Does the fact that a website uses an encrypted https prefix instead of plain http matter that much?
Until fairly recently, conventional wisdom held that https was necessary only for websites that asked visitors to log in, either to buy products and services or to access hidden content.
In recent years, https connections (which use the SSL protocol or its much better successor TLS) have spread rapidly across the Internet for a number of reasons beyond simply protecting e-commerce transactions, discussed in more detail later in this article. Google recently added another to this list by announcing that the Chrome browser would start labelling non https websites as ‘not secure’ in browser address bars from version 56 which will appear in January 2017.
Google has been pushing https security since way back so this is just the latest instalment of its master-plan to raise Internet security above what is still often joke status.
The labelling won’t be subtle and will clearly stigmatise sites not using https. The first sites marked in this way will be https websites transmitting passwords (i.e. logins) or credit cards although by Google’s own estimates the vast majority of those already use https anyway.
In due course, the not secure labelling will be applied to all websites, in effect making https a new default level of security for every and any website. Google isn’t the only big name to announce such a policy (Mozilla has also made similar noises regarding Firefox) but it is the first to spell out a more defined timescale. Because Google is also the Internet’s dominant search provider means that the announcement has wider implications.
0 comments:
Post a Comment