A new version of Google Chrome, version 68, is due to be released in July 2018. We are currently on version 64; if your website does not use HTTPS, a prominent warning will only appear once you have entered your details:
The ‘Not secure’ warning will now appear by default in the address bar:
Why is this important?
Google Chrome is a popular browser. This graph shows the number of users of various browsers in the Czech Republic over the past year.
Source: StatCounter Global Stats
As you can see, the number of Chrome users is constantly growing. Firefox (which is the second most popular browser) is already taking a similar stance against websites without HTTPS, so it is likely that it too will adopt stricter warnings.
What is HTTPS?
It is an abbreviation of the words Hypertext Transfer Protocol Secure. The key word here is “SECURE”. The HTTPS protocol encrypts data between your computer and the websites you wish to visit.
This means that nobody can monitor what you are doing on the website or what data you are sending or receiving. Nor can they interfere with the communication. If someone intercepts such communication en route, it is an unreadable jumble of data that is useless to the attacker.
In the past, hackers exploited these security loopholes. If they managed to break into the communication, they could, for example, obtain your passwords. Encryption prevents them from spying on you.
How encryption works in practice
Obtaining encryption is easy; you simply need to install an encryption key on the server. This key is called an SSL certificate (Secure Sockets Layer). This certificate is issued by several global authorities, such as Thawte, Symantec, GeoTrust or RapidSSL.
There are several levels of certification. The government needs more complex encryption than a blog about cat breeding.
If a particular website has a valid SSL certificate, you will see a padlock in the address bar, the word ‘secure’, part of the address may be highlighted in green, and so on. This is what the difference between higher and lower security looks like:
Apparently, there are only two entities in the world capable of breaking SSL certificates. If MI5 tries to break your encryption, a breach of secure communication will likely be the least of your worries, as James Bond has long been hot on your heels.
What certificate do we use at AITOM?
SSL is available to everyone. At AITOM, we usually recommend the Let’s Encrypt certificate.
Let’s Encrypt
is an automated certificate authority. The project is funded by donors, including leading innovators such as Chrome, Mozilla, Facebook and Cisco. Thanks to this, even small businesses can afford a secure website.
Let’s Encrypt currently serves over 50 million websites
worldwide.