The Extended Validation (EV) server certificate (SSL/TLS) is going through tough times because Google and Mozilla have decided to implement changes in their EV server certificate treatment. Internet browsing companies came up with this decision as their study revealed that people disregard the visual security indicators of EV server certificates.
With the popularity of smartphones, more and more people rely on mobile browsers due to its convenience. Knowing how small smartphone screens could be, there’s little to no space left to display the organizational name and country of origin on mobile browsers. While they present the padlock symbol on a different color, it generally doesn’t show a significant difference from the normal lock to Internet users.
However, the reasons that Google and Mozilla stated do not undervalue the worth of EV server certificates. EV server certificates are so much more than the visual symbols. Here are some things to keep in mind:
Identity information confirmed
Extended Validation requires that the organization that controls the domain be duly incorporated and in good standing, confirming business address and phone number, and confirming the authority of the person ordering the certificate. The authenticated identity information is included in the EV certificate and is encrypted when issued.
Regulation Compliance Remains
EV SSL allows you to comply with regulations as your respective country requires. Qualified Web Authentication Certificates (QWAC) are EV certificates with the additional vetting process. QWACs are a particular type of SSL/TLS Certificate specified by the EU eIDAS regulation and may be required to meet certain regulatory compliance (e.g., Payment Services Directive 2).
EV SSL is Moved, Not Removed
The green bar indicator will be gone when the Chrome 77 and Mozilla 70 are released and will return to the plain-looking address bar. Though, website users can still locate the EV identification information through clicking the padlock icon. Therefore, the EV identification information is only moved, not removed.
Despite the significant changes in the EV SSL treatment, rigorous validation process on enterprises will remain and be strictly reinforced as the number of phishing victims rises. Another Certificate Authority quantified the incidence of phishing for EV SSL as zero, proving that EV SSL certificates are effective in verifying and telling people that the website is a legitimate entity. Websites with existing EV SSL certificates are more trustworthy than those without them.
Identity is Always Important
You may access our knowledge base to know more about EV SSL certificates. For clarifications and inquiries, call us at +65 3158 0349 anytime.