Close desktop login portal

Client Login

Select one of the portals below and login with your credentials

Technology Solutions

Richey May Technology Solutions provides the full spectrum of transformative solutions for your business.

Learn More

Business Advisory

Specializing in Mergers & Acquisitions, management reporting and operational improvements for you business.

Learn More

Technology Solutions

Richey May Technology Solutions provides the full spectrum of transformative solutions for your business.

Learn More

Business Advisory

Specializing in Mergers & Acquisitions, management reporting and operational improvements for you business.

Learn More

Contact Us

Richey May Headquarters
9605 S. Kingston Ct. Suite 200
Englewood, CO 80112
Directions
303-721-6232

Question or comments?  Click here to fill out our inquiry form.

Technology Solutions

 

Richey May Technology Solutions provides the full spectrum of transformative solutions for your business.

Learn More

Business Advisory

Specializing in Mergers & Acquisitions, management reporting and operational improvements for you business.

Learn More

Technology Solutions

 

Richey May Technology Solutions provides the full spectrum of transformative solutions for your business.

Learn More

Business Advisory

Specializing in Mergers & Acquisitions, management reporting and operational improvements for you business.

Learn More

Contact Us

Richey May Headquarters
9605 S. Kingston Ct. Suite 200
Englewood, CO 80112
Directions
303-721-6232

Question or comments?  Click here to fill out our inquiry form.

Mobile menu toggle
Back to menuBack to menu
Richey May Headquarters
9605 S. Kingston Ct. Suite 200
Englewood, CO 80112
Directions
303-721-6232
Technology

R.I.P Extended Validation Certificates

Articles by: Richey May, Oct 16, 2019

Oct 2019

R.I.P Extended Validation Certificates

What is an Extended Validation Certificate anyway? Aren’t all certificates the same? In addition to securing a website, Extended Validation (EV) Certificates were designed to give consumers added confidence that your website really does belong to you. Generally, a company selling EV certificates will dive deeper to validate the certificate purchaser’s domain, legal entity, physical and operational existence and is authorized to issue the certificate. When the validations are performed EV Certificates will display the Entity’s name in green next to the padlock in the address bar, as shown in the example below. It is intended to give web visitors warm fuzzies that this is in fact the website they wish to browse.  

This sounds like a good idea because who wouldn’t want the warm fuzzies when they visit a website? The problem is popular browsers have been slowly removing the functionality to view the benefits of the EV cert. Safari removed this functionality over a year ago and Chrome removed this functionality on September 10, 2019. Firefox will remove this functionality on October 22, 2019. Here is an example of the same web address above but in a newer Chrome version:

Notice how the entity name and color has been removed and it looks like any other secure website. What companies selling EV certificates fail to tell you is the added benefit of EV certificates is entirely dependent on browser functionality.  

So why are browsers removing that functionality? To paraphrase Google and Mozilla’s announcement, they are doing it because it is ineffective at changing users’ behavior in trusting a website. Therefore, EV certificates do not provide any additional value. It also has been demonstrated that with little effort and cost, anyone can legally obtain an EV with the intent of spoofing an EV certificate. So much for the additional value for your consumers. 

The next time you are buying a certificate or renewing one, don’t buy into the hype that Extended Validation Certificates are the best protection for you and your consumers as it is, in fact, a waste of money.  

 If our Cybersecurity Solutions Team can assist you in assessing your current cybersecurity posture or providing recommendations for improvement, contact us. 

Having held executive positions at firms of all sizes, the Richey May Technology Services team is able to provide practice executive advice to solve most difficult technology, cloud, and cybersecurity problems.  

References: 

https://www.troyhunt.com/extended-validation-certificates-are-really-really-dead/

https://groups.google.com/a/chromium.org/forum/m/#!msg/security-dev/h1bTcoTpfeI/jUTk1z7VAAAJ