Web Developer’s Dilemma: Google Changes SSL Rule for Sites with Forms
For the past couple of years, Google has been striving hard to incentivise and encourage websites to implement a SSL certificate for added security of users. Primarily, a SSL certificate ensures that the site is accessed via HTTPS. This ultimately results in encrypting the information that is sent between a web server and visitor.
From the beginning of October, Google Chrome web browser will tag all HTTP pages as insecure if users can enter any information. According to the company, the changes will apply on any website that has a search box.
At this point, it is not certain whether Google has taken this step to blacklist websites that take data without a SSL certificate.
Today, a majority of websites have already adopted SSL, therefore the remaining websites need to be incentivised more to make the changes. While Google was practically rewarding websites that adopted this change, they have now decided to penalise those who don’t.
As of 2014, websites that have SSL are embracing an improvement in terms of their search engine ranking, but since a past couple of months Google has tweaked its strategy where it is now blacklisting those sites that are non-HTTPS. Such websites have credit card forms or password fields that are required to be filled before proceeding further.
It is believed that within a month’s time Chrome will debut its version 62. Therefore, once the update is surfaced all websites that have any text input will require a SSL certificate. If a website does not have a SSL certificate, a “Not Secure” warning will appear on the address bar.
The “not secure tag” is an indication for the user that the data entered will not be encrypted. HTTPS, which is said to be the secured version of HTTP, offers improved protection against users that are on the same network or those who are modifying the traffic. Such a threat is known as “man-in-the-middle attack”.
A majority of users entering data on search fields or forms do not often notice the “Not Secure” warning. However, it is the responsibility of website owners to protect users from any privacy violations or breaches. A user can unknowingly input sensitive information which is then recorded on servers. Thereby, Google understands the need for corrective measures that will facilitate in policing.
Many analysts believe that the emphasis laid by Google on SSL is a great initiative for both – users and website owners. The change will help in enhancing the web security of websites in general. However, the dilemma of being targeted by a hacker still persists even with a SSL certificate.
The primary reason is that SSL does not essentially mean that the website is safe. HTTPS helps in keeping the visitor’s data secure in the transit phase. However, it will not do anything to protect the website from hacking.
Firefox, the company behind Mozilla search engine has not even confirmed if it will be following Chrome’s legacy for new user input warnings. However, they have also updated their platform where “in-context” warnings have been surfacing for login pages and payments.
On the other hand, Chrome 62 will warn users for all the HTTP pages when a user opt for its Incognito mode.
October 2, 2017
November 21, 2016
November 26, 2015