You may not have noticed the University’s main website switching to HTTPS on Friday 10 October. The transition was seamless; those of you with some expertise in the area might have thought that we simply installed the Secure Sockets Layer (SSL) certificate on the server and carried on with our day.
In reality, the switch was the culmination of months of coordinated hard work, undertaken by both IT Services and the College Web Teams – amending and correcting references to over 9,000 unsecure URLs and embedded elements.
So why all the fuss?
In 2014 SSL began to be used as a site ranking tool and it seems this was the first step in Google’s war on the unencrypted web.
In January they announced that they’d be taking the security of their customers up another level. Chrome already marks HTTP pages as “Not secure” if they have password or credit card fields – but by the end of October 2017, it will also show warnings when users enter ANY data on an HTTP page, and on all HTTP pages visited in Incognito mode.
It’s more than a green padlock
This shift is much more than a putting a reassuring padlock in your URL bar – Google is serious about making HTTPS the defacto connection standard.
It’s not just Chrome users that are affected – the team behind Firefox have taken a similar approach. It’s not unimaginable that the others will follow suit.
That’s not that many users, though, right?
Wrong – the stats clearly show that Chrome is the most popular browser taking nearly 50% of the traffic share on our two main websites. On campus, it’s even higher.
Want to know more?
If you have any queries or would like further information about the switch to HTTPS, contact Laura Brown, Web Officer.