[Please see my ReVisited post as things have changed drastically since the writing of this post]
If you use the Chrome or Firefox browsers, you may have been alarmed by a new message that can be found in your browser address bar. Both browsers are now announcing that websites that do not have a security certificate, indicated by the https:// in the address, as not secure. But what exactly does that mean and should you be alarmed?
Google and Firefox have added this bit of information to their browsers as a way to help users keep their passwords and information safe. And while it can be helpful, there are a few things you should know before you rely on this information or let it frighten you away from websites identified as ‘not secure’.
If you aren’t sharing sensitive information on a website, you shouldn’t be concerned about the new designation. Many websites now run on WordPress (including mine). Because WordPress has a login form to access the ‘dashboard’ or back end of a website it is considered a site that asks for passwords. However, if you are just a visitor to a blog or website and aren’t signing in for any reason as a user, you have nothing to worry about. It is not unsafe to view or visit websites with the ‘not secure’ browser message.
If your information is being gathered by a secure third-party service, you have nothing to worry about either. I have newsletter signups and payment buttons on a couple of my WordPress websites, but I don’t gather the sensitive information on my website. Instead I use a service like MailChimp or PayPal which takes you to a secure portal where you are asked for that information. Because both Mailchimp and PayPal secure the pages that request information I redirect individuals to pages on those services rather than asking them to share it on my website.
Hackers and unscrupulous people can install security certificates. This means that you can’t rely on the ‘not secure’ message or the https:// at the beginning of the address alone. Always take precautions and make sure you are on reputable websites before inputting passwords or sharing sensitive information.
As a website owner should you have a security certificate installed on your website? Maybe. If you have a site that requires user registration and login or have an e-commerce website that doesn’t redirect purchasers to a secure third party service the answer is Yes. If you have a website or blog that doesn’t require login or sharing of personal information the answer is probably not yet.
Do be aware that in an effort to keep user information more secure it’s entirely likely that eventually all websites will be required to have a security certificate installed. As a result, I believe that hosting companies will make it less expensive and easier to implement. It’s something that all website owners should be aware of. They should also keep abreast of future developments.
While the new “not secure” browser messages shouldn’t scare you away from a website, you should always remain aware of where you are sharing sensitive information and passwords. The “not secure” message is simply a tool that should remind you to be cautious when sharing sensitive information.