First of all let’s briefly examine what SSL / TLS means. SSL stands for Secure Sockets Layer and was developed in the mid 90’s to serve as a security mechanism in the infancy of the internet. The main benefit SSL gave was to protect from ‘man in the middle’ attacks whereby somebody eavesdropping on a network connection could gather sensitive information (usernames, passwords, credit card details etc.) and also manipulate network traffic to trick clients into thinking they were talking to an authentic server and vice versa. SSL underwent a number of version updates over the years and in 2015 was replaced with TLS (Transport Layer Security). SSL & TLS are effectively the same concept, TLS is just a newer and more secure version of SSL – however SSL remains the most commonly used term for historical reasons.
So do you need an SSL / TLS certificate on your website? If you’re running an e-commerce website where customers can log in and pay for items on your site – you absolutely need a valid certificate. If you are the victim of a ‘man in the middle’ attack and you don’t have this protection, your customers sensitive information will be visible to the attackers – and that is very bad news for you and if you’re found to be negligent, will have serious legal consequences.
Likewise if you have a website that doesn’t have an e-commerce function but does have a secure user portal protected by a password – we would always advise that you need an SSL / TLS cert. An insecure connection would give the attacker the credentials to get access to the secure area.
Up until October 2017, these were the main use cases that we saw for SSL / TLS certs and we wouldn’t have pushed the use of certs for other types of projects. However in October 27, Google, released version 62 of their Chrome browser and this changed the landscape. In this release was a new feature that detected if the connection was over SSL / TLS and if not, would add the words ‘Not Secure’ in front of the address in the address bar. See the screenshots below to see what I mean.
From that moment on, the landscape changed somewhat. When you read a book or newspaper you do so from top left to bottom right. The same is true for a web page and in prime position just above the top left of your web page, the words ‘Not Secure’ appeared for millions of websites around the world overnight. If you’re in business and you want to give your visitors assurance that you are a reputable, trustworthy business, the words ‘Not Secure’ are not a good look.
So does a SSL /TLS certificate stop your site from being hacked? No. Does it protect the visitors’ computer from viruses? No. Does it improve the speed or functionality of your site? No.
Does it enhance the reputation of your business and give your customers confidence in your site? Yes. For this reason we advise clients to go for a certificate.