It’s natural to replace older technologies with better, more recent models. However, the future isn’t looking too bright for the world’s most common website encryption method, SHA1, which will soon be replaced by a more secure protocol. Pretty soon, browsers and devices may have some difficulty reading the latest security certificates, which could cause quite a problem if it’s not remedied.
We’re all familiar with the web encryption used by many sites out there: Google, Gmail, Facebook, Twitter, Microsoft, and so many more, all take advantage of HTTPS in order to provide a more secure web browsing experience. HTTPS is a signifier that the websites are using SHA1, which ZDNet describes as “the cryptographic hashing algorithm that’s been at the heart of the web’s security for a decade.” In other words, it’s thanks to this technology that the everyday user can safely use services with certainty that the web page hasn’t been tampered with by hackers, who might be trying to skim websites for sensitive data.
Ordinarily, moving to a more powerful security algorithm wouldn’t be a big deal. However, the issue at hand comes from users who don’t have technology that’s capable of reading these new security certificates. Though the number of those affected is relatively small compared to the total number of technology users, there are plenty of people out there who will be put at risk because they can’t process the new SHA2 security protocol certificates. Thankfully, however, most websites that utilize security certificates are already taking advantage of the SHA2 encryption. As reported by ZDNet, “about 24 percent of SSL-encrypted websites still use SHA1 — or, about 1 million websites.”
This is a great step in the right direction, and the situation is improving every day. By the end of the year, it could reach as low as 10 percent, meaning that the likelihood that users will encounter a SHA1 site is extraordinarily low. Similarly, according to ZDNet, most users are using the most recent versions of their browsers and OS software anyway:
For most people, there’s nothing to worry about. The majority are already using the latest Chrome or Firefox browser, the latest operating system, or the newest smartphone with the latest software, which are compatible with the old SHA1-hashed websites and the newer SHA2-hashed websites. But many, particularly those in developing nations, who are running older software, devices, and even “dumbphones,” the candy-bar cellphones that have basic mobile internet, will face a brick wall, because their devices aren’t up-to-date enough to even know what SHA2 is.
Basically, what it comes down to is ensuring that your business’s devices are always up to date with the latest patches and security updates. If your operating systems and all of your software are using the latest version, the chances that you’ll run into one of these issues is exceptionally low. The easiest way to make sure that all of your technology is up-to-date is by taking advantage of PACE Technical Services’s remote monitoring and maintenance solution, which can make this daunting task much more manageable by handling all of your software updates remotely. You’ll always be updated and running at maximum efficiency. Give us a call at 905.763.7896 to learn more.