Have you ever noticed that some URLs start with “http://” while others start with “https://”? Perhaps you noticed that extra “s” when you were browsing websites that require giving over sensitive information, like when you were paying bills online.
But where’s that extra “s” come from, and what does it mean?
To put it simply, the extra “s” means your connection to that website is secure and encrypted any data you enter is safely shared with that website. The technology that powers that little “s” is called SSL, which stands for Secure Sockets Layer.
In this post, I’m going to break down what SSL is, an updated version of Google Chrome that will soon flag websites which are not secure, and how you can evaluate and get SSL.
So, What is SSL?
First, let’s start with a definition from SSL.com:
SSL is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browser remain private.”
Let’s break that down.
When you land on a website page that has a form, after that form is filled-in and you hit ‘submit’, the information you just entered can be intercepted by a hacker on an unsecured website.
This information could be anything from details on a bank transaction, to high-level information you enter to register for an offer. In hacker lingo, this “interception” is often referred to as a “man-in-the-middle attack.” The actual attack can happen in a number of ways, but one of the most common is this: A hacker places a small, undetected listening program on the server hosting a website. That program waits in the background until a visitor starts typing information on the website, and it will activate to start capturing the information and then send it back to the hacker. Scary stuff that is no longer just is sci-fi movies.
But when you visit a website that’s encrypted with SSL, your browser will form a connection with the web server, look at the SSL certificate, and then bind together your browser and the server. This binding connection is secure so that no one besides you and the website you’re submitting the information to can see or access what you type into your browser.
This connection happens instantly, and in fact many suggest is now faster than connecting to an unsecured website. You simply have to visit a website with SSL, and voila: Your connection will automatically be secured.
Everything You Need to Know About Chrome 62 and SSL
Google is getting ready to release a new version of their popular Chrome browser, version 62, which will begin to indicate that a page is not secure if it contains a form, but does not have SSL-enabled. Chrome has approximately 47% browser market share, so when this update is rolled-out a significant number of websites will be affected almost immediately.
According to recent HubSpot Research, up to 85% of people will not continue browsing if a site is not secure. In January 2017, Google rolled out a similar update that only applied to sites collecting sensitive information such as passwords or credit card numbers. With that in mind, users are now familiar with seeing this “not secure” warning, and per the research below will often leave a site because of it.
If you utilize incognito mode in your browser, Chrome will always indicate a page is not secure if it does not have a valid-SSL certificate installed. If you use Chrome outside of incognito mode then this “not secure” warning will only display when starting to enter information into a form.
Image credit: 9to5Google
This means that wherever you host content that contains a form, even if it’s just asking for an email address, you should enable SSL. Keep in mind that if you have content hosted in different platforms, it will be important to talk to each of them and ensure SSL is setup before this Google Chrome update is live. In reality, if it’s not cost prohibitive for you, it’s best to enable SSL across your entire website regardless if a form exists on the page because it can have SEO benefits that we’ll cover in the next section.
Is SSL good for SEO?
Yes. While the primary purpose of SSL is securing information between the visitor and your website, there are benefits for SEO as well. According to Google Webmaster Trends Analysts Zineb Ait Bahajji, SSL is now part of Google’s search ranking algorithm:
Over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal.”
In addition, Google has publicly stated that two websites which are otherwise equal in search results, if one has SSL enabled it may receive a slightly rank boost to outweigh the other. As a result, there is a clear SEO benefit to enabling-SSL on your website, and across all your content.
How can I tell if my website has SSL?
When you visit a website with SSL, there are a few distinct differences that display within the browser.
1) The URL says “https://” and not “http://”.
It looks like this:
2) You’ll see a little padlock icon in the URL bar.
It’ll show up either on the left- or right-hand side of the URL bar, depending on your browser. You can click on the padlock to read more information about the website and the company that provided the certificate.
3) The certificate is valid.
Even if a website has the “https://” and a padlock, the certificate could still be expired — meaning your connection wouldn’t be secure. In most cases, a site that displays as https will be secure, but if you encounter a site that asks for a lot of personal information it may be worth double-checking to be sure the certificate is valid.
To find out whether the certificate is valid in Chrome, go to view > Developer Tools. From there you will need to navigate to the security tab and you can see if the SSL certificate is valid, or expired. If you click the “View certificate” button you will be able to see more information about the SSL certificate and the specific date it’s valid through.