A recommendation from Google
Google has been busy this year. Beginning January 2017, Google Chrome (version 56 and later) began marking pages that collect passwords or credit card details as “Not Secure” unless the pages are served over HTTPS. This creates a degraded user experience for your visitors and could impact your site’s organic search rankings.
As a VDW client, your site and your users are already protected with an SSL certificate on pages containing sensitive information such as social security numbers or credit card information. However, with this recent change from Google, it is now necessary to protect additional pages on your site, such as pages containing user login forms, even if logging into the site does not expose any sensitive information. For this reason, we are recommending that all pages on your site be secured with an SSL certificate.
While it is possible for us to only protect the specific pages that contain a user login form, it is preferable to simply enable HTTPS protection for all pages on your site. This requires less technical effort and provides the added benefit of encrypting the data flow between the user’s browser and our web servers, which helps thwart several types of attacks that hackers use to probe for vulnerabilities on a web site.
Please contact us to learn how we can provide security protection for all the pages on your site.
What is HTTPS?
HTTPS (Hypertext Transfer Protocol Secure) is an internet communication protocol that protects the integrity and confidentiality of data between the user’s computer and the site. Users expect a secure and private online experience when using a website. We encourage you to adopt HTTPS in order to protect your users’ connection to your website, regardless of the content on the site.
Data sent using HTTPS is secured via Transport Layer Security protocol (TLS), which provides three key layers of protection:
- Encryption—encrypting the exchanged data to keep it secure from eavesdroppers. That means that while the user is browsing a website, nobody can “listen” to their conversations, track their activities across multiple pages, or steal their information.
- Data integrity—data cannot be modified or corrupted during transfer, intentionally or otherwise, without being detected.
- Authentication—proves that your users communicate with the intended website. It protects against man-in-the-middle attacks and builds user trust, which translates into other business benefits.