There’s often a debate around whether your website needs to have an HTTPS connection or not, and whether HTTP is still fine. The SSL acronym is also thrown into the discussion, but if you haven’t been working with websites, then all of this jargon may be a little daunting at first. Don’t worry, it’s not that hard.
What is HTTP?
Hyper Text Transfer Protocol, or HTTP, is a protocol over which information is sent from your website browser (IE, Chrome, Firefox) to the website’s server. While HTTP is extremely common on websites, it’s also not at all secure. Data is sent over plain text through the connection.
If you fill in a contact form on a website just using HTTP, there’s a chance the information can be intercepted and used. Though if you’re just browsing a news website, then you shouldn’t have any need to worry.
What is HTTPS?
Using the same wording as HTTP, with the addition of Secure, HTTPS is the secure version of the protocol. It means that data sent from your browser to a website’s server is encrypted. This is typically used to protect sensitive information, such as online banking transactions or filing tax.
How do you know if a website is using HTTPS? Well, take a look at the address bar. If the ‘https’ part of the URL is green and there’s a little lock, that means the data and your website is secure. It’s an easy way to know if any website is using HTTPS or not. If you’re using a website that requires incredibly sensitive information and it doesn’t have an HTTPS connection, you’d best get away from it as soon as possible.
What is an SSL Certificate?
Websites just aren’t secure and insecure by nature. There’s no switch that the website admins flip on and off to protect your data. For that, a website needs an SSL (Secure Socket Layer) Certificate, which is an integral part of the process.
SSL binds a cryptographic key to a website organisation’s details. Essentially, a website will have a private and a public key, both of which are long strings of characters. The web browser will send data using the public key, but only the server’s private key can decrypt it.
Why does this matter?
Your data and private information are both important and incredibly volatile. Websites that send credit card information over insecure connections should not be trusted, and can lead to someone getting hold of your banking details. If you own a website that uses sensitive information, make sure that it has an SSL certificate.
According to Threat Post, Google will issue an update to its Chrome web browser (update 62), which will warn users when entering data into HTTP websites. The feature will apply to standard web browsing, as well as the Incognito mode, which users may think is more secure.