Towards the end of the year, Chrome v62 will be released, bringing with it many new changes for both users of the browser and site owners. The biggest change will be the marking of non-HTTPS sites.
These sites will be marked with text input fields and will automatically be viewed in incognito mode as ‘not secure’. Google has started rolling this out, by reminding all website owners that they need to switch to HTTPS or their site will be marked like this.
Further to the marking of non-HTTPS sites, website owners will also have to incorporate SSL Certificates to secure the information being shared between their server and their visitors. If this isn’t incorporated it means that sensitive information could be exposed to the internet. HTTPS will be the norm in due course, so there is no need to worry about transferring across.
There is a problem with SSL Certificates though. Not all websites which have this certificate can or should be trusted. Luckily for us though, Google has come up with a solution for this.Users who are worried about which sites can be trusted should look no further than the URL. Look for letters in the URL which seem out of place, such as numbers in the place of letters, or letters made to look like numbers. Even look out for additional letters or numbers that shouldn’t be there. There are fully comprehensive guides out there which can help you distinguish between safe sites with an SSL Certificate and unsafe ones with the certificate.
You can also look out for an EV SSL Certificate (Extended Validation Certificate). This will show that this site is completely trustworthy. A trusted website will have the company name next to the URL, such as Apple, Inc (URL). Unfortunately, not all SSL certified sites will have this, but most of the big name companies will. It will only be a matter of time before more and more smaller sites are also becoming EV SSL certified.
However, despite all of this, it is important to note that phishing sites can hijack sites which already have SSL certification in place. This can add the appearance of being a legitimate site, even though they are not. These phishing sites can also use free (and non-legitimate) SSL certificates to make themselves appear more trustworthy.
If you’re worried about the SSL certification as Chrome moves to its new version, you can access a full guide to enabling HTTPS for your site, and how to avoid your site being marked as ‘not secure’. It is always worth keeping up to date with the latest phishing scams and makes sure that your site is fully protected from hackers to ensure the security of your servers, and your visitor's data.