How Google’s making web browsing more secure for you
Summary:
Key takeaways: Starting in July, Google Chrome will show a warning for any websites that aren’t encrypted.
Why: To encourage companies and web developers to encrypt all web traffic, rather than specific pages.
What do you need to do: It depends. If itro handles your web hosting, most likely nothing, we will manage the change for you. If anything is required, we will contact you. If your hosting is with a third party, you’ll need to speak with them.
Quick Run Down:
From July 2018, Google Chrome will mark all websites to which you connect via HTTP rather than HTTPS as ‘Not Secure.’ Google already deprioritises search results for websites which only use less secure HTTP connections, so it’s important to address this issue quickly.
Here’s a mock-up of how future versions of Chrome will handle HTTP:
Contrast that with HTTPS:
If itro hosts your website, there is no need to worry as we’ll migrating your website to our new hosting platform. Our new web platform includes free auto-renewing SSL certificates that suit most websites. In some circumstances, you may need to purchase a full SSL certificate, but itro will notify you before purchasing a certificate on your behalf.
More Detail:
HTTP (Hypertext Transfer Protocol) is the method your computer uses to view a website. When you connect to a site, your browser sends an HTTP request to the server detailing which resources It would like to receive. The server then transmits a response message containing the requested data.
However, HTTP possesses a massive security flaw. It transfers all data in plain text. Plain text refers to data stored in an unencrypted format. When transmitting data via HTTP, a user on your local network – or an intermediary between your computer and the remote server – can monitor all your HTTP traffic. A third party can eavesdrop on any passwords or financial information that you send, and track your web activity.
To address this issue, Netscape developed HTTPS (‘S’ for ‘Secure’). HTTPS encrypts the entire data stream, meaning that a third party observing your connection can only see the domain name of the remote server. For example itro.com.au. They cannot see which specific pages you visit on that site, the files you download, nor your user credentials.
HTTPS also utilises TLS (Transport Layer Security) to verify the identity of a remote server through the use of secure certificates. Certificate authorities issue encrypted digital certificates so that websites can say ‘This server is who they say they are.’
Previously, developers only used HTTPS to handle specific pages – such as a payment portal or a login page – and then utilised HTTP to handle all other content. However, organisations such as Google, Microsoft, and Mozilla are heavily promoting HTTPS to encourage a fully encrypted internet. This effort will increase security for end users and push web developers to encrypt the entirety of their websites. Rather than select resources.
Important
However, it’s important to remember that certificates and HTTPS aren’t foolproof. When you browse to itro.com.au and see the green padlock, your browser is saying ‘Yes, this is itro.com.au. A malicious person hasn’t intercepted your traffic.’ Some vulnerabilities still exist. For example, a phishing site could register ltro.com.au (With an L, not i), apply a certificate to the domain, direct you to browse to ltro.com.au, and your browser would report ‘Yes, this is ltro.com.au, and a malicious person hasn’t intercepted your traffic.’
What itro is doing
itro is migrating clients for which it handles web hosting to its new platform. In most instances, we can apply a free certificate with no action required on your part. The new platform is faster and more secure, and we’ve already transferred several clients with no interruption or cost.
If you have any questions, don’t quite understand, or wish to transfer your hosting to itro, please contact our sales and technical teams.
If you use a web hosting provider other than itro, we recommend contacting them to ensure your website is ready for Chrome version 68 in July.