We Still Need More Hypertext Transfer Protocol Secure (HTTPS)
Last week, researchers discovered that devices were being used to hijack users' unencrypted internet connections, making yet another case for encrypting the web with HTTPS. In the Middle Eastern region, users who were trying to download legitimate applications were instead served malicious software intending to spy on them.
These are machine-in-the-middle attacks, where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. This can happen if your web connections use HTTP, since data sent over HTTP is unencrypted and can be modified or read by anyone on the network.
We can try and mitigate these attacks by using HTTPS instead of HTTP. We can see when a web page has been loaded over HTTPS and check for “https” at the beginning of the URL or, on most common browsers, a green lock icon displayed next to the address bar.
Later this year, Chrome is planning on marking all HTTP sites as “not secure”. Google’s announcement that HTTPS is a ranking signal and that failure to switch could mean a websites ranking will take a hit, and that would mean less traffic and less business.
One of the concerns about HTTPS is its perceived negative impact on server resources and page load times. After all, encryption usually comes with a penalty so why would HTTPS be any different? Thanks to improvements to both server and client software, the impact of this encryption is negligible at best.
We've come a long way with HTTPS adoption since 2010, evidently, we still have a long way to go.
Simply put, HTTPS is not going away, the biggest reason to switch to HTTPS is to future-proof. The direction of travel is clear, using HTTPS will increasingly be the norm rather than the exception, and you should plan to migrate sooner rather than later. Planning to switch now would be a prudent move regardless of whether you implement the change immediately or later. But it's worth reiterating that failure to switch is just postponing the inevitable.
Google have their own guide, “Securing Your Website With HTTPS,” which I would recommend a look over.
Dean, thanks for sharing this!
Neat. Good to know I should use hypertext transfer protocol secure when developing a website.
Thanks for sharing!