What is SSL and why has Google included it in their algorithms?
What is SSL (Secure Socket Layer)?
SSL is a security protocol that provides communications protection over a computer network.
The original SSL has now been superseded by TLS (Transport Layer Security)- but SSL has remained synonymous with encryption for websites, much like hoover is synonymous to the vacuum cleaner.
What does it do?
It provides encryption, meaning no one can read what is being sent between you and the website you are looking at.
Why is SSL that important?
Well… glad you asked! SSL has always been a good idea for online security, but it has recently been give much more visibility as Google has deemed it important, with the announcement that sites with SSL will start to perform better on search terms than those without.
So why has Google made this decision?
The internet has become a more “dangerous” place over the last 10 years. More than ever we must do all we can to protect our online information.
Take passwords as an example of what needs to be carefully protected. When you enter a password on a site without SSL, it is transmitted in plain readable text through other networks before eventually arriving at the website you are after.
This means that when you click “login” on this non-SSL-secure website with your username and password a ‘hacker’ can intercept the transmission and then easily read / capture your username and password.
And because we are human we tend to use the same same password over and over again so the next step for that hacker is to try the same username and password on Facebook, Twitter account, Gmail account etc…
In short they have a good chance of taking over your online identity.
And these ‘hackers’ aren’t humans sat at a keyboard, they are sophisticated computer programs that test millions of websites for weaknesses, then capturing thousand of potential password combinations which they auto check against all major websites. The human only gets involved once your username and password combination has been cracked.
All this is easily preventable as a website with SSL security will automatically encrypt any data exchange so that if someone does ‘tap-in’ they will be unable to decipher the information
Privacy is a hot topic when it comes to internet data.
Many will say “if you’ve done nothing wrong you’ve got nothing to hide” and not worry about it.
If you are of this mind then feel free to email me how much you earn, your bank account details, and give me access to your location at any given moment of the day. I suspect you’ll say this information is private, to which I shall respond PRECISELY! And to tell you that you are probably already giving that information away freely.
There is always a need for privacy, but it’s more than just information you need to consider, your online behaviour is potentially just as big a threat.
Websites will always try to collect data about you, and as previously mentioned, without SSL this information is handled in plain readable text. Over time that data can say a lot about you, your browsing history and all the content you have reviewed page by page. Clues on any money problems, health issues, your relationship status, where you live, your age, when you are planning on going on holiday, etc.
Less scrupulous individuals can then based a very convincing sales pitch, spam or scam based on profiling you on your potential fears, financial issues, social circles, family, holidays, even your general health.
And technology means these less scrupulous people do not do this manually. Such is the potential value of a good scam they invest heavily in powerful computers and smart algorithms to send out millions of convincing emails automatically, 24 hours a days 365 days a year. A strike rate of 1% can make a scammer very rich, and given the sophistication of the scams even the most savvy are being caught out..
The industry view is that SSL will put a stop to a lot of this activity as whilst they will still know what websites addresses you are visiting, they can not see any of the detail as it is encrypted – which is handy!
This is just scare mongering – I’ve never been hacked!
How would you know? A good hacker isn’t going to admit to it. The most skilled hackers will be discreet and you will never even know they’ve been there- unless they have made it into your bank account, by which time it is too late.
There is some testing you can do, for example by entering your email address on haveibeenpwned, but this is limited only to the high profile public leakages.
But why does my own website need it?
It provides you with security for your site.
This means someone can’t scrape the username and password to your site’s admin login and they can’t implant malware, links or link farming.
In addition, they can’t steal any client data the site may have. It provides your customers with a degree of privacy, which is a moral and potential a legal responsibility.
How do I get SSL
Installing SSL on standard website won’t break the bank either.
For most websites it should only cost between £200-£300 with the majority of cost being a developer’s time to install and thoroughly test your website.
Crush Design can help
If you have doubts on your website’s security, give us a call!