When it comes to security, many of us takes it seriously. You've just got to look around you and you'll see security in use in society - locked doors, shop shutters, fingerprint scanners, passwords, and so on. But there is a tendency te disregard security when it comes to visiting websites. Is it even important now?
Part of this vision could be blamed on just the way things are. Unless your website needed a secure connection (commonly known as SSL certificates, or HTTPS), people saved the money (anywhere from £30 to £400+ per year) and didn't bother with having one. While in most cases this is fine, online security concerns continue to grow and become a major part of people's lives. You've only got to take a look at the news over the past few years to see data being stolen due to careless security policies or set ups.
How can I tell if a site I'm visiting is secure?
This depends on your web browser itself, but common browsers (that is, Google Chrome, Mozilla Firefox and Microsoft Edge) show this in the address bar. It's more commonly known as the "green padlock", because that's how it's shown. There are different types of SSL certificates, and depending on which one it is, depends on how it's shown.
For example, you may notice that our site shows "Secure" with a green padlock. This means that your connection to our site is encrypted. Some sites, like banks, show their business name too, this shows that the certificate issuer has vetted the company to verify their identity; these are the ones that can cost quite a bit, but in certain industries, it's worth it.
How important is it for your site?
If your site is a standard information website, then you may think that an SSL certificate (we'll call this a secure connection) is not important. But there are a few key parts to having one that may prove to be more beneficial than you realise.
- Google prefers a secure website - regardless of it's purpose. They have openly stated that this is one of their factors in ranking websites in their search results.
- Web browsers are adopting the idea of these certificates as a 'must-have'. This means that browsers including Google Chrome will show sites as "Not Secure" rel="noopener nofollow" when a certificate isn't present.
- It gives people confidence in your site. Would you prefer to be viewing a web site labelled as "Secure" or "Not Secure", regardless of what it's about?
- Sites with HTTPS aren't affected in terms of speed. Historically, HTTPS sites have been known to be slower compared to HTTP due to the process involved. However, this has drastically been reduced. You can even test this for yourself.
- The price tag has been removed from the more basic SSL certificates with projects such as Let's Encrypt growing in popularity.
What do we suggest? Given that these can now be added free of charge, they should be added, not only for SEO, but for the confidence factor it gives your site's visitors.
What does an SSL Certificate do?
This part can be a little bit technical, but I'll try to keep it simple.
Each certificate comes with two keys, known as a public and private key. These work together to create the encrypted connection between the site's visitor and the site itself. When a visitor accesses a website, it creates what's known as a handshake, as per the below.
-
User - Connects to the website with a HTTPS connection. It asks the server (where the website is stored) to identify itself.
-
Website - This will send a copy of the certificate along with the public key back to the browser.
-
User - This checks the validity of the certificate against a list of trusted issuers. Anyone can create a SSL certificate, but only selected, secure, audited companies are trusted by your browser. If the browser trusts the certificate, it creates, encrypts and sends the website another key (called the 'session key'), encrypted using the known public key.
-
Website - The key is decrypted using its private key, and replies with an acknowledgement to start the session using the session key the browser had sent it.
-
User & Website - Now communicates and encrypts all data using the session key.
All this happens in quite succession to enable a secure connection. It may seem confusing, but this helps keep your data (and your visitor's data) safe on your website.
How does Roseblade Media help?
We develop numerous websites for various industries. Any that we host will now automatically come with an SSL certificate installed and working. We also set up these certificates on all of our own websites to ensure all our clients and visitors have a safe and secure visiting experience.
If you already have a website hosted with us and would like some help setting this up on your site, please drop us an email or give us a call and we'll install a Let's Encrypt certificate for you - for free.