DDoS attacks are frighteningly growing in popularity. These malicious attacks are no longer restricted to large companies, now many small…
EV SSL Certificates are not dead even with the latest browser update rollouts from Google Chrome, Safari, and Firefox. While the green bar may now be a thing of the past, EV security is still the top-notch choice in SSL Certificates. There have just been some slight changes in how they are identifiable in various browsers. This article hopes to clear the air on what the latest browser updates and changes mean for EV SSL Certificates.
EV stands for Extended Validation and SSL stands for Secure Sockets Layer. It is a protocol which creates a secure connection between the end-user and the server (where the website is hosted) over which the information is sent. SSL works by employing a cryptographic system that uses two keys to encrypt data securely. With EV this encryption is ironclad. It offers the utmost available authentication and trust for your website.
Not only does your website have the trusted and identifiable HTTPS associated with the URL but your Company’s name is on display next to the lock icon. Letting the world know that your site is using the most sophisticated of SSL Certificates and that all communication between servers is encrypted with the best.
Prior to Chrome68, EV SSL certificates were easily identifiable with the trusted Green Bar + Company name along with the lock icon. The green address bar was used as a distinctive identification of EV SSL Certificate use and prominently displayed your company name. While at the same time providing a high visual assurance to customers that your site is secure. This immediately gives the confidence users need from sites to complete their transaction.
So what is the major difference now with the updated Chrome browser changes? Let’s find out if there are any significant changes to EV Certificates.
With recent updates by Google to Chrome, starting from Chrome68 to present Chrome72, Google has made a huge push for website encryption citing that they want to create a more secure internet browsing environment. However, with these changes, they decided to eliminate the trusted green bar that distinguished EV SSL Certificates from DV and OV SSL Certificates. Best way to explain is through visual aids.
Before Chrome68 was rolled out, sites that had a basic SSL Certificate (DV: domain validation) you had the usual indicators of a secured website. With Chrome that included a green lock icon, the worlds ‘Secure’ and HTTPS. The same was true for websites that used an OV (Organisation Validation) SSL Certificate.
With EV Certificates in the past, the identification went a bit further. Your company name and the country it’s based in were listed in a noticeable green bar with the green lock icon and the word ‘Secure’.
Now however Chrome updates have changed all of this. The difference since Chrome68:
The new treatment of SSL certificates in Chrome after Google released Chrome69. Sites that have EV SSL Certificates now display without the green bar.
Is there still value in EV SSL? Of course, there is!
There are still many benefits and advantages of opting for an EV SSL Certificate for businesses that are brand focused. Let’s get into what EV SSL provides and how they measure up in reality.
When you go to a website in your web browser you have no verification of the company you are talking to. However, with EV SSL Certificate, you know that the website you are visiting indeed belongs to the company by the verified name. This was the main feature of the green bar. However, it is still a valid indicator with current treatments on Chrome72.
For example, if you go to www.twitter.com you know the website is indeed owned by Twitter Incorporated in the US because it is easily identifiable and authenticated in your browser.
This is one of the major benefits of opting for EV SSL Certificates instead of a basic certificate. With EV SSL you get Certificate Transparency which will require that any certificate issued by a provider is required to be logged into the public record for anyone to see. The purpose of this is to ensure that no one else can obtain a certificate for your domain name without you being notified. This also helps to ensure that companies are doing the right thing when providing certificates.
If a hacker or cybercriminal accomplishes stealing your private key it means they can use your certificate to trick your visitors and intercept your traffic. This is obviously a situation that you don’t want to happen. So, in order to mitigate this you can mark your certificate as revoked with the aim of stopping the browser from accepting it. However, with basic SSL Certificates revocation checking isn’t mandatory and so sometimes this does not work. The good news is that with EV SSL Certificates the browser cannot skip the revocation check. It is mandatory to complete.
EV SSL Certificates come with robust features. The greatest of all is that it shows your visitors and would be customers that you’re a legitimate. It shows that your website represents a legally registered business with secure online connections. This is why EV’s are the top SSL certificates. If you want your online brand to grow into a recognisable and trusted brand worldwide you should use EV certificates. It can help to build confidence your audience needs to connect with your brand.
Google and other browsers are making a grand statement about making the internet a secure space by rolling out major changes. It is more imperative than ever to ensure that your website is secured with an SSL Certificate. The new changes have not translated to EV certificates being made obsolete quite the opposite. They are still as important and useful as they ever were. If you want your business to have a cutting edge security baseline then using the trusted and still, recognisable EV Certificate is the way to go.