Archive for the ‘Security’ Category

Why HTTPS Matters

By on March 22nd, 2019 in Security

SSL/TLS is a security protocol that provides privacy, authentication, and integrity to Internet communications.

A website that uses SSL/TLS has https:// in the beginning of its URL instead of http://, like https://www.example.com.

In modern web browsers such as Chrome, websites that do not use HTTPS are marked differently than those that are. Look for a padlock in the URL bar to signify the webpage is secure. Web browsers take HTTPS seriously; Google Chrome and other browsers flag all non-HTTPS websites as not secure.

 

Reason #1: Websites using HTTPS are more trustworthy for users.

HTTPS uses the SSL/TLS protocol to encrypt communications so that attackers can’t steal data. SSL/TLS also confirms that a website server is who it says it is, preventing impersonations. This stops multiple kinds of cyber attacks.

Reason #2: HTTPS is more secure, for both users & website owners.

With HTTPS, data is encrypted in transit in both directions: going to and coming from the origin server. The protocol keeps communications secure so that malicious parties can’t observe what data is being sent. As a result usernames and passwords can’t be stolen in transit when users enter them into a form. If websites or web applications have to send sensitive or personal data to users (for instance, bank account information), encryption protects that data as well.

Reason #3: HTTPS authenticates websites.

When a user navigates to a website, what they’re actually doing is connecting to faraway computers that they don’t know about, maintained by people they’ve never seen. An SSL/TLS certificate, which enables HTTPS, represents external verification by a trustworthy third party that a web server is who it claims to be.

This prevents attacks in which an attacker impersonates or spoofs a website, making users think they’re on the site they intended to reach when actually they are on a fake site. HTTPS authentication also does a lot to help a company website appear legitimate, and that influences user attitudes towards the company itself.

Reason #4: HTTPS is a Google Ranking Signal.

Google introduced SSL/TLS as a weak ranking signal way back in 2014. At the time, Google hinted that over time, they might decide to strengthen it as a signal because they wanted to encourage all website owners to switch from HTTP to HTTPS.

 

Source: Cloudflare