Stricter Browser Security Warnings for Non-SSL Websites

Chrome 68 Security Alert

For a couple of years now we’ve been banging on about SSL Certificates and browser security...

…and for a long time the common response has been “What’s an SSL certificate?”

Chances are you see them every day. Shop on Amazon? Check. Post on Facebook? Check. Read LinkedIn? Check. Watch YouTube videos? Check.

Browsers have been warning users over non-secure web pages for some time now.

Why would you want the words ‘Not Secure’ next to your company logo?

Since the beginning of 2017, browsers such as Chrome, Firefox and Safari have been warning you about web pages that contain forms, yet are missing an SSL certificate, by way of a large security warning page or popup (depending on which browser you use). Safari’s looks like this:

Browser Private Connection

In most cases the browser flat out refuses to display the page unless you click several buttons to tell the browser that you understand the risk and trust the content of the web page. But why would you do that if you know nothing about a website that’s asking you to enter a personal password or payment information? (rhetorical question).

The reason the browser does this is because the data you enter into a form is not encrypted, so can be accessed by others.

Imagine you’re buying a pair of shoes online, you get to the checkout and you are presented with a garish warning, informing you that the page you are about to enter your credit card details into is not secure. Would you continue?

So Why Are We Talking About SSL Certificates – Again!

The truth is we never stop talking about website security. But the reason we need to bring it to your attention again now is because since Chrome 68 was released to the public in July 2018, the browser has added an important update which marks websites without an SSL certificate as ‘Not Secure’.

Up until now the browser giant (60% worldwide market share at time of writing) has only warned a user that a page is not secure when entering details into a form, but now the off-putting warning is visible regardless of the content on that page. Whether the website is e-commerce or a simple, static web page, if you don’t have an SSL certificate, the browser is going to tell your website visitors that the page they are visiting is not secure.

Why would you want the words ‘Not Secure’ next to your company logo? That’s the question we often ask when we hear people say “I’m not bothered about an SSL certificate, I don’t need one”.

Still Not Entirely Sure What an SSL Certificate Is?

GlobalSign has provided over 25 million SSL certificates. According to them… “SSL Certificates are small data files that digitally bind a cryptographic key to an organisation’s details”.

What?

In its most basic form, an SSL certificate encrypts data between a browser and a server. It helps prevent others taking a peek at the data you submit through a website, such as a login form, payment details or a basic contact form submission by scrambling the data to help prevent unauthorised access.

And Why is an SSL Certificate Important?

As a business, you have to show your customers that you can be trusted. So why would you not do that online? By installing an SSL certificate on your domain and ensuring all content is encrypted over HTTPS (https://www.etc…) you are ensuring that the people visiting your website are browsing safely and that any data they enter is encrypted when sent to the server. There is no reason we can think of for not having an SSL certificate, although there is still some reluctance from people due to ‘cost’.

Browser Address Bar Security

How Much Does an SSL Certificate Cost?

Well it depends on the size of your website, what sort of certificate you require (typically there’s a number of different types to confuse people) and if you need to offer compensation due to a breach.

It also comes down to the provider. You can pay 100 different prices for the same certificate, depending on where you shop.

Typically, you can pay anything from £30 – £500 to have an SSL certificate installed by somebody who knows what they are doing – depending on the type of certificate you require. Alternatively you can buy your own certificate for a small number of American Dollars and install it yourself.

How Can Twilo Help?

Twilo took the decision to refuse to host a website without an SSL certificate some time ago. Simply put, we take your website’s security seriously, and we expect you to as well.

Website security is a serious matter and installing an SSL certificate is the first step you should take to show your customers that you take their privacy seriously.

Still have questions about SSL certificates? Please don’t hesitate to contact us, we’re happy to help.