Google imposes tougher rules on websites without SSL certificates in Chrome

2018 has been a year of notable developments for SSL (Secure Sockets Layer). During the summer, Google slapped a ”Not secure” warning on all websites without https (in other words, all websites without SSL certificates). Now the search giant is tightening the rules further with their new Chrome updates.

Reinforced warning for unsafe sites – minimized labeling for safe sites

In October, the green “Secure” notification was dropped from the Google Chrome address bar for sites with https. Eventually, the padlock beside website URLs will also disappear- up until now this has been an indicator that a website is safe.

See the picture below:

Instead, it will just be websites that don’t have SSL certificates that will prompt an icon beside the URL – they will continue to be marked with a red “Not secure” notification, emphasizing that the site is unreliable. Emily Schecter, Product Manager at Chrome Security, points out that internet users should expect websites to safe by default, so Google have chosen to remove the “Secure” marking. The “Not secure” notice is to serve as a warning on those sites that could be unreliable.

See picture below:

Picture taken from Chromium Blog

As for now, this new – neutral – marking means that Extended Validation SSL Certificates, i.e. certificates that displays company name in the URL field, will be the only type of certificate that show any kind of secure indicator (except from the “Not secure” mark..) in Chrome.

83% of websites on the internet today have some type of SSL

Google Chrome’s goal is that 100% of websites on the internet will have https, and they have made good progress towards this. Today 83% of all websites on the internet have at least some form of SSL certificate, so you have more chance of ending up on a site that’s safe rather than one that’s unsafe. This is one of the reasons for Google arguing that ‘safe’ homepages are now the norm, and that security notifications should be made less visible on safe sites.

But the question many of us ask: is this is a positive or negative development?

There is divided opinion about whether this is a good or bad development. One positive effect that Google is hopeful of seeing, is a reduction in the number of ‘phishing’ crimes, since fraudsters and unauthorized individuals can no longer use ‘secure’ markings falsely on unsafe sites.

It remains to be seen if more browsers follow Chromes example. For the time being, both the green marker and the padlock are used in, for example, Mozilla Firefox and Safari.

More than ever, SSL certificates are a ‘must-have, both to protect your visitors while they’re on the internet and so as not to negatively affect your search indexing.

 

If you want to know more about the SSL certificates that are available today or if you just want to talk something over with our experts, contact us here.