Although it’s gone largely unnoticed by site owners, the web became a better and safer place this month with the Public Beta launch of a new Certificate Authority (CA) from Let’s Encrypt.
If you’ve ever logged into Facebook or your online banking, you have probably noticed the lock icon in your browser's address bar which indicates your data is secure.
A Certificate Authority is the organisation with the ability to issue digital certificates which allow sites to be delivered over the secure HTTPS (S = secure) protocol rather than the default HTTP.
Websites running the HTTPS protocol encrypt communications between your web browser and the website server. This protects against man-in-the-middle attacks (digital eavesdropping) and other nasties which are an unpleasant reality of today's internet.
Sponsored by industry heavyweights such as Cisco, Facebook and Chrome, this is a hugely positive step towards making websites, data and web users more secure when interacting with websites and online services.
By providing a free, open and automated CA, Let’s Encrypt have lowered the entry bar for organisations wishing to secure their visitors communications and deliver content over HTTPS.
If you’ve ever walked into a cafe or hotel and shouted your usernames and passwords out to the public then you’ve gotten pretty close to the digital equivalent of browsing via the standard HTTP protocol.
My guess if you’ve never done this (the shouting part) but surprisingly, it happens every day when people interact with sites over the regular non-secure HTTP protocol.
Actually, shouting out your details might be slightly more secure than HTTP. At least there’s a chance your details can be misunderstood. Regular HTTP traffic on the other hand is transmitted in plain text and is remarkably easy to intercept and record.
The reality is your sensitive data can be obtained in plain text format via freely available and inexpensive software (ironically from the web).
While it’s true that HTTPS has traditionally been the preserve of online banking, eCommerce services and social media platforms, the reality today is that HTTPS is available to any website.
Traditionally cost, effort and technical complexities may have been reasonable obstacles for most businesses, the reality now is free SSL for everyone.
An open, free and automated services from Lets Encrypt presents an opportunity for any type of business to secure communication for their users.
I’ve already noticed an upswing of sites rolling out HTTPS and really, the momentum is going to grow as Google announces ranking boost for sites running HTTPS
What is Google obsessed with apart from speed and quality? The answer of course is security. HTTPS is already the default across their platforms such as Gmail, YouTube, Google Plus and Google Search etc. Now, in an effort to extend and encourage the adoption of HTTPS, Google has announced that websites running on HTTPS will benefit from a minor ranking boost in its search results.
It’s worth repeating that at this stage it’s early days and HTTPS is a lightweight ranking signal. You won’t see your web rankings budge significantly just by running HTTPS and you should continue to focus your SEO efforts elsewhere.
However, in the same way that Google encouraged a mobile-first web in 2015 and announced a ranking boost for mobile friendly websites, this HTTPS announcement could potentially herald a swing towards a greater adoption of Secure Certificates.
Additionally as the saying goes - “every little helps” and in the competitive arena of Search Engine Optimisation, often many minor optimisations can positively add up for businesses wishing to appear higher in the rankings.
Peter Knight is freelance web and graphic designer at EdenStudios. His passion for helping businesses of all sizes in all aspects of digital business means his work spans design, strategy, search, analytics and content marketing.
Tom Hoppens 8 years ago
What about HTTPS and site speed? Wasn't SSL/HTTPS seen as a cause of slow sites?
Peter Knight 8 years ago
Hi Tom
While there is a TLS "handshake" which occurs between a browser and a server before anything is downloaded, this delay can IMHO be negated by best practices such as minifying scripts , caching resources and hosting on a fast server.