HTTPS and how it can help you

An insight into secure web browsing. Part 1.

Decorative Image, padlockMost of us send a huge amount of information across the web every day.  Some of it is casual, some personal, some of it is private and confidential.  Much like talking to a friend, doctor or bank manager you probably wouldn’t want a stranger listening to your conversations.  HTTPS helps to protect your conversations and my aim here is not so much to explain how it works (hint: it’s pretty technical) but to help you to understand how to take advantage of it.

I should point out that HTTPS is not without flaws.  It is not a panacea, it will not protect us from websites being compromised and you will still have to be alert to the dangers on the web.

Imagine your computer talking to another computer on the internet is like you talking to someone on the telephone.  If someone were to tap into the wires (or airwaves) connecting the two telephones, they’d be able to listen into your conversation.  Now if you happen to be talking to your bank, you see why that might be a problem.

Decorative Image, keyThe S in HTTPS stands for Secure.  That’s really all you need to understand to know that it’s a good thing.

HTTPS means that the conversation is secured, much like talking in code on the telephone.  You would agree a code with your bank and nobody else knows that code, so even if someone listens to the conversation it would be meaningless to them.  Another protection is that if the person picking up the phone doesn’t know the code, that would alert you that the person you’re talking to is not your bank, in much the same way that if the website you’re looking at is not the legitimate website that you wanted, there will likely be indicators that it’s a fake.

(more technical fluff sorry) These codes are managed by Certificates and there are only a few companies in the world that are authorised to issue these certificates (you may have heard of TLS or SSL certificates).  Before one of these Certificate Authorities will issue a certificate, you would have to prove that you own the website.  For example, I could make a fake website that looks like HSBC and I could get a website address that looks something like HSBC, but I wouldn’t be able to get a certificate that says my website is HSBC because I wouldn’t be able to pass their tests.

So what does it look like?

Unfortunately every browser and operating system looks a little differently so I can’t be precise here but I’ll do what I can.  A few examples should give you a fair idea of what to look out for and you’ll quickly learn to recognise the differences on your computer.  If a website is secured, almost every web browser will have some indication in or around the address bar.

Below is a screenshot of Twitter using an unsecured (HTTP) connection, using IE 8 on Windows XP…

IE8 WinXP - unsecured HTTP

IE8 WinXP - unsecured HTTP

And below is the same website, same browser, same computer but this time using a secured (HTTPS) connection…

IE8 WinXP - Secured HTTPS

IE8 WinXP - Secured HTTPS

Notice that the website address starts with HTTPS, the address bar has turned green and there is a padlock symbol to the right.  (Double-clicking or right-clicking the padlock symbol will give you some technical detail on the security and identity of the website if you’re interested.)

Firefox4 WinXP - unsecured and secured

Firefox4 WinXP - unsecured and secured

Here’s the same website in Firefox, unsecured (on the left) and secured (on the right)…

Notice this time the green button to the left of the address bar with the name of the company that owns the website.

Chrome WinXP - unsecured and secured

Chrome WinXP - unsecured and secured

And once more in Chrome…

Notice this time that when browsing with a normal unsecured connection Chrome doesn’t even show the usual HTTP:// prefix (don’t even get me started on this!) but when the connection is secured it shows a padlock and the trusty HTTPS:// in green.

So how can we use HTTPS?

Unfortunately we’ve run out of time but I’ll post another article shortly that will give more information on how and where you can expect to find HTTPS but for now at least you’ll start to recognise the differences and hopefully appreciate why it’s important.  Quick tip: It will should always be used automatically when you log onto a banking website, but will probably not be used on the banks home page.  As well as Twitter shown above, Facebook also supports HTTPS.


I’ve tried to keep the techy nonsense to a minimum here but if you’d like to know more about communication protocols, SSL, TLS, certificates, encryption, weakness, attack strategies and the rest, just let me know and I’ll draft a more detailed article on the subject…

Image Attribution: Thanks to graur codrin @ FreeDigitalPhotos.net for the key image

Image Attribution: Thanks to FreeDigitalPhotos.net for the padlock image

1 thought on “HTTPS and how it can help you

  1. Claire

    Actually never heard of this and always wondered why the padlock symbol came up sometimes. Looking forward to the next post 🙂

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *