Does NOT having SSL mean your website is unsecure for people to use?

Does NOT having SSL mean your website is unsecure for people to use?

Google Starts Warning About Non Secure Password Fields in Webmaster Tools

But does that mean NOT having SSL makes your site not secure and unsafe for your visitors to use?

If you have any websites that you value, that aren't yet using SSL and make use of password fields somewhere on that website, such as on the registration/login pages. Then now is the time to make the switch from http to https!

Google is now starting to send messages to website owners within Google Search Console (Webmaster Tools) to try and make sure their websites are using HTTPS when served via the Google Chrome browser.

From January 2017, unless you're website is using SSL, Google will start marking websites as "Non Secure" if they use any fields that collect passwords or card details in any way. Even if it's a simple login form.

Google wants to make the Internet a safer place for its Chrome browser users and this is one way of letting people know that a website they visit is secure to use to input sensitive data too like passwords and credit card details etc.

Obviously most fairly savvy Internet users know that already just by seeing whether it's using https over http and there is a padlock icon in the address bar itself as a way to know whether or not it's safe to use for that reason.

Google is saying that they are going to notify webmasters about each specific URL location on your site that has input fields for putting password or card details into which will be the URLs that will trigger and cause the Chrome Non Secure Warning from showing to a visitor in the SERPs and when they visit your non-secured site via a browser warning popup and icon.

They've done this so that you can review all of those URLs, posts, pages on your site that do so you can take the suggested action to ensure they are marked as secure which can help to protect the visitors data.

This is seen as a move that is just one step in the long going uphill battle plan to make the Internet a safer and more secured place by letting your sites visitors know this by marking it as "Non Secure".

So obviously, the solution here is to purchase and install an SSL certificate for your site. It's affordable and much easier and quicker to that today than it ever used to be. And even your own webhost may do it for you.

Most domain registrars such as NameCheap and GoDaddy provide Knowledge Base articles that show how to properly install an SSL certificate on your site today for most web platforms and technologies out there.

A must move if you don't want your Chrome website visitors to see that Non Secure Warning show up and have them think your site is not safe to use. Period!

Does NOT having SSL mean your site is not secure and unsafe for your visitors to use?

If you are collecting passwords and credit card details on your site. Then you should be using SSL and there's no real reason not to. But if you are just a blog or some info type site, and you don't take credit card details, and you don't have any fields on your site that ask for a password that are crawlable and seen by Google. Then there probably isn't any reason to have SSL and your site wont get marked as unsecured.

However, just because a site is marked as unsecure by Google in Google Chrome. Doesn't necessarily mean that site is not safe to use. For simply visiting and reading the content or watching the videos or visiting a link to another site from that site or subscribing to their newsletter or posting a comment on one of their blog posts or something. Then that's going to be fine and safe to do even if they're not using SSL.

SSL = A False Sense of Security?

The other thing to know of course, is that even if a site IS using SSL (https). And does collect passwords or credit card details. It doesn't necessarily mean that site is safe to use. Sure, your password or sensitive credit card details are encrypted using the latest 256-bit key encryption, but that doesn't mean the website will send the goods/items you just purchased.

And I think that in the future we could see people fall prey to the false sense of security that SSL gives to people. Although this is really where you must use your common sense and do your background checks on a website you've never used before and isn't a really well known website.

And as long as your details weren't somehow intercepted and then decoded (unencrypted) (which can happen and can be done with the right tools/knowledge), then whoever signed their SSL certificate couldn't be held accountable (they actually insure the SSL certificate owner against this). So it would be down to your credit card company to cover you in the case of an item not received dispute.

So then, just because a website isn't using SSL, doesn't mean that website is not safe to use for most purposes. But you should only use it for entering passwords and credit card details if it is using SSL.

And just because a website is using SSL, also doesn't mean that website is safe to use to make a purchase from with your credit card details or passwords, names, addresses, emails and other sensitive data.

Where and How to Install SSL on your website?

If you have a website that has any fields on it that require a password or takes some sensitive details and you don't want it marked as insecure, you can purchase an SSL certificate online from most domain registrars like NameCheap or GoDaddy. And your actual webhost/ISP already sells them too.

But if you don't know how to do it, and need help doing that, you can always hire a freelancer here or even create a WTB and find someone to do it for you that way.

Have you upgraded and installed SSL on your non-SSL site yet?

Do you think it's right that Google should mark sites that don't use SSL as insecure?