Saturday, 22 February 2014

What's HTTPS And Why Should It be Cared?

What's HTTPS And Why Should It be Cared? 

When connect to a website with HTTP (Hypertext Transfer Protocol), your browser usually looks up the IP address related to the website then connects to it's web server. Over this connection, the data will be transferred in clear text by the means of back and forth and an eavesdropper, such as Internet Service Provider, Hacker, or Intelligence Agencies may also watch the web pages while you're visiting. So, an eavesdropper is able to see any passwords, Credit Card details or other important data, if those were sent over HTTP. 

The problem here is HTTP doesn't support authentication to the correct website. For instance, you may thought that you've accessed your bank's website; but note that you might be on a compromised network, which redirect to an imposter website, then your passwords, Credit Card details would not be encrypted and secured. So, one can easily eavesdrop on them and steal your personal data. In short, HTTP has problems because they're never encrypted.

 
HTTPS (Hypertext Transfer Protocol Secure) having a lock icon in the address bar, which is an encrypted website connection for secure communication over a computer network, especially with wide range of deployment on the Internet

Using HTTPS, and for instance, when attempting log into your bank's website, the web browser checks website's security certificate and verifies it was issued by a legitimate certified authority, which helps to ensure that you're actually connected your bank's real website. After logged in or you'd like to send some personal data such as Credit Card details or any payment info will be sent over an encrypted connection of HTTPS, which prevents the people from eavesdropping of your sensitive data. 
HTTPS is not perfect, too; but definitely more secure than HTTP, and sometimes certificate authorities issue bad certificates, so the web page breaks down.

HTTPS is also provide additional privacy to the user, while working on some search engines. Google's search engine, now, supports the privacy, which prevents the people to see what's you're searching on Google. And, before it was easy to anyone, on the same Wi-Fi network, would able to see your searches.

If a user, for instance, searches something on amazon that encrypted over HTTPS, then the other people wouldn't able to see what's the user is searching or which article he's viewing on amazon. Instead, they may only see that he's connected to amazon.

So, HTTPS websites can be identified through the address bar, where you can see a lock icon and, starts with https://

Keep in mind that HTTPS, an encrypted and secured connection, is most important whenever logging into something like banks or sending credit card details for an online purchase and other sensitive data. Ensure that you're over an HTTPS site, then enter your password or other personal info.
 
When using an unfamiliar network, HTTPS is also provide some identity verification to the websites, which helps to ensure that you're connected to the right website. And note that if the indicators of HTTPS, i.e., lock icon and https://, doesn't appeared on the login page then you may be connected to an imposter website over a compromised network.  

Clever phishers and scammers may realize the peoples, who look for HTTPS indicators on address bar, and disguise them by changing website's favicon to a lock icon that appears in the address bar as to make visual trick. 

However, HTTPS is not guarantee a site is legitimate and just confirms you're using an encrypted, secured connection, which gives some peace of mind that you're connected to a right site.

No comments: