The Year of HTTPS and SSL Certificates

While 2017 might be the Year of the Rooster in the Chinese zodiac, in the web design world 2017 is the year of HTTPS/SSL certificate. Before we find out exactly why that is, it is first important to understand what HTTPS and SSL certificates are.

The Quick Answer

HTTPS and SSL certificates are utilized by millions of websites today to protect users sensitive personal data from hackers, criminals and identity thieves (information like credit card numbers, usernames/passwords, email addresses, phone numbers, addresses, SSNs and much more). Now lets get technical (don’t worry, just for a second):

What is HTTPS?

HTTPS stands for “Hyper Text Transfer Protocol Secure” and is the secure version of HTTP. When you see the “HTTPS” it means that the data being sent is encrypted with an SSL and likely secure. A secured URL will always begin with “HTTPS” so simply look at the address bar in your web browser to see. It is important to know that HTTPS does not mean your information is secure, it just means your connection is secure.

What is an SSL Certificate?

SSL stands for “Secure Socket Layer” and along with the newer TLS is a protocol that enables encrypted communication over the Internet. Here is how it works:

When you first connect to a website an SSL connection is established between your web browser and the web server. This “pipeline” allows HTTP data to exchanged securely by encrypting (or scrambling) the data before it is sent and decrypting it once it is received. This prevents anyone who might have intercepted the communication while the data was in transit from understanding it.

Essentially HTTPS is just HTTP data sent over an SSL connection so without an SSL certificate you cannot have HTTPS. A website secured with a valid SSL will always have a green padlock icon on the left-side of the address bar of your web browser so make sure to look for that to verify everything is protected.

I Still Don’t Understand; In English Please!

Think of it like this: Imagine that the electronic communication is instead an old-fashioned snail-mail letter being sent between you and another person via the post office. While your letter is in transit it could easily be intercepted by a criminal, opened, covertly read, resealed and sent along to its final destination without either you or the recipient knowing what had happened. However if that letter was encrypted using a secret code that only you and the recipient knew then even if it is intercepted by some nefarious person it couldn’t be read without the decipher key.

This encryption is exactly what HTTPS and an SSL certificate provides and makes stealing your information that much more difficult for hackers, criminals and identity thieves.

So How Can I Tell if I am Protected?

Sometimes you may see “HTTPS” in the address bar but the padlock will be missing or showing a warning message; this is usually a sign that the website has either been setup/configured incorrectly, the SSL is expired or something much worse. You should not ignore these warnings! Only seeing the “HTTPS” and green padlock icon together in the address bar verifies that any communication sent between you and the web server is encrypted and that your information is protected. If you don’t see both these security indicators together it means that the communications might be sent is in “plain text” and could be intercepted and read by a hacker.

Look for the green padlock icon and “HTTPS” together.

SSL padlock https TRP web security

When Does HTTPS/SSL Matter?

Any website that asks for sensitive personal information should be protected with HTTPS/SSL as a basic requirement. This is especially true for e-commerce websites that require users to enter in their credit card information and shipping/billing address to complete online purchases. It is also very true for any type of membership website that requires personal data to join as well as a username/password to access its functionality (this can be anything from online banking to online dating).

Today, even simple informational websites contain features like email contact forms and newsletter signups that you might not have considered as being vulnerable but often ask for and transmits sensitive personal data like your name, email address, phone numbers, home address and more. Even if you trust the website or familiar with the business think twice before using features like this if the website is not protected with HTTPS/SSL.

Even though it is not a requirement that every single website online be protected with HTTPS/SSL, it is highly recommend that all are. So whether you are paying bills online or simply connecting with friends and family on your favorite social networking website make sure you’re information is protected with HTTPS/SSL.

Different Types of SSL Certificates

There are three different types of SSL certificates that you should know about. All three types include HTTPS and the padlock icon in the address bar.

The first type is a self-signed SSL certificate. The biggest advantage of this type of SSL is that there is no yearly fee. There are however a few downsides; for example, it does not include a seal that can be placed on every page of your website and does not come with any support. This type of SSL is perfect for personal, small business or informational websites utilizing email contact forms or newsletter signups.

The second type is a standard SSL certificate, of which there are a few different levels. The biggest advantage of this type over a self-signed certificate is that it includes a seal that can be embedded on every page of your website (which helps build trust with your users) and comes with support. Its only major downside is the yearly cost which varies depending on the level you choose and your websites needs. This type of SSL is perfect for e-commerce online shopping carts, large businesses and any website with an account login form.

The final type is a wild-card SSL certificate and is usually the most expensive of the three. It includes everything that the standard SSL does but allows you to secure an unlimited number of subdomains. So only websites utilizing subdomains need this type of SSL certificate.

So Then What Makes 2017 the Year of HTTPS/SSL Certificate?

One word: Google. In the web design world when Google says “jump” everyone says “how high?”.

Now for some history; back in 2014, Google determined that in order to create a more secure Internet every single website should be protected with HTTPS and an SSL certificate. In order to encourage site owners to secure their websites, Google began penalizing websites that were not secured with HTTPS/SSL and boosting those that were. To be fair having or not having HTTPS/SSL is unlikely to have a major impact on your websites SEO search rankings as it probably carries less than 1% weight… although it cannot hurt either and every little bit of SEO helps!

More importantly is a recent announcement from Google which is surely to have a much more noticeable impact on the number of websites protected with HTTPS/SSL. Beginning October 2017 Google Chrome (which is currently the most popular web browser today) will show a “not secure” warning message when a user enter text on any unsecured input field (like an email contact form, newsletter signup or account login). This is just the beginning as other major web browsers will likely follow suit soon thereafter.

Think about it; would you enter in your sensitive personal information on a website that is giving you such an ominous warning? My guess is that you would not and instead leave immediately believing that the website and your information was somehow compromised. To prevent the loss of traffic, business, user trust, form web requests and ultimately sales it is critical to get your website protected with HTTPS/SSL before the fast-approaching October 2017 deadline.

Does This Eliminate the Threat?

Unless you are willing to completely disconnect from the world and live in a cave, the information you have or send online will always be at risk. So while nothing can completely eliminate the threat of hackers, criminals and identity thieves, utilizing HTTPS and an SSL can substantially decease it. Don’t risk either your own or your users sensitive personal information from being stolen and tampered with. Lucky for us criminals are super lazy so the extra level of security provided with a HTTPS/SSL is often enough to send them looking for easier prey.

Get HTTPS/SSL Today!

Now that you know what HTTPS/SSL is, how it works and what to look for you can see the importance of having one. So if you want to ensure that your users information is protected and they don’t see a scary warning messages then make sure to add HTTPS/SSL to your web site. Don’t forget the added bonus of giving a small boost to your websites SEO rankings! For all these reasons and more there is no doubt that 2017 is the year of HTTPS and SSL certificate.

At The Rusty Pixel we can help secure your existing website with HTTPS and an SSL certificate. If you are looking for a brand-new web design or just a redesign of your existing website, we can make sure that you and your customers are protected. Just give us a call at (321) 446-8138 or send us an email anytime. We are here to help!