Google Chrome Labels All Non-SSL Pages “Not secure”

As of July 24, 2018 Google Chrome release 68 marks all sites not protected by SSL as “Not secure” immediately to the left of the URL. The “Not secure” warning occurs even on pages that don’t share or collect any kind of confidential information.

“Not secure” warnings are bad for business

The consequences of a “Not secure” label can be considerable. Negative trust indicators like this one can stifle use of web sites by creating anxiety about the safety of accessing and interacting with these sites. And this chilling effect can occur even if it is not a site where transactions take place.

In addition to stifling web site use, the “Not secure” warning can also damage a company’s brand. A recent study by research firm DevOps reveals that 97% of active internet users state that they want to do business with companies that protect their confidential information and 91% want to do business with companies that invest in best-of-breed security solutions. The “Not secure” warning strongly suggests that this company is not investing in the best available web site security and is not doing all it can do protect users.

In short, allowing “Not secure” warnings to display on your site can have several negative consequences including:

• Reduced transaction rates, even if transaction pages elsewhere on the site do have SSL
• Reduction in time on site, pages read, downloads, and forms submitted
• A lowered perception of the company as a secure, trustworthy, caring company

Introducing “Always-on SSL”

The solution to Chrome’s “Not secure” warnings is to implement Always-on SSL (AOSSL). AOSSL is the practice of securing all pages on a site with SSL regardless of whether or not they include forms, logins, the ability to make purchases, or the sharing of confidential information. Companies have been perfecting the AOSSL process for the past decade, and today AOSSL can be effective, reliable, easy to implement and maintain and cost-efficient.

As you implement AOSSL for your online properties, be sure to follow these best practices for optimal results:

• Be sure to include Extended Validation (EV) SSL certificates on your public-facing pages for the highest visitor confidence and maximum transaction rates. In particular, use EV SSL on all pages on which you ask a visitor to purchase, open or login to an account, fill out and submit forms or share sensitive information.
• Include a trust seal on your public-facing pages for extra assurance.
• Apply Domain Validation (DV) certificates on non-public-facing pages for greater cost efficiency without reduction in trust.
• Use two-year certificates to minimize management overhead and the risk of an outage occurring.
  

Contact the digital certificate experts at Comodo CA for help implementing Always-on SSL today.