What is HTTPS?
We have pretty much always seen http at the beginning of our website addresses. Most of us don’t even see it anymore. A number of years ago, an additional security protocol was put in place that added an “s” at the end, making it https. HTTPS stands for Hypertext Transport Protocol Secure. This protocol ensures that data transmitted between your web browser and a website server is secured and not in clear view for people to see as it’s transmitted over the public Internet.
It accomplishes this using an SSL (Secure Sockets Layer) certificate, which enables https for the site. The SSL certificate ensures the site identity has been verified by a trusted authority, and can then enable secure transmission of data to and from the website.
Initially, this was very important for sites collecting any kind of sensitive information such as credit card payment details, personal information, health information, etc.
HTTPS is forced on everyone
A couple of years ago, Google, among others, decided that ALL websites needed to be protected with https. It started by using whether or not a site had https enabled as a ranking factor. Sites with https ranked higher, in general, than those that didn’t. Then Google with it’s Chrome browsers, as well as other browsers like Firefox, started requiring https for all websites. Sites that didn’t have https enabled, had an error message pop up to users indicating the site wasn’t secure.
Talk about forcing adoption! Safe to say it worked.
Today it’s rare to come across a site that isn’t using https. In most cases it’s sites that are old and neglected that aren’t using an SSL certificate. It’s not necessarily a bad thing to continue to visit these sites, however you want to be careful what data you’re entering into forms and other places on the site.
Things to look for in a secure website
Most people assume that if you see a little padlock in or near the address bar at the top of your browser, or see “https” in the website address, that you’re 100% safe. While your connection to the website is encrypted and safe from outsiders intercepting the data sent back and forth to the website, it does not represent whether or not the site content and code are safe. You still want to ask yourself if a website has https is it safe?
When visiting a new website that you are not familiar with, you must first make sure that the website is encrypted over a secure connection. One sign to look for is an “https” rather than “http” at the beginning of the URL. Https URLs are still utilizing the SSL (Secure Sockets Layer) connection and will be generally safer for you to browse (1).
However, if the website you’re visiting has been compromised or has malicious code on it, an https connection will not make any difference in keeping you safe. You have to pay attention to what sites you are visiting on the Internet, regardless of the secure connection, or https, status. Sticking with reputable sites, avoiding websites that allow for illegal content (like downloads, etc), goes a long way toward keeping you from contracting malware, viruses or ransomware during your daily browsing.
4 simple things to keep you safe while browsing websites
There are some simple things you can do to keep yourself safe while browsing websites:
- Only visit reputable websites. Sites that provide free downloads of pirated software, pornography, music, movies, or other illegal activity, should be off limits. Those sites are typically where the bad stuff comes from as far as website browsing goes.
- Make sure you have an anti-virus program installed and it’s up to date. Any reputable anti-virus software will run at least daily, typically hourly, updates for the latest threats. This will help actively protect you against threats while you are accessing websites.
- Get in the habit of checking links before you click on them, especially when those links are in emails you receive. It has become all too common to receive emails attempting to get you to enter your username and password for website accounts into fake websites with the sole purpose of stealing your account login information. By paying attention to links you’re clicking on, and what appears in the address bar for a website, you can avoid going to fake sites.
- Make sure sites where you are making purchases, entering personal information, accessing financial information or accounts, etc. have a padlock in or near the address bar. Also ensure the website address is using https. This, as we’ve discussed, ensures the data sent between your web browser and the website’s servers is encrypted and secure from prying eyes.
These tips along with a little common sense will help reduce the risk of contracting something you don’t want while you’re out on the wild wild Internet.