Google raises the security bar for websites

Google ratcheted up the importance it places on security today. The company announced that it will begin marking all non-HTTPS sites as “not secure” in its Chrome browser starting in July 2018 with the release of Chrome 68.

In layman’s language, HTTPS is the protocol over which data between your computer and the website you’re connected to is sent. The “S” means the connection is “secure” and that any communication between you and the website is encrypted and less prone to attack.

The most common uses of HTTPS have been for sites who deal in the exchange of money with services such as online shopping or online banking.

Google’s makes good on its promise

Starting in 2015, Google began its watchdog campaign to make security a key component of its Chrome browser. At that time, the company’s audit found that 79 of the worldwide web’s non-Google sites did not use HTTPS as its default protocol. Many of those sites had no encryption at all or used outdated versions. Some of the biggest offenders at the time included Wired.com, IMDB.com, and the New York Times, which has since moved to secure its site.

Google’s evangelism and tenacity have paid off. Its latest scorecard shows reports that 81 of the top 100 sites used HTTPS by default, with 68 percent of Chrome traffic on both Windows and Android protected and 78 percent of Chrome traffic on Chrome OS and Mac protected.

“Chrome’s new interface will help users understand that all HTTP sites are not secure, and continue to move the web towards a secure HTTPS web by default,” said Emily Schechter, Chrome Security Product Manager.

Does this affect you?

If you’re one of the 56 percent of users who prefer the Chrome browser over other options, then it’s likely that you’ll be seeing notifications for websites not using the HTTPS protocol starting in July.

However, Schecter says that other groups may be more affected by the change. At a 2016 developer summit, she pointed out that business owners who run their own website can benefit from converting to the HTTPS protocol.

“HTTPS is easier and cheaper than ever before, and it unlocks both performance improvements and powerful new features that are too sensitive for HTTP,” she said.

Most hosting companies offer site security for $15 or less a year. There’s even an organization -- LetsEncrypt.org -- funded by the likes of Chrome, Facebook, Shopify, and Cisco, that offers trusted certificates for free.