What's the argument for implementing HTTPS for non-personal data entry Websites?

Google has gone full-speed in its effort to push all websites to implement HTTPS encryption, as the company planned rolling out new warnings to flag HTTP connections as insecure in its Chrome browser starting in October.

While the number of websites supporting HTTPS over encrypted SSL/TLS connections have skyrocketed over the past year, with over 50 percent of web traffic now encrypted, both on computers and mobile devices.

The longstanding argument against HTTPS implementation is its perceived negative impact on server resources and page load times.

Also the cost of obtaining and renewing the digital certificates needed to deploy HTTPS has been a standing concern in the past, and many small businesses most likely stayed away from HTTPS for this very reason.

Fortunately, that should no longer be an issue, at least for websites that don’t require extended validation (EV) certificates, with the domain validation (DV) certificates provided for free by the nonprofit Let’s Encrypt certificate authority.

Again, many websites depend on external content for their functionality, like commenting systems, and web analytics; such mixed content issue has kept many of them from migrating to HTTPS, because retrieving external resources like images, videos and JavaScript code over non-encrypted connections into an HTTPS website will trigger security alerts in users’ browsers.

Now, why the rush on everybody to use HTTPS? Keeping in mind that HTTPS is not so easy to deploy, it can also be easily abused, so it’s important to educate users about what the technology truly offers and what it doesn’t.
Next Post »