One of the most basic security measures that the internet converged on over time to was to make HTTPS a de-facto standard for websites, with the iconic lock icon in browsers. In fact, browsers like Chrome have warning screens warning website visitors when navigating to non HTTPS websites, asking users to re-confirm if they want to visit the insecure website.
In a 2014, article HTTPS as a ranking signal, Google shared, that over time HTTPS would become an important ranking signal apart from content quality, here's what they said
We want to go even further. At Google I/O a few months ago, we called for "HTTPS everywhere" on the web.
For these reasons, over the past few months we've been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We've seen positive results, so we're starting to use HTTPS as a ranking signal. For now it's only a very lightweight signal—affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content —while we give webmasters time to switch to HTTPS.
But over time, we may decide to strengthen it, because we'd like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.
‐ HTTPS is an important ranking signal for websites on Google
A SSL certificate for your website not only helps secure your website for you and your visitors but also helps you rank better on search engines.
Almost a decade later from the original Google Initiative of having HTTPS everywhere, most websites on the internet have SSL certificates, in big part to a non-profit Let's Encrypt that provides TLS certificates to over 360 million websites.
But with advances in Quantum computing, older TLS v1.2 certificates are vulnerable to having their encryption broken and hence its paramount to have websites use TLS v1.3 as explained in Lessons learnt from the Lion and the Gazelle by Teik Guan Tan, CEO of PQCEE, who is working at the frontier of post quantum cryptography. Here's what he has to say :
In TLS v1.2, all communication between the browser and server relies on the security of a single RSA key. This means that if a quantum hacker breaks this RSA key, the communication security for all users collapses. However, TLS v1.3 introduces a significant improvement.
Each session now relies on a different ephemeral ECDH key, thereby changing the exposure. While each ECDH key can still be broken by a quantum hacker, the gain from each cryptanalysis is limited to just one session, not all sessions from all users.
This fundamental change may be just enough to annoy quantum hackers and lead them to look elsewhere for easier targets.
‐ Why use TLS v1.3 explained by Teik Guan Tan of PQCEE
At Konigle we are working extremely hard to do our part to help build a vibrant and secure internet, where anyone, anywhere can participate in the miracle that is the internet. To do our part, all websites built with Konigle get TLS 1.3 certificates by default.
We would strongly encourage anyone reading this and having a website to move to a TLS 1.3 certificate as soon as you can. Its not just secure today, but may also stand a chance against Quantum Computers in the future.
