What is HTTP and HTTPS Encryption?
Hyper Text Transfer Protocol (HTTP) and HTTPS are the means by which data is sent between your browser and the website you are accessing. The fundamental difference is that the “S” at the end of HTTPS stands for “secure”, meaning all the data is encrypted.
Using HTTPS protects confidential online transactions such as online banking or shopping order forms. Browsers such as Firefox, Internet Explorer and Chrome display a padlock icon in the address bar, indicating that a secure connection is being used.
A choice of two secure protocols is used to encrypt HTTPS pages – Transport Layer Security (TLS) or Secure Sockets Layer (SSL); both use an asymmetric Public Key Infrastructure system. This system uses a “public” key and a “private” key to encrypt communications.
The private key is kept securely protected and should not be accessible to anyone except its owner. It is ensconced on the web server in the case of a website. The public key is distributed to everyone who needs to be able to decrypt the information that the private key has encrypted.
When you request a webpage’s HTTPS connection, the site will send its SSL certificate to your browser. This contains the public key necessary to start the secure session. The website and your browser initiate an “SSL handshake”, leading to the generation of shared secrets to establish a unique and secure connection between you and the website.
If the website has a trusted SSL Digital Certificate, you will see a padlock icon appear in your browser address bar. In addition, if the website has an Extended Validation Certificate, then the address bar on your screen will turn green.
When communications are sent by ordinary HTTP connections, the information is in plain text that can be read by a hacker who breaks into the connection between the website and your browser. If the communication includes personal information such as your banking or credit card details, this creates a serious risk of fraud.
The benefits of an HTTPS connection are immense, as even if a hacker broke into the connection, they couldn’t decrypt the data – so your personal information would be safe.
As a website owner, you can reassure customers that you’re a registered business who owns the domain, so they will be more likely to trust you and complete their purchase.
Google is aiming to put an end to unencrypted websites – they are planning to flag up two-thirds of websites as being unsafe. This means the Chrome browser will highlight unencrypted websites as being insecure by displaying a red cross over a padlock symbol in the URL bar.
The move, aimed at encouraging all websites to stop using HTTP protocol, is part of a campaign called “Encrypt All The Things”. Currently, Chrome features a white page icon when a website doesn’t use HTTPS and a green locked padlock when it does. The change will highlight the websites that may be insecure.
By deterring hackers and fraudsters, Google hopes to make the Internet a safe place for everyone.