A brief history of SSL/HTTPS
The use of SSL-certificates (Secure Sockets Layer) is as old as the Internet itself. When information started flowing online, it did not take long before a need arose to be able to ensure that no one could eavesdrop on potentially sensitive information.
SSL-certificates enable the encrypted HTTPS-protocol to be used instead of the “old” HTTP. The SSL-certificate is the “how” and the HTTPS-protocol (which you for example can see in your web browser’s address field on an encrypted site along with a padlock) is the “why”. That is why SSL and HTTPS are usually mentioned in the same sentence. To keep things simple, and avoid unnecessary confusion, we often refer to it as SSL/HTTPS.
Not using an SSL-certificate is like putting a letter in the mail using a transparent envelope, enabling everyone to see its content. An SSL-certificate encrypts and distorts the information, making it impossible to intercept the information between the sender and the receiver.
Traditionally, the recommendations for when to use an SSL-certificate used to be:
- When you have an e-commerce site and handle orders and payments.
- When you have a login on your website.
- When handling sensitive information such as personal data.
- When striving for confidence for your business and your products.
However, in today’s world, things are a bit different.
The recent years’ exponential increase in Internet frauds – along with the emergence of the “fake news” phenomenon – has led to the macro trend we are now seeing with a move towards a more secure Internet.
The perhaps most evident example is the blogpost posted by Google back in 2014 where they introduced HTTPS as a ranking signal. A post that has become a modern classic. Google has since developed this aim, named ”HTTPS Everywhere”, and is with both carrot and stick increasing the number of sites using HTTPS in Google Search. The purpose is to provide its users with a more trustworthy result.
When it comes to SEO, Google is open about the fact that if two websites are equal in search results, but one has SSL enabled it may receive a slightly rank boost to outweigh the other. However, most perhaps most importantly, according to a recent survey from HubSpot Research, up to 85% of people stated that they will not continue browsing if a site is not secure.
As a result, the number of registered SSL-certificates has skyrocketed during the last years.
Consequently, nowadays the discussion is not about when to use an SSL-certificate, but when you dare not to.