In the rapidly evolving world of online security, the SSL certificate green bar was once a coveted symbol of prestige, exclusively reserved for Extended Validation (EV) certificates. This prominent green bar, proudly displayed next to the URL, provided instant assurance to users about the authenticity of a website. However, with the continuous progress in HTTPS adoption and industry advancements, the fate of the green bar eventually changed, compelling decision-makers to reconsider its significance.
This insightful article delves deep into the reasons behind the green bar’s eventual removal and explores the intriguing question of whether it will ever make a comeback. Additionally, we will uncover the enduring popularity of EV SSL certificates and explore potential changes that may impact them in the foreseeable future.
A Trustworthy Visual Cue for Website Visitors
The SSL certificate green bar served as a powerful visual cue within web browsers, signifying the legitimate identity of the company behind the website. When visitors encountered this reassuring green indicator, they could rest assured that the website’s identity had undergone meticulous verification by a trusted Certificate Authority (CA), which issued the SSL certificate.
Enhanced Trust through Extended Validation
Unlike other types of SSL certificates, Extended Validation certificates require a more rigorous validation process. During this meticulous verification, the CA conducts thorough checks to validate the legal identity, physical existence, and operational status of the entity requesting the certificate. This stringent validation process involves extensive documentation and direct communication with the organization, ensuring that only legitimate and trustworthy entities are granted an EV certificate.
The Journey of the Green Bar
Historically, the green bar was displayed prominently in the browser’s address bar, indicating the website’s coveted extended validation status. It symbolized a seal of trust that resonated with users, offering them confidence in the authenticity of the website they were visiting.
The Evolution of EV Certificates: From Green Bar to Enhanced Security
Since their inception in 2007, Extended Validation (EV) certificates have proven to be highly beneficial for e-stores, financial institutions, enterprises, and even smaller companies. The SSL green address bar, strategically placed next to the URL, was specifically designed to highlight the official company’s name, aiming to offer the highest level of assurance to website visitors.
However, as the years passed, leading browsers began to question the effectiveness of the address bar in conveying crucial information about a website’s security and authenticity. Google conducted extensive research and analyzed prior academic work, leading them to conclude that the EV User Interface (UI) did not provide the intended protection for users. Consequently, both Google and Mozilla decided to remove the HTTPS green bar in Chrome 77 and Firefox 70, respectively.
Despite the removal of the green bar, EV certificates continue to exist and serve their purpose. Users can still access additional EV information by clicking the padlock icon. Mozilla’s Johann Hofmann further emphasized that they would incorporate this information into the identity panel to maintain accessibility without compromising user experience.
The Shift towards a Neutral Approach
With over 95% of Google traffic encrypted and the HTTPS protocol becoming the new standard, browsers adopted a more neutral approach. The green padlock in Chrome turned grey, matching the URL text colour. Google’s ultimate objective is to eliminate the padlock entirely and issue security warnings for unencrypted websites.
The Era of the Green Bar Ends
The era of the green bar, once a symbol of trust and security on websites, has come to an end. Its significance diminished with the widespread adoption of SSL certificates, which made it more relevant to alert users when a website lacked SSL protection rather than when it had it. Chrome initiated the change by removing the green colour from EV indicators in September 2018 with Chrome 69. Subsequently, all major browsers followed suit, removing the green bar and associated company information from their interfaces in late 2019.
Although the SSL green address bar is no longer visible, it is crucial to recognize that EV certificates are still beneficial for businesses, enterprises, and financial institutions. Some industries even mandate EV certificates to comply with online transaction and security standards.
The Importance of Thorough Validation
EV certificates extend beyond the visible address bar, and the thorough validation process remains paramount. Companies pay a premium price for EV certificates because they improve conversion rates and offer protection against phishing attacks. The validation process involves verifying the requesting entity’s identity, operational status, and control over the domain name and hosting server. This ensures a safe way for customers to share their sensitive credentials, even if they may not be explicitly aware of it.
The Future of EV Certificates
The change in browser behaviour has sparked discussions within the industry regarding the future of EV certificates. One CA/Browser Forum proposal involves introducing a new certificate type called “Authenticated Identity” or “Identity Assurance” certificates. These certificates would address the limitations of EV certificates while still providing a means to verify the identity of website owners. However, the implementation of such proposals involves multiple stakeholders and may take time to reach a consensus.
In conclusion, despite the absence of the green bar, EV certificates continue to offer enhanced security and trust to websites. Large businesses and organizations still need to verify their legal identity and earn customer confidence. While, on the other hand, smaller companies can make use of OV SSL certificates, which are cheaper and simpler to manage, while now providing almost the same level of security as EV certificates. In these cases, the greater customer confidence provided by an EV certificate may not be currently justified by the greater management difficulties and higher costs.
As the digital landscape evolves, the industry will undoubtedly explore new approaches to ensure the highest level of security and authentication for internet users: time will tell.