HTTPS websites are websites that are more secure than HTTP (you’ll see either at the start of a URL at the top of your browser). HTTPS websites come with a little lock symbol on most browsers. The extra S in HTTPS stands for "secure".
How does it work?
HTTPS is used to verify the identity of the accessed website and protection of the privacy and integrity of that data. When you visit a HTTPS website, to put it simply, your computer and the website communicate with bi-directional encryption, and this protects you from a thing called a "man-in-the-middle" attack. This means for example that people can’t hack in and view your credit card details entered into an online store (phew! But that doesn’t mean you should buy those ridiculous shoes in the first place).
Why do we need to have an HTTPS website?
Having a secure website has become more and more popular than the original non-secure HTTP. This is for a number of reasons, websites are increasingly offering login via social media (and so have to protect that data) and protecting page authenticity of their website (so that a hacker can’t create a clone and steal customer details – a man-in-the-middle scenario). Having an HTTPS website ensures your website is keeping user communications, identity and web browsing private.
What’s this talk of a certificate with HTTPS?The data sent to you from the website is encrypted with information from a "certificate". This certificate is usually generated for your website by your web provider and is used to verify the website is who it claims to be. Not to not get too technical but you might have seen somewhere a website popping up with an “invalid certificate” - older browsers tend to ask if you want to continue, new browsers have a pop up at the top near the URL when the certificate is shown as invalid. Increasingly an invalid certificate will prevent you from accessing a website. It’s called a certificate for much the same reason as a birth certificate is - a document acting as proof of identity.
Why is HTTPS so important?
As the internet continues to change and grow, hackers are getting more and more sophisticated. All communications sent over regular HTTP connections are in 'plain text' and can be read by any hacker that manages to break into the connection between your browser and the website. This presents a clear danger if the 'communication' is on an order form and includes your credit card details or other personal details. With a HTTPS connection, all communications are securely encrypted. This means that even if somebody managed to break into the connection, they would not be able to decrypt any of the data which passes between you and the website.
This means if you’re an online store or ask people to input credit card details or any personal details like social media logins or passwords – you need to be using an HTTPS website. Generally, if any website asks you to input personal information – it should be an HTTPS website. Always check the top URL bar for that lock and the https before the www. Here at Turboweb, we only use HTTPS, as we want users of our websites to feel secure and to know that any personal information they are inputting is protected, and our websites are more secure.