For as long as many of us can remember we have been starting our World Wide Web journeys by typing http://. If you have not already noticed, many sites now require https:// to access them. As a refresher, recall that HTTP actually stands for hyper text transfer protocol, and when we add an S on the end for HTTPS, the S stands for secure. Before we talk about how secure web browsing works, let’s discuss why secure web browsing in important.
Secure Web Browsing and You
Over the past decade, we have begun to use the world wide web for more and more each day. From checking the weather, to finding directions, to finding a place to eat dinner, the World Wide Web puts any information we need at our fingertips. Beyond finding information for convincing, we use the Web for things like checking the statements in our retirement accounts, paying bills, or trading stocks. This is when secure web browsing becomes important.
If I enter my location in a Web browser to check my local weather, I may not think anything of it, even though I am entering very important data about where I live. Similarly, many may not think twice about entering their username and password to log into a website, even if it to an online banking system. When we transmit this data using HTTP, it is transmitted in plain text, which means if someone is able to connect to your session, they are able to see all the information you are transmitting such as the login information for your bank account. Now I am sure we can all see why secure web browsing is so important.
How Does Secure Web Browsing Work?
Now, let’s talk about how secure web browsing works in a simple way. To have a secure website, you must have a certificate on the website. When a user connects to the site, the site sends the certificate to the user’s browser, which is when you will see a lock in most web browsers next to the URL. Part of this transaction is the website sending its public key to the user’s browser. The corresponding private key is on the website the user is visiting, so when the user transmits the information with the public key, the website can read it since it has the private key. This in essence, is an over simplified explanation of how secure web browsing works.
We talked about the lock icon you may seen in your browser brevity. How a site is represented during secure web browsing varies from browser to browser. Right now, I am browsing the 24×7 IT Connection site with Google Chrome on my Mac, and this is what I see:
According to the Google Security Blog, in July 2018, Chrome will begin marking HTTP based sites as “not secure” with the release of Chrome 68. Google is doing this to help educate both users and website owners. Now, it will be obvious that the connection between a user and a site is not secure, which will hopefully lead users to not input personal or sensitive information into the site. Likewise, web sites will see this backlash and hopefully upgrade to HTTPS.
If you are a website owner that has not yet migrated to HTTPS, be sure to check out Let’s Encrypt, which is a “a free, automated, and open certificate authority”.