If you’ve ever tried to copy a link to a website, you’ll notice that most links start with ‘https://’. Many of us rarely look into what it means but it holds the most important element of security in the web. In this article, we’ll look into what HTTPS is and why you must ensure it’s on every website you visit.
Hypertext Transfer Protocol
HTTPS can be described as a secure version of HTTP - Hypertext Transfer Protocol. The HTTP is a foundational protocol of the web that allows information to load on web pages. You can think of HTTP as a process where the client (you) requests information from the server, to which the server then responds appropriately. What makes HTTPS different then is the “S”, which stands for security.
How Does HTTPS Work?
As we saw earlier, HTTP is a mechanism for the transaction of information between you and the server. For example, if you log in to a website, you make an HTTP request by sending your username and email. The server then sees that your email is registered and allows you to access your account. In this process, you may exchange sensitive information such as your name, email, phone number, and other personal information. It’s obvious then that this exchange of information should be confidential. That’s where the “S” steps in.
HTTPS secures your information through encryption. This means that your information will go through an encrypting algorithm which turns it into a code that’s readable only by the server and no other third party. HTTPS achieves this through what’s known as Transport Layer Security (TLS). While the concept is vast, a basic rundown of it is that the client (your browser) initiates a connection with a server. This process is known as a handshake, and this is where your browser and the server agree on the encryption algorithms to be used. Next, comes the certificate exchange. This process is basically where the server presents its authenticity to be verified by the client. Once the client verifies the server, the key exchange happens. Here, the server provides a public key to the client, which the client will then use to encrypt the information you enter on the website. The server then uses its own private key to decrypt the sessions that were encrypted by the client. Thus, a secure connection is established between you and the client.
Why is it important?
As we saw earlier, HTTPS blocks third parties on the internet from accessing the information you exchange with the server. This is important as any compromise of your data on the internet can have catastrophic results. It’s always recommended to avoid websites that don’t have an HTTPS protocol. Even browsers like Google Chrome flag these websites as “Not Secure”. In websites without HTTPS, it’s also possible to inject content without the consent of the website owner. So, if your website lacks HTTPS, third parties (like Internet Service Providers) can run unmoderated Ads on your website without your consent.
It’s important to remember that HTTPS is not a separate protocol on its own, rather it’s HTTP with TLS encryption. When surfing on the web, you must always make sure that the websites you interact with have HTTPS on their links. Browsers like Chrome can also help you verify this by clicking the security status symbol that’s next to the link of your website.
