phone0800 310 0056

Bits of information in Byte size chunks

Put the kettle on, open the biscuits and allow yourself some downtime to read some of our articles relating to IT and your business

Published 20 August 2018

Ryan Skevington

Ryan Skevington
ryan.skevington

Ryan discusses why your website should be secured with an SSL certificate and how you can get one for your website for FREE!
Ryan

SSL websites – Google and the penalty of not being secure

Way back in 2017, Google started warning Chrome users if a website that handles passwords or credit card details was not secured and encrypted with an SSL certificate.

This was a good move; It meant that the user had a clear notification that the data they will be transmitting to or from the site, would not be encrypted during its journey and could potentially be read by anyone on the internet.

ssl certificate for website

How do we know if a website is not secure?

As of Chrome version 68, which Google released to the masses on July 24th of this year (2018), ALL websites that are not secured with an SSL certificate will give the user a warning that the site they are about to visit is not encrypted.

The warning itself sits up in the left of the address bar (where the green padlock normally sits if the site is secure). It’s just a note that says “Not Secure”. If you click on the note, Chrome will tell you not to enter sensitive information.

Website that are not secure – what does this mean when browsing?

Now, what does this mean for you while you are browsing the internet? Well, nothing major. You will be warned if you access a site that is not encrypted, letting you know that any data you transmit to the site (be it a password, a card number or even just a blog comment) will not be encrypted.

This gives you the information you need to decide if you want to use the site or not.

That’s not to say that you shouldn’t visit a site if it’s not encrypted. An unencrypted site is not necessarily a dangerous one, just that you should be conscious that any data you transmit to the site will not be encrypted and could be seen. So as a rule of thumb, don’t enter any credit card details into an unsecured site and if a password is required, use a different password to that you would normally use for other sites. Although, that’s good practice in general something like Keepass, which is a password generator and safe storage, can help you with that as it will allow you to generate unique passwords for anything you want and keep them stored in its own encrypted file.

If a site uses a valid SSL certificate, you will be sent straight to the page you requested and the friendly green padlock, now with the word “Secure” next to it, will be sat at the far left of the address bar as always to let you know that any data transmitted between yourself and the site will be encrypted and unable to be intercepted and read by anyone else on the internet.

How to get a free website SSL Certificate

“But I can’t afford to secure my site with SSL certificates. That stuff’s expensive and complicated to do.” Fear not struggling webmaster, securing a website with an SSL certificate can be free and automated.

Since April of 2016, Let’s Encrypt have provided websites with a free, trusted and automated SSL certificate for website owners the world over.

They also make installing and renewing your SSL certificate easy and automatic with tools developed for almost every webserver (and underlying operating system) in use today.

The only downside being that Let’s Encrypt certificates are only valid for 3 months at a time, but with their scheduling tools, this shouldn’t be an issue for you as the certificate will be automatically renewed for you just before it expires.

Let’s Encrypt have a detailed documentation section to help you get your website secured with a Let’s Encrypt certificate and schedule automatic certificate renewals. But if you get stuck, we can do it for you!

If you’re interested to see if any of the big sites around the world aren’t using SSL, Why No HTTPS has a live, daily updated list of the top sites (based on their Alexa rankings) who aren’t using HTTPS/SSL on their sites.

Why not talk to one of our people here about your website and how we can help secure your site for your visitors

Enter your details below to subscribe to our blog:

Like this post?

This entry was posted in Compliance, Search Engines, Websites and tagged: ,

© Apograph Ltd 1993 - 2018. All rights reserved v2018.1.0. Website designed, coded and hosted by Apograph Ltd.