Oct 3, 2015

It's time to make HTTPS default

It's time to make a move. 

When developing websites we are focusing on modern standards, like HTML5, CSS3, we put great attention to detail on design, UX and SEO.

It's time we do one more thing when building for the web.
It's time to enable SSL on the websites we make. No matter what the content is, even if it just a simple portfiolio. Keeping your clients privacy and maintaining security is YOUR responsibility. If you need a reason - even if it's just managing the content, you're probably forcing your clients to send their passwords in plain text when logging in the CMS.

It's time to make HTTPS the default.

Reasons for and "against" are covered in this article, but basically having SSL enabled websites lead to:
  • Better security
  • Better privacy for your users
  • Better referral data
  • Google ranks you better

Usually the thing that is holding us back are expenses. Buying a SSL certificate is not cheap, although it's only slightly more expensive than owning a domain name.
However, there are a lot of options, even free ones.
You can use Cloudflare, which can serve like a SSL proxy between your server and the client.
StartCom provides free SSL certificates, but their free license does not include commercial use. But there are good news.

In November, the Internet Security Research Group (ISRG) is launching Let's Encrypt, a free service for all.