Unless you have been living under a rock, you might have heard people talking about HTTPS while using the internet. So, what exactly is HTTPS and why it is important?
Well, as we store and share vast amounts of private and sensitive data over the internet (especially if you use social media platforms such as Facebook, Twitter, etc.), it makes good sense take precautionary steps to protect our privacy and browse the web more securely.
You may have noticed the word “HTTP” at the URL of your browser. Other times you will see “HTTPS,” and you wonder what the difference is.
What is HTTPS?
HTTP and HTTPS are internet protocols used by the web browsers to transmit and receive data on the internet. HTTP stands for Hypertext Transfer Protocol. The ‘S’ at the end of HTTPS stands for “Secure.” If the sites that you visit do not have HTTPS label, it means that the data you enter on that site is not secure.
What Does HTTPS Mean?
HTTPS means Hypertext Transfer Protocol (HTTP) for secure, and it is used to establish a secure connection between you and the site that you visit. With HTTPS enabled, communications between your web browser and the web-server (which hosts the website that you visit) get encrypted by a secure certificate known as an SSL (Secure Sockets Layer). This encryption of the transmitted data helps prevent hackers from sniffing your private information.
HTTPS (Hypertext Transfer Protocol Secure) is mainly used for securing your transmitted data (information that you enter on a website) across the internet. HTTPS is a combination of HTTP with SSL/TLS (Transport Layer Security) protocol.
HTTP is not a secure internet protocol. So when you communicate across the network by using the HTTP protocol, anyone can eavesdrop on your communication easily. So if you want to transfer sensitive information across the internet, then it needs to be transported securely, and it should be accessible to authorized users (web servers) only. For these purposes only, HTTPS was created.
HTTPS protocol is mainly used in websites such as:
• E-commerce Websites
• Banking Websites
• Payment Gateway
• Login Pages
• Email Apps
How HTTPS Works?
HTTPS or Hypertext Transfer Protocol Secure is a combination of HTTP (Hypertext Transfer Protocol) and a network security protocol (SSL or TLS). HTTP operates at the higher layer of the TCP/IP model. The SSL or TLS protocols operate at the lower sublayer. It encrypts the HTTP message during transmission and decrypts an HTTP message upon arrival.
Some of the major events during an HTTPS connection are given below:
• Client (your web browser) requests a secure page when you type something in the browser.
• The web server (which hosts the website that you visit) then sends a public key and its certificate (TLS or SSL).
• Your web browser verifies the security certificate: It checks whether the certificate is valid, not expired and issued by a trusted party.
• After that, your web browser creates a Symmetric key and send to the web server.
• The web server will decrypt that key with the private key.
• After that, the web server will send the requested page (in an encrypted format with a symmetric key) to your web browser.
• Finally, your web browser decrypts the received webpage with the symmetric key and display the result to you.
All the processes mentioned above takes only a fraction of second to complete. Hence, you won’t be able to notice it when you use the internet.
What is The Difference Between HTTP and HTTPS?
HTTP or the Hypertext Transfer Protocol is useful when a user is only intended to access the information from a given website. But it is not safe for the user to transfer his personal information. If the user wants to send their personal information across the internet, HTTPS or Hypertext Transfer Protocol Secure is the ideal solution.
HTTPS is not unhackable, but it is still a robust way to send personal information across the internet. HTTPS prevents hackers from exploiting software vulnerabilities, brute forcing the users’ access controls and mitigates DDOS attacks (Distributed Denial of Services).
Some of the major difference between HTTP and HTTPS are given below:
• HTTP use port 80 for communication whereas HTTPS protocol uses the port 443 for communication
• The websites that use HTTP will have URL that starts with http:// whereas in the case of websites that use HTTPS, URL starts with the https://
• As mentioned earlier, HTTP is unsecured whereas HTTPS is secured
• In case of HTTP no security certificates are used but in the case of HTTPS security certificates such as the SSL/TLS are used.
• In case of HTTP protocol, information is transmitted as plain text, but in HTTPS protocol data is encrypted
Why Does Google Like HTTPS So Much?
Starting from July 2018, Chrome will mark all the HTTPS (Hypertext Transfer Protocol Secure) websites as “Not secure.” When a user visits a non-HTTPS website, the chrome browser will showcase a “Not secure” label with a red warning icon in the URL status bar.
Starting with Chrome 70 which is said to be released in October 2018, users who visit visits an HTTPS website (which doesn’t have SSL certification) will be greeted “Not secure” label along with a red warning icon in the URL status bar of Chrome browser.
Emily Schechter- Google Chrome’s Security Product Manager announced the upcoming changes to Google Chrome via the Google Chrome’s official blog. According to her statement, starting with Google Chrome version 69 which will be released on September 2018, websites that have the HTTPS classification will not have the green “Secure” text and padlock icon that appears in the URL bar of the Chrome browser.
She further states that the decision to remove secure box for HTTPS websites is because Google believes users know that the web is safe. Emily Schechter also added that internet users would recognize dangerous sites and remember not to enter them.
Emily Schechter also posted a graphic image of chrome version 69 showing the eventual treatment of HTTPS websites on her official post.
Reasons Behind the HTTPS Movement
When you need to use a website for purchase or provide sensitive information like the credit card details, there are two big things to think about. The first is the connection from your computer (web browser) to the company’s computer (web server which hosts that website). Your name and other sensitive information should travel from one to the other; this connection needs to be secure so that cybercriminals cannot access the information en route.
There are two methods to tell if a site is a secure one. First is the address bar where you can see HTTP (Hypertext Transfer Protocol), secure websites have an address that starts with an HTTPS. You can also look for the padlock icon on the browser. If you see HTTPS and padlock, the connection is encrypted and secure. But what about the company behind the website? How do you know it’s not a criminal with a secure connection? Well, a new web security system makes this easy, modern web browsers show color and company names in their address bars to help users know that the site is trustworthy.
Websites that do not have HTTPS (Hypertext Transfer Protocol Secure) label will need an SSL certificate to be able to be marked as safe by Chrome. The SSL functions as secure encryption by securing the interaction between the web server and user.
SSL certificates are issued to websites by unbiased companies called Certificate Authorities. These reviewers ensure the organization behind the website and the website are trustworthy and is using a secure connection (i.e., ensuring Website Security). If the site passes the tests, the Certificate Authority issues an EV SSL certificate and only sites with these certificates displays color in the address bar including the company name along with the address.
If you see Green color, it means the site is safe if it is red, you should not access that site. This process of website security checks prevents criminals from obtaining the SSL certificates to display the Green color information (Secure) on the browser’s address bar. So, when you see a website with green info in the address bar, you can be sure that it is legit.
Switch To HTTPS/SSL or else It Can Damage Your Businesses
If your website is still in HTTP (Hypertext Transfer Protocol), you should switch it to HTTPS/SSL immediately as most of the online visitors to your site might not stay on your website when they see a warning in their Chrome browser. It is also worth mentioning that Firefox and other web browsers will soon follow the lead of chrome.
This can be devasting for your business, especially if you run an e-commerce website. Most of the internet users would not be willing to purchase products or services from your site when there is an ‘insecure’ warning displayed on their web browsers (even if the checkout page is secure).
When you use an SSL Certificate on your website, it means that you are encrypting all information that is being shared on your website. It has a two-way process, SSL will encrypt information when a customer shares his/her information with you, and when you share data with your customer.