In recent years web security has been a hot topic around the world, and for good reason. Despite many high profile hacks, nearly half of the world’s websites are insecure. As a result, many people are unaware of the fact that they are sending private information over internet connections that are susceptible to ‘man-in-the-middle’ attacks. A man-in-the-middle attack (MITM) is an attack where the attacker eavesdrops on and possibly alters the communication between two parties who believe they are directly communicating with each other.
Part of the reason for this is that web browsers have done a bad job of notifying visitors about their security status, they generally notify people when a connection is secure, but there has been little to no messaging when a site is insecure. Thankfully, this is beginning to change. Major browser makers such as Mozilla Firefox and Google Chrome are beginning to take much needed steps to highlight when a page you’re visiting is insecure.
As of January 2017 – Mozilla Firefox has begun identifying insecure forms when a user enters information into a form field. The following messaging shows up when a user places their cursor in a form field.
Additionally, Google Chrome plans to add an insecure message to any page containing web forms beginning in October of 2017, and more major browsers are sure to follow. Eventually, all HTTP connections will be labeled as insecure.
How does this effect my website?
If you are the owner or manager of an insecure website, now is the time to install an SSL certificate.
What is an SSL certificate?
An SSL (Secure Socket Layer) certificate is an “encryption protocol” that helps obscure communications over a computer network from a website user to the server.
How can I tell if my website is insecure?
The easiest way to tell if your website is secure is to look at the URL of the website. If it begins with “https” instead of “http” it means the site is secured using an SSL Certificate (the s stands for secure). Usually a browser will show a lock icon if the site is secure.
If your website is set up as an http:// address it is not secure.
What can be done to remove the non-secure messaging?
The only way to properly remove the messaging is to install an SSL certificate on your website.
How do I secure my website?
To set up a SSL on your server, the website owner, or web developer will need to purchase and install a certificate that contains an encryption key that is placed on your server. This process involves verifying your domain ownership using either the email address on file with the domain’s registrar, or uploading a special file to the domain to be secured. Some web hosts are beginning to offer free SSL certificates for websites hosted on their servers, contact Stride to see if that’s a possibility with your particular web host.