The web moves fast. It is hard to believe that it was just last month that Belgian researchers presented their findings around the attack that could breach most Wi-Fi connections based upon the WPA2 protocol.
The researchers presented their paper formally on 1 November, manufacturers scrambled to push patches to protect again the vulnerability, and the initial panic has since passed. These types of events are great opportunities for reflection, and publishers should ask themselves “what can I learn from this event?”
During the days following the revelation, HTTP traffic was labelled as unsafe by high-profile professionals and news outlets. Because HTTP traffic provided no encryption, would-be hackers exploiting the WPA2 vulnerability would have the ability to see information exchanged between browsers and servers in plaintext.
The encrypting power of HTTPS was shown to the world. The WPA2 event truly demonstrates just how important HTTPS is, and that publishers who have yet to migrate to HTTPS need to seriously plan out their strategy.
With each passing day, the average web citizen becomes more literate around online security. High profile stories around hacking and surveillance, such as the recent news that hackers stole the personal data of 57 million Uber passengers and drivers, lead to giant leaps in understanding and awareness. The WPA2 was a similar event that put security in the spotlight. A sophisticated understanding of web security means that websites which are not HTTPS compliant will be regarded with mounting suspicion. In-browser warnings, used by the likes of Google and Mozilla, amplify this effect too; these warnings alert users when they find themselves on a non-HTTPS page, and the alerts are becoming more and more intrusive, jeopardizing the traffic of publishers.
In migrating to HTTPS, publishers have a clear opportunity to learn and make concrete changes that can protect their readers, position themselves as responsible web citizens, and lay the foundation for the adoption of new technologies such as Progressive Web Apps and Accelerated Mobile Pages (to offer full functionality, these technologies demand that publishers are HTTPS compliant).
As an SSL Issuer, Let’s Encrypt now has a majority market share. Their initiative is backed by prominent web browser developers such as Google and Mozilla, and offers SSL certificates to publishers for free.
The WPA2 vulnerability was a clear warning for publishers: don’t get left behind when it comes to HTTPS.
To learn more about HTTPS and the benefits of migrating to the protocol, be sure to download our free ebook: “The 5 Benefits of Migrating to HTTPS for Publishers”.