Thursday, July 9, 2015

HTTP vs HTTPS


When a website asks you to enter your credit card information, do you look to see if the web address begins with https:// ?  If it doesn't, you should never enter sensitive information like a credit card number.

 
 
 
 
 
There are two primary protocols used to transmit data through the internet for websites, http and https.

Http or the hypertext transfer protocol is the language used to send information back and forth between web servers and clients.  The important thing is the letter S which makes the difference between HTTP and HTTPS.  The problem with http is that it is vulnerable to people who might want to eavesdrop on your activity.  It may not be a serious problem if all you are doing is watching YouTube videos or googling for information.  The true problem arises when you are sending or receiving data that is confidential or sensitive.  For example, when you buy something on-line and pay for it with your credit card, your credit card number gets sent across the internet.  If you are using http for an on-line transaction it makes it very easy for malicious people to gain access to your financial information.

The Internet’s answer to ensure your confidential information is protected is https, a secured connection that transmits data over the internet in an encrypted form.  This security method means that even if someone is eavesdropping, the data they get would not be comprehensible or usable because they don’t have the means to decrypt it.  The entire message is decrypted only when it arrives at its designated location.  Https is used in many situations, such as log-in pages for banking, forms, corporate log-ins, and other applications in which data needs to be secure.  However, if not implemented properly, https is not infallible, and therefore it is extremely important for end users to be wary about accepting questionable certificates and cautious with their personal information while using the Internet.

So why don’t we convert everything to https so that everything is secured?   Although that is possible, transmitting data via https requires additional processing power to encrypt/decrypt the data.  This could cause massive slowdowns on the servers that process millions if not billions of data each day.  That is why https is only used in certain pages that contain sensitive information like credit card numbers or passwords.

Never enter sensitive information in an http website!