HTTP, HTTPS, SSL, what does it all mean? You'll want to know, as the browsing experience is about to change. Warning signs are being put up, flagging insecure sites and forms. Is your site one of them?
As browsers are getting more and more aggressive about protecting user security and privacy, you and/or your website developer will need to make sure that visitors to your website aren't being turned off by errors or warnings.
The purpose of this post is to teach you about browser security, SSL certificates, and the future of web browsing. Together we can determine whether your website is in need of a security certificate update or not.
HTTPS vs SSL
Before you get to understand why you want an SSL certificate, you have to know what it is, right? Let's take a look at both HTTPS and SSL definitions to understand how they're related.
The easiest way to understand SSL is to first define HTTPS:
"HTTPS (HTTP over SSL or HTTP Secure) is the use of Secure Socket Layer (SSL) or Transport Layer Security (TLS) as a sublayer under regular HTTP application layering. "
Next, we need to define SSL:
"SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral."
In essence, The S in HTTPS means the website you're visiting is secured with an SSL certificate. Your browsing is protected. Want to know more? Read on!
What does HTTPS do?
When it comes down to it, adding an SSL certificate and letting users use HTTPS will ensure that your website is:
- Not being modified by outside sources (such as ad-replacement or page altering),
- Not being watched by hackers looking for your visitors' personal information,
- Securely passing information from your visitor's computer to your website's server.
It might sound complicated, but this video from SSL.com helps visualize and understand this information.
What does HTTPS NOT do
HTTPS and SSL certificates aren't perfect. Unfortunately, they will not prevent others from pretending to be you. Because the SSL certificate is attached to your hosted site, anything beyond that domain is out of your control. For example, if someone were to host a site on a different domain meant to mimic (pretend to be) yours users may still be confused.
HTTPS also doesn't protect your website from denial-of-service attacks, hacking or other malicious activities.
How might this work?
Users might find their way to a web address that looks like it's yours but is hosted by another. The user may unknowingly provide their sensitive information to a phishing site.
What is phishing?
"Most methods of phishing use some form of technical deception designed to make a link in an email (and the spoofed website it leads to) appear to belong to the spoofed organization."
This means someone can send a phony email or buy a domain that is similar to yours. They're pretending to be you to get access to your users' sensitive data. Learn more about phishing sites buying domains here.
Can you see through this phishing scam?
This scam shows just how easily one can mimic a large company's website. In this case, Amazon. Do you notice the fishy URL in the address bar?
One might think that this is actually Amazon asking you your login information to access your account, but in reality, it's being hosted on another domain. Users may have no idea that they're attempting to log in to a fake Amazon. Within a matter of seconds, the phishing site has access to all of the user's data.
Find out more about how this imposter site was found guilty.
Browsers are getting aggressive
The important thing to remember is that browsers are getting serious about website security. They're starting to drop support for old certificates and warning users visiting HTTP sites that their connection may not be secure. What does this look like? Below is what you can expect while browsing with Chrome.
The majority of users think this is the end of the road, and never look back at your website. When you see the picture above, it looks like the only way to go is "Back to safety". Not everyone knows this, but you can bypass this warning by clicking on "Advanced" and continuing on.
Let's be honest. Would you trust continuing on after seeing this warning?
Why you need SSL for your website
By getting an SSL certificate for your website, you'll have peace of mind knowing your customers' sensitive information is encrypted. Users can expect to have a sense of security while viewing your site, and will no longer see an error message. Instead, they'll see a green lock icon next to the URL at the top of their browser window.
This universal symbol lets your customer know that their credit card information, password, and more are safely being transmitted to your server. It's part of building a chain of trust from you to your customers or users.
What does it all mean looking forward?
As the future of web browsing is shaping up, we can see it evolving to a seamless and secure browsing experience for all. End-to-end encryption on all sites, and browsers enforcing up-to-date certificates. It's hyper-security, with end users in mind. That being said, failure to keep up with security certificates will greatly damage your website's online reputation.
If you're not sure what to do, have a chat with your web host or website development firm. They can provide you with information regarding the existence of an SSL certificate on your site, your options, and next steps.
Is Cyan Solutions hosting your site?
If we're hosting your site, give us a call or contact us today so we can chat about securing your website.