Starting over the Christmas period, Google started sending out messages to webmasters that collect ‘Passwords and credit card details’ on pages that are not secure.
The update would refer to Google Chrome 56 which has started to roll out from today in the UK and the fact that if you collect data on an insecure page, then the browser will warn the user.
What Does This Mean
From the warnings we have received, we have been given example pages that contain:
Call Back Forms
Contact / Enquiry Forms
Collecting emails to allow PDF downloads
Google does say in its warning their list is not exhaustive, but we have found their warnings to be fairly blanket across any input fields.
In reality now Chrome 56 has been released, we are only currently seeing the warning on pages that are asking for a password.
What it means, is that if you do not use an SSL certificate site-wide, then your customers will be told you are not a secure website which will be a bad reflection of your business and trade.
We have been pushing for site-wide SSL use for a while now at Digital Next; this is a further push from Google. In the future, I would expect Google to take this a step further. At the moment Google are saying passwords should be encrypted when transmitted across the internet which I agree with 100%, but why stop at passwords? Why shouldn’t a user want their email addresses, or the problems they are writing down in contact forms to be kept private? I believe in the coming months and in the updates to Google Chrome, they will tighten security warnings and include all input fields.
Why Are They Doing This?
Google have, for a few years now, been trying to push towards a secure web. It really started many years ago when they stopped reporting on keywords stating data protection.
Since then, online privacy has become a huge topic, with governments demanding access to everything and I’m sure the tech giants have demands put on themselves. A secure web means nothing can be snooped on. All communications between user and web server are completely private, which is what Google are pushing for.
For Google to achieve a secure web, they will need to force webmasters to invest and put the work in their websites to make it secure. They are currently doing this by making secure pages preferable in search results and by labelling websites as insecure. Webmasters will not want to risk losing business, so they will inevitably fall into line.
Once Google take this stance and Chrome implement this change, then it won’t be long before other browsers follow suit and within the next 12 months, I believe Google will achieve their goal and the majority of websites used will be completely secure.
What Do I Need To Do
In short, make your website secure! We have been making this recommendation for a while now, but I would now say it needs to be higher up on a website’s ‘To Do’ list.
Firstly, you need an SSL certificate. This can be arranged by your hosting company in most instances. There is a cost, but it’s certainly worth it to stop your customers being told they are using an insecure website because you have a newsletter form.
Thirdly, don’t panic! If you’re not sure what you should be doing, then just ask. Google move the goal posts on a regular basis; this time it’s one of the larger changes which is identified by Google sending out messages. They don’t do this for insignificant change. For any extra advice, or help on ensuring your website is performing to its optimum, get in touch with us today.