Google Chrome’s HTTPs-Only Mode Update: What You Need to Know
Website security is a matter of utmost importance, especially in this day and age. A secure website ensures a positive user experience with both sides standing to benefit from it. One of these security measures takes the form of an SSL certificate.
At a glance, you can tell whether the web page you are visiting is using an SSL certificate by looking at the URL’s prefix. Websites that are secured by an SSL read “HTTPS” rather than “HTTP.”
SSL certificates use a standard type of data encryption that ensures a secure connection between the web servers that deliver the webpage requested by the user’s web browser, such as Google Chrome. Moreover, Google recently announced that it is rolling out an update for their browser to block insecure web pages.
Table of Contents:
What is An SSL Certificate?
SSL stands for Secure Sockets Layer, and it is at the forefront of website security. It safeguards sensitive information exchanged between two systems, such as personal details typed in a website’s form or even credit card information.
An SSL certificate is a standard security measure that uses encrypted data files that bind a cryptographic key to an organisation’s details. This certificate works to make a connection secure by binding a domain name, or a server name, to an organisation’s registered identity, such as the company name, including the location.
For this to work, an organisation must install an SSL Certificate onto its web server to establish a secure workflow that serves encrypted exchange with browsers, such as people trying to lead an organisation’s website.
Different Types of Certificates
Owners of websites purchase SSL certificates through a trusted entity known as the Certification Authorities, or CA for short. The CAs issue and manage these certificates and public keys, which are critical for secure communication between devices in a public network.
There are multiple types of security certificates, with each providing its respective level of security.
Domain Validation (DV) Certificate
- DV certificates offer simple low-level encryption, which only verifies who owns the website. It’s displayed with a green padlock beside the URL in the browser’s address bar. It’s one of the quickest certificates to acquire, requiring only a few company documents to initiate an application.
Extended Validation (EV) SSL Certificate
- This certificate is the most expensive SSL to obtain, but it comes with the security to encrypt sensitive information. A certificate for an EV SSL can be acquired by any business that handles sensitive information, such as collecting personal data or handling web-based payments.
Organisation Validated (OV SSL) Certificate
- OV SSL certificates verify your organisation and domain validation. It offers medium-level encryption with the CA proving the ownership of the domain and that the organisation is indeed legitimate.
Other SSL Certificates:
- Single Domain SSL Certificate
- Wildcard SSL Certificates
- Unified Communications (UCC) SSL Certificate
Why Does Your Clinic Website Need an SSL Certificate?
Running a clinic website deals with the personal records of patients. Thus security is a vital aspect of the whole organisation.
These days your website often acts as the first point of contact between you and your patients. A secure and encrypted connection from servers to browsers ensures both parties can rest easy knowing that the exchange of information is well and protected.
Building patient trust is imperative to having a loyal client base. Ensuring proper security protocols and SSL certificates significantly reduces the risk of information breach, whether on the server’s side or to your client’s browser. Remember that trust can quickly be invalidated with a data breach that could compromise thousands of personal records.
How Can I Get an SSL Certificate for My Clinic’s Website?
Trusted Certificate Authorities issue SSL certificates to website owners. These go along with a trusted list of CA root certificates within operating systems, such as Windows and Mac, browsers, and mobile devices.
These are maintained by constant security patches that come along with the respective device’s software updates. The root certificate must be stored on the end user’s device for the SSL certificate to be valid and trusted.
The initial step is to assess and determine what type of certificate you or your organisation needs. Hosting content on multiple platforms requires a different kind of SSL certificate. But the standard SSL is quite capable of covering most websites.
How Does SSL Affect Your Clinic Website’s SEO?
The primary role of acquiring SSL certificates is to ensure a secure connection between the web servers and the user’s browser. While this is true, Google takes this a step further and actively prioritises sending its users to secure websites.
Simply put, if we have two similar websites with the only difference is one has an SSL verification and the other without, the secured website gets a rank boost for simply being encrypted.
Leaving the end-user with a higher probability to click on a secure website. Google ranks websites higher in their search results page when it deems a website securing its users’ information. This in and of itself is a boost to a website’s SEO.
What to Expect With Google Chrome’s Upcoming Update?
Defaulting your website to an “HTTPS” from an SSL certificate ensures both ends of the communication line between devices are encrypted and secured. This essentially boosts site security and data privacy.
Google has announced earlier in the year that it will maintain stricter implementation of this protocol, starting with Chrome’s 90 version update, and it’s already in the clear to roll out.
Considering that Google’s Chrome holds close to 60 percent of the browser share market, all websites will inevitably acquire an SSL to stay relevant. As such, current data shows that 95 percent of websites are already using “HTTPS.”
The most apparent weakness that cybercriminals exploit is the so-called man-in-the-middle attacks. Essentially they intercept the data while in transit to end-to-end, which in most cases, is between the end user’s devices and the webserver.
Using an “HTTP” connection, data is transmitted in the ubiquitous plaintext format, which, once intercepted, can be easily interpreted. Securing an SSL, hence an “HTTPS” prefix, will encrypt all data going through the channels, deeming data intercepted within the channel as null.
When Is the Update Expected to Happen?
While Google announced this security patch in January of 2021, there is no official announcement of the specific date it will roll out users.
However, beta users of Google’s browser, Chrome Canary, have already experienced the option of having “HTTPS-only” mode as a default. It is expected to have reached Google Chrome 93 on August 31.
Why Is This Update Being Introduced?
Google has always maintained a firm stance in keeping its users secure, as seen on consistent updates addressing this category of the patch notes. This upcoming update would enforce this security measure to another level with its HTTPS-only mode.