Millions of Internet users across the world are facing the dire possibility of losing permission to access majority of websites that run the HTTPS protocol, or are encrypted, with the impending implementation of the SHA2 encryption by 2016.
In other words, a great portion of the Internet will become a thing of the past when most secure websites slip into the new age of encryption. Presumably, these websites include Google, Facebook, Twitter and Microsoft. It is easy to identify other encrypted websites by just locating the padlock icon or the green-highlighted HTTPS before the URL.
That is so because of legacy software systems upon which a great deal of computers worldwide depend. This old software remains dependent on an insecure encryption called SHA1, which has been the core web security tool for more than 10 years.
SHA1 will be ditched next year to update the security certificates for websites in anticipation of a long held prediction that the encryption will be vulnerable to cracking by 2016 and, therefore, lose its function to protect millions of Internet users.
When the new SHA2 encryption takes effect, these computers will be unable to read the security certificates accompanying the websites that would adopt SHA2. Already, certificate authorities are finalizing their moves to retire SHA1 certificates before January 1 2016 to transition to SHA2, which will then replace the old encryption for the next several years whose duration remains undetermined.
Aside from making your electronic banking, email and social network accounts secure, encryption also works to confirm that the website being visited is legitimate and has not been compromised. So its function is very crucial at an age when cyber attacks and government surveillance activities are rampant.
It seems that most websites were surprised with this announcement as they expect SHA2 to come into force by 2018, and so now they have barely a time to respond to it.
Luckily an estimated 25 percent of websites are left with the SHA1 encryption, which means majority of websites are ready for SHA2. But this adoption rate seems to have decreased over the past months, according to official figures.
How you can avoid the HTTPS lock-out
Well, if you are using the latest version of your web browser or the latest software systems for mobile devices, you won’t be affected by the feared HTTPS lock-out. Otherwise, be sure to update your Google Chrome, Firefox, Safari or whatever browser you are using as soon as possible.
The bad news is that some updates are still unavailable in most developing countries. It’s unclear yet how many will be affected by the HTTPS lock-out.