So everyone’s seen the HTTP and HTTPS prefixes on their favorite website addresses but did you ever wonder why they were there and what the difference between the two was? Keep reading to find out.
Way back in the pioneering days of the internet, the gurus of old had to figure out a way for their computers to talk to the servers. They eventually came up with a standard called HyperText Transfer Protocol, better known as HTTP, an application layer protocol that your internet browser uses to tell a server to show you a certain requested website. Though there are a lot of other communication standards used for other tasks, this was the one chosen for internet browsing.
So, what’s with the ‘S’ on HTTPS?
If you guessed “Secure” then you’d be right. Using this method encrypts the path between your computer’s browser and the website to make it more secure and keep the data passed between them from being viewed and stolen by prying eyes.
How does it work?
Your computer’s browser and the server have digital locks and keys. A simplified explanation of the process is this: The sender of the information locks (encrypts) it, then sends it to the receiver of the information. The receiver then unlocks(decrypts) it using a unique key. The primary encryption versions used are TLS (Transport Layer Security) and SSL (Secure Socket Layer). Both make this possible and minimize the risk of a 3rd party seeing your confidential data.
What does it matter?
If you don’t use HTTPS, your information is at serious risk of being gleaned by the bad guys. This means that if you bought something from an online retailer, they could know what you looked for, what you actually bought, your credit card and personal information such as shipping and billing address, etc. You definitely don’t want this to happen.
How can I tell a difference?
Here’s what you should look out for to avoid these pitfalls. First, make sure that the sites that you visit are using HTTPS, especially if you are entering sensitive information. You can check this by looking at your browser’s URL bar. It should say something like https://www.whateversiteyouareon.com. A screenshot is shown below as an example. You can also look for and click on the lock symbol either to the left or to the right of the URL to verify that it is a legitimate certificate authority. This should give you information on the security certificate that the site is using and whether or not it’s expired.
Do be careful though. Some illegitimate sites may change their favicon to a lock just to trip you up. Know the difference. And lastly, nothing beats common sense. If something doesn’t look right, then don’t trust it. Shop an alternate site. It’s just not worth the risk. And lastly, if you own a website that sends and receives personal and sensitive information, please make sure that your site offers HTTPS for the safety of visitors.
If you are not sure about how to go about implementing HTTPS:// on your current website, give the experts at SandStorm IT a call at 901-475-0275. We’d love to help. It’s what we do.