Everybody has family members who point out their flaws. They may do it in the nicest way possible, but it’s irritating nonetheless. “How is the job hunt going?” they ask, forcing you to describe the career challenges you’ve been facing. It may sound like a question, but it’s really more of an accusation: “Explain why you don’t have a new job yet.”
Google Chrome is filling a similar role on the internet nowadays. If your website isn’t equipped with an SSL certificate (see an explanation here) and your URL still starts with HTTP (and not HTTPS), Chrome now calls it out with the words “Not secure” in the left side of the URL bar.
Google’s browser used to just show a small icon there that indicated that something was amiss. It was like your snoopy aunt whispering “I heard he’s been under the weather” to someone in the kitchen – not great, but easy to ignore. Chrome’s new “Not secure” message is much harder to overlook, and much more concerning to users. It’s like that same aunt standing on a chair and shouting “he’s got a terrible rash under that ugly sweater and it’s probably contagious!”
You see, Google has been whispering about unencrypted websites for a long time, and in the last year or so it decided to take its security shaming to a new level. In fact, there are times when Chrome won’t let you view an unencrypted website at all without clicking the web equivalent of a liability waiver. And all I can say is “it’s about time.”
SSL certificates are essentially internet security 101, and while they won’t stop all of the miscreants on the internet, they’re a simple – and sometimes free – way to slow down hackers and malware. SSL certificates are like turn signals. They’re so easy and effective at preventing accidents that we’ve started to take them for granted. That is, until we catch a driver who forgets to use them. Then we say bad words and ask questions like “who gave that guy a license?”
You do not want people asking questions like that about your website (“Why do they even have a site if they aren’t going to keep it secure and up to date?”). If your site doesn’t use an SSL certificate, it’s time to put one in place. The basic versions are easy to install and the industrial strength ones are challenging to install, but they’re all worth it in the end.
You can read about the process of adopting this change in Google’s own words here: https://www.blog.google/products/chrome/milestone-chrome-security-marking-http-not-secure/