Migrating to HTTPS: Why, and What’s the Benefit?

Migrating to HTTPS: Why, and What’s the Benefit?

Google is dedicated to the cause of making the internet a more secure place. They’ve been promoting HTTPS web hosting for a while now, and HTTPS-hosted sites have been gaining an edge on the competition in search engine rankings (SERPs) since 2014. Not everyone has been so quick to adopt better security practices though, and much of the internet still resides on HTTP pages (though the scales have finally started to tip).

In an effort to encourage the rest of the internet to at least migrate to HTTPS, Google is getting more aggressive in its tactics. But why are they pushing for HTTPS in the first place, and is it worth all the pain of making the change?

A Crash-Course for Beginners

First, a quick review on what HTTP and HTTPS are for those who might be unfamiliar. HTTP stands for HyperText Transfer Protocol, and it’s the set of rules and protocols the internet uses. It’s what makes the blue text send you to a different web page when you click on it, and without it, you’d have to enter the exact URL for every different page you wanted to visit.

HTTPS stands for HyperText Transfer Protocol Secure, and it serves the same function, except HTTPS encrypts communication between the server and the client. In regular HTTP, information passing between the two parties is transmitted via plaintext, meaning that anyone with the right tools can “listen in” on the conversation and read what’s being sent. Or, worse yet, they can insert themselves in the middle of the conversation and steal or alter information before it reaches its intended destination.

With HTTPS, the identity of the parties is verified beforehand, and a unique secret code is established and then used to encrypt the data being sent. That way, even if someone intercepts the information, they’re not likely to get any useful information out of it, because they don’t have the keys to unlock it.

What HTTPS is Good For

HTTPs is designed primarily to do two things: ensure the client (the user) is communicating with the intended server, and ensure that only the client or the server reads the data being sent. The former is accomplished with digital certificates -- a kind of virtual signature. Websites obtain them from Certificate Authorities, and they verify that, say, google.com is really Google, and not some hacker attempting a man-in-the-middle attack. That way, information from the client is not being stolen, and information from the server is not being altered.

The latter is achieved via public-key (a.k.a. “asymmetric” ) encryption. This ensures that any client connecting to the server can encrypt information to send to the server, but only the server has the key to unlock the client’s data and read it.

To show users that they’re connected to an HTTPS site, web browsers put a little green padlock symbol in the URL bar (usually accompanied by the word “Secure”). This helps promote faith and trust in the website, so users can feel confident sending their sensitive information (like credit card numbers) to the server.

HTTPS-secure-site-min

 

Image Source

Another thing that HTTPS helps with is de-anonymizing. Even when sensitive, personally identifying information (like login credentials or credit card info) is not being transmitted, a user can still be identified if enough of their traffic is observed. Internet Service Providers, government organizations, and unscrupulous individuals are all included on the list of who would want this aggregated data. HTTPS denies them access to it.

HTTPS also has an added benefit in that it usually speeds up page load times, which is a factor in Google SERPs rankings.

What Google’s Doing to Promote HTTPS

Google rolled out its first pro-HTTPS update back in 2014. It updated the ranking algorithm so that HTTPS hosting would act as a tiebreaker if two pages were equally ranked. It’s accounted for a moderate boost in results for those who have migrated to HTTPS, but it didn’t exactly revolutionize the system.

So Google’s taking it a step further. Just like HTTPS, HTTP pages have an accompanying symbol. It’s a little circle with an “i” inside it, indicating that you can click on it to see information about the page (which explains that it’s not secure). That’s soon about to change.

Screenshot-13_LI-613x398-min

 

In the near future (in Google Chrome, at least), that symbol will change to a red triangle, accompanied by the words “Not Secure.” This is done in an effort to discourage users from trusting the site, or giving the site any sensitive information.

chrome-not-secure-warning-min

 

Image Source

And with Google's dedication to making the internet safer for users, it’s safe to assume that there will be additional tactics forthcoming in future years.

How HTTPS Benefits Your Business

Ok, Google wants you to switch to HTTPS. But how much does it really impact your business?

Many companies have switched to HTTPS seeking that SEO boost. While it’s true that migrating can have an impact on SEO, experts agree that it’s not enough of a jump to justify switching all on its own. That doesn’t mean you shouldn’t, though.

With Google placing increased emphasis on the unsecure nature of HTTP communications, it’s becoming increasingly easy to notice when websites aren’t encrypting the transmissions. And as cybersecurity threats become more common, and users become warier, it will be less and less likely that those users will be spending their time on unsecure sites. That means a drop in click-through rates and conversions.

So while you may not be ranking higher SEO-wise, a HTTPS web address means that users will be more trusting of your site, and will feel safer communicating with you. Plus, it will actually be safer for your users.

A Warning About SHA-1 and SHA-2

Speaking of safety for your users, there is one warning to be raised when discussing HTTPS: not all encryption algorithms are created equal.

HTTPS encryption is done using mathematical tools called Secure Hash Algorithms (SHA). The first generation of algorithms (SHA-1) has, in recent years, been proved to be less than robust when it comes to cracking them. As a result, SHA-2 was created, and most HTTPS sites have migrated to the SHA-2 certificate for added security.

There’s still a few laggers-behind, though. That’s why popular browsers like Chrome and Firefox now block webpages with SHA-1 certificates, giving an error message to the user.

SHA1-content-not-private-613x329-min

 

Image Source

If you have any intention of switching -- and you should -- you’re going to want to make sure you’re getting SHA-2 certificates (or, if you’ve already switched, you’ll want to make sure all your certificates are SHA-2), both so users aren’t directed away from your site, and so your users are more secure.

It's a competitive market. Contact us to learn how you can stand out from the crowd.

Read Similar Blogs

Post a Comment

5 Comments

  • avatar

    Thanks, Danielle! That’s right, HTTPS is now very important, especially for ranking. After 2 or 3 years most websites will have the protocol, but for now this is a real advantage over competitors.

  • avatar

    Danielle, thanks for writing this timely blog…. many of my clients do not understand the value… until I sent them screen shots!!! I will refer to this , and share it!
    I would add one tip,
    Ensure your developer/hosting company has installed the SSL certificate correctly. I’ve seen a large national (Canadian) association and they didn’t do it correctly, and some pages are NOT secure.. including the member “login” section.
    Lastly, if you add a screen shot for Firefox (i noted that it changed on Nov 22) to show a green padlock and red one for insecure… as it had moved from the “i” information.

  • avatar

    This post is amazing! Thank you so much!

  • avatar

    Great informative article about HTTPS! We also believe in SSL Certificates very much. I’d like to hear your thoughts on different kinds of SSL’s & the difference between them. Especially Extended Validation SSL’s.

Ready To Rule The First Page of Google?

Contact us for an exclusive 20-minute assessment & strategy discussion. Fill out the form, and we will get back to you right away!

What Our Clients Have To Say

L
Luciano Zeppieri
S
Sharon Tierney
S
Sheena Owen
A
Andrea Bodi - Lab Works
D
Dr. Philip Solomon MD