WEZOM Studio
Menu up
New Google SSL Requirements

2017 Google SSL Requirements

Wezom
22 February 2017

Google has always focused on providing the best experience for their users by enhancing their Chrome structure and maintaining high level of security. While our modern world communicates, does business and gets everyone closer through the internet, it becomes more important than ever to make all aspects of the online world secure. In order to prevent the users from being the subjects of online abuse or exploitation, Google detects and labels suspicious websites, especially the ones on a Hypertext Transfer Protocol (HTTP) as non-secure.

To perform such a task, Google publishes its Google Chrome Secure Sockets Layers (SSL) Requirements every year with every update of their browser. In fact, in the beginning of 2017 Google has published the new SSL requirements for its new Chrome 56 (an upgrade from Chrome 53). That means every website must be upgraded to meet these requirements or otherwise the website will be marked as non-secure. This would happen whenever a user will try to log in to that website through Chrome.

Google, currently does not consider all HTTP websites insecure. In fact, at the moment HTTP websites come with a neutral indicator, meaning that Google does not encourage or discourage users from logging on such websites. But, with time, it plans to mark all of the HTTP websites as non-secure due to lack of proper security. The entire idea behind such tight security requirements for HTTP websites is because when a user tries to log on to HTTP websites, they are at risk of getting a modified website instead of an original one. This means that whenever the website is loading over HTTP, it can be seen and modified by someone else, a hacker presumably, before it reaches the user. The hackers can change the details of the website including the payment information. Therefore, Google with its SSL requirements has mainly tried to dismantle weakly secured HTTP websites (ecommerce websites) that collect credit card or bank information for purchase, bank transfers or other transactions involving money. Even HTTP websites that ask for passwords would be strictly monitored and labeled as non-secure, simply because of the sensitive nature of its offerings and asking.

Google has now vowed to increase the security by clearly indicating and labeling a website to be secure. This way users will get the opportunity to choose whether they wish to continue visiting or working with such lowly secured websites or not. If a user continues to interact with non-secure websites, then they would be putting themselves at risk with no onus on Google. The best alternative for HTTP websites is HTTPS with the 'S' standing for Secure. With half of Chrome's traffic now coming through HTTPS, indicates the level of awareness for offering a more secure channel to the users.

Add a comment