Associate Agency Director
SSL encryption and why you need it
The interweb can be a scary place.
As users or website owners, we’re sharing and handling more data online than ever before, whether advertently on inadvertently.
Considering that all data users provide via standard web protocol (HTTP) is unprotected on it’s way to the server, hackers could potentially pry on the connection and access passwords, credit card details and any other sensitive information.
The solution? Data encryption.
Applying an SSL (Secure Sockets Layer) certificate to your website adds an additional layer of security that encrypts all data on it’s way to the server. This stops hackers’ ability to access the data and also scrambles it, rendering it useless if hacked.
Once configured, your website will display the secure web protocol (HTTPS).
At The Refinery, we now attach SSL certificates on every website as standard. Here’s why:
1. We’re moving towards a more secure web
The days of only surfing the web from a desktop in the office are long gone. We’re now connected on multiple devices in various locations, using public WiFi to shop online, work remotely or access our entire life on Facebook. These days even our clothes are connected to the internet.
The more ways in which we use the web, the greater the need for a safe, secure environment as internet users.
Adding an extra layer of security to your website via an SSL shows you’re serious about internet security and respect the data that your users will inevitably transfer while on your website. As applying an SSL certificate requires your company details, it also confirms that your website is from a verified source and isn’t a spoof site.
2. Google are prioritising secure websites
In recent years, Google has been a major driver of change in this area and have pushed for the rapid demise of HTTP.
As part of its crusade, Google now gives preference to more secure websites in its search rankings:
“We’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal.” – google.com
The mere threat of an inferior Google search ranking is enough to convince most businesses, but there’s more..
3. Major browsers are calling out unencrypted websites
Further to their search result bias, Google is also changing how their browser – Google Chrome – displays websites the use HTTP, making it more obvious to the user.
Google Chrome, now over 55% of the world’s internet traffic1, currently displays a ‘not secure’ warning on the address bar of websites that “collect passwords or credit cards … as part of a long-term plan to mark all HTTP sites as non-secure” – google.com
Eventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle– google.com
Above: Google's proposed 'red triangle'
Mozilla’s Firefox has also followed suit, reinforcing the paradigm shift of website-to-server connections and online security in general.
To continue to promote the use of HTTPS and properly convey the risks to users, Firefox will eventually display the struck-through lock icon for all pages that don’t use HTTPS, to make clear that they are not secure.– mozilla.org
Above: Mozilla's login warning to non-secure site users
Apple has also indicated that they will be displaying warning messages on their Safari browser (as visible on their pre-release Technology Preview) when users “interact with a password or credit card form on a non-secure page” – apple.com
It’s clear that it’s only a matter of time before users are effectively slapped in the face with non-secure warnings on all of the major browsers.
Needless to say, if you haven’t already got an SSL certificate – you need one.
Does SSL & HTTPS make you go WTF?
We speak English too (03) 9533 6293.
1 "StatCounter Global Stats - Browser, OS, Search Engine including Mobile Usage Share" – statcounter.com