HTTPS can be known as the lock icon in the address bar or an encrypted website connection. Although it was created for passwords and other sensitive data, the entire web is leaving HTTP behind and opting for HTTPS.
Do you understand what HTTPS is and how it influences your security? If not, read on as we'll explain everything to you.
What is HTTPS?
HTTPS (Hyper Text Transfer Protocol Secure, is an implementation of the HTTP protocol (with an additional layer of security that uses the SSL/TLS protocol).
The "S" in HTTPS is for "secure". This is a safe default “hypertext transfer protocol” that your browser uses to communicate with any websites.
To find out if you are connected to a website with an HTTPS connection just look at the address in your web browser's address bar, it should start with "https://".
You will also see a lock icon in the left corner, you can click on it for more information about the site's security.
This can vary from browser to browser, but most browsers have the https:// and lock icon in common.
Nowadays there are already some browsers now hide the "https://", in which case you will only see the lock icon next to the website's domain name. If you click on the address bar, you will see the "https: //" part of the address.
For your safety, if you are using an unknown network and connecting to your bank's website, please check HTTPS and the correct website address.
This way, you ensure that you are actually connected to the bank's website. If you don't see https:// on the page, you may be connected to an illegal website.
Understand why HTTP is not secure
Let's first understand how HTTP works.
When you connect to a website using HTTP, the browser connects to the IP address that matches the website and assumes it is connected to the correct web server.
Data is exchanged via unencrypted connection. That way, a malicious agent, your internet service provider or government intelligence agencies can view the pages you are visiting and monitor every action you take.
There are big problems with this. For one thing, it's impossible to be sure you're connected to the right site.
You might think you're on your bank's website, but it's actually on a network that directs you to an imposter website.
Please note: never send passwords and credit card numbers over an HTTP connection, as a malicious agent can easily gain access.
These problems occur due to lack of encryption of HTTP connections. Therefore, it is more recommended to use HTTPS connections, as these are encrypted.
Understand how HTTPS encryption makes browsing safer for you
HTTPS connections have a security certificate issued by qualified companies.
When you connect to a server secured over HTTPS, your browser will check the website's security certificate and verify that it was issued by a legitimate certificate authority.
Secure sites — such as banks, e-commerces, etc. — automatically redirect your access to HTTPS.
This way, it increases the chances of an address such as "https://banco.com" being connected to the bank's real website, and not to a tax one. The company that issued the security certificate attests to this.
Unfortunately, certification authorities sometimes issue bad certificates and the system becomes less secure. However, while not perfect, HTTPS is still much more secure than HTTP.
When you send data over an HTTPS connection, no one can spy on it on the go. HTTPS is what makes it possible for web banking and online shopping to be secure.
Before there was HTTPS, anyone on the same Wi-Fi network could see your searches, as could your ISP.
Now, with HTTPS, there is more privacy for normal web browsing. For example, Google's search engine now defaults to using HTTPS.
This means that no one can see what you are looking for on Google.com. And Google wasn't the only one to do this, sites like Wikipedia have also taken these steps.
Why doesn't anyone else want to use HTTP?
HTTPS was originally intended for passwords, payments and other sensitive data, however, nowadays the entire web is moving towards it.
In addition to everything, we have mentioned here, HTTP also allows your Internet service provider to add content to the webpage, modify pages, or even remove items.
This way, it is possible to place more ads on the pages that you usually visit. HTTPS prevents someone running the same network from tampering with web pages like this one.
This concern about protecting data in transit began with Edward Snowden's complaint.
Snowden brought to light, in 2013, documents that showed that the US government was visualizing the surfing habits of Internet users around the world.
This has caused hundreds of technology companies to look for ways to protect data through encryption and privacy tools.
When switching to HTTPS, anyone (including government agencies anywhere in the world) has a harder time monitoring the web pages visited by Internet users.
How browsers are encouraging websites to use HTTPS
With the high migration to HTTPS, all the new standards created to make the web faster require HTTPS encryption.
For example, HTTP/2 — a major new version of the HTTP protocol supported by all major web browsers — uses compression and other features that help make web pages faster.
All web browsers that want to use the features available in HTTP/2 require HTTPS encryption.
While browsers work to make HTTPS attractive to users, Google makes HTTP less attractive by penalizing websites that use it.
Google already flags sites that do not use HTTPS as unsafe in Chrome, and Google prioritizes sites that use HTTPS in its search results. This alone is a great incentive for websites to migrate to HTTPS, since Google is the most used search engine in the world.
Junte-se à conversa.