site. If you use public Wi-fi to manage your site, the risk is higher.
It comes down to the old saying “you pays your money and takes your choice”. In financial term, you can get a basic security certificate from as little as £20. Be sure to buy from a reputable source and read the small print.
… and check for the padlock in the address bar before you buy!
