When you are online you might come across a lock icon on the web browser address bar. While it might seem like a minimal detail, the lock icon denotes you are using HTTPS.
Here is a look at what HTTPS is, how it works, and ways it can be beneficial to you.
In This Guide
What is HTTPS?
As you review different website addresses, some will start with HTTP while others begin with HTTPS. In both instances, the HTTP stands for hypertext transfer protocol. This is the protocol your browser uses when it communicates with the websites you visit.
You'll know if the website starts with an HTTPS if it looks like this:
Meanwhile, the S stands for secure because it uses a secure sockets layer. When you visit websites that have the HTTPS address, it will show a lock icon to the left of the web address with the word secure to the right of it. As you might have guessed, websites that use HTTPS differ from those using the standard HTTP.
How Does HTTP Work?
An HTTP server is a program designed to map HTTP requests between you and the web browser such as Internet Explorer. Upon receiving the HTTP request, the HTTP response are the response headers sent back to the client in text form. This is also referred to as call response. If any errors happen on the client end, it will send a status code indicating the problem and whether it's temporary or permanent issue.
What is the Difference Between HTTP and HTTPS?
How HTTP operates is it uses the browser to connect the world wide web with the internet protocol (IP) address. Your internet service provider assigns you a public IP when you activate service through it. This is your online address that provides the identity behind who's using the device. As you can imagine, this can be problematic.
Related: You can find your IP Address here.
To start, you don't have privacy. Anyone who taps into your WiFi network can watch which websites you visit, the data you input, access your email address, and more. Further, because you are using an HTTP connection, you are at a greater risk for identity theft.
A good illustration of this concerns your online banking. Say you are trying to login to what you think is your bank's website. However, if the financial institution has an HTTP address, there isn't a way to check its validity. This means you could be entering your information into a well-designed phony website meant to gather your data. Now it's important to note most financial institutions use HTTPS, so whenever you try to log onto your online banking be sure your web browser has that security designation.
Where HTTPS differs is it offer more secure connections. Using the banking example, when you access an HTTPS website, your web browser will authenticate the website's credentials normally by way of checking its certificate authority. Some companies are using extended validation certificates because it gives users more confidence in the validity of the website.
By taking this step to validate the website, your web browser helps you avoid phony or third-party websites who try to steal your information. One of the more common that occur is the man-in-the-middle attack. How this works is an outside entity alters communication between you and someone else. With this, the attacker can gain access to personal data.
Another way in which HTTP and HTTPS differ is the port they used. HTTP uses port 80 while HTTPS uses port 443.
HTTPS Sites are More Secure
Additionally, HTTPS prohibits others from viewing what you input on your device through the use of transport layer security, which provides communication protection between a web server and you. This is why it's trusted by most online retailers and banks.
An added benefit from HTTPS is it protects your data. Your internet service provider loves to snoop on you because they can sell your online behaviors such as which websites you visit to companies, who conduct behavioral advertising. However, with HTTPS websites, the ISP can see which websites you visit, but not the pages you access on the site. This limits the amount of information they can collect from you, resulting in less spam from marketing companies.
Pro Tip: You can also use a private Internet browser as an extra layer of protection.
Keep in mind HTTPS secures the data during transmission only, and even then there's no guarantee that an outside viewer cannot conduct traffic analysis on your data. If you have a device with outdated software, you run the risk of having your computer, tablet, or phone hacked. In the event this occurs, hackers can still access your data. While having HTTPS is helpful, you must do your part to protect your data. This includes the following actions:
- Make sure to have active security software installed and that it offers protection from malware, spyware and viruses.
- Along with updated software, use a firewall. This protects your device from intrusion by hackers.
- Practice safe online behaviors by refraining from clicking on links in email from unknown senders and using websites with HTTPS protocol when shopping or doing online banking.
Related: Keep your phone protected from hackers with these strategies.
How to Authenticate HTTPS Websites
It's unfortunate but hackers have kept up with the developments and have designed websites that appear to have the HTTPS authentication. Some even go so far as to implement the lock icon to make the website appear legitimate. Here are some ways to differentiate the real from the fake:
- Study the address bar to see if there are any inconsistencies. Sometimes, phishers do a great job with some aspects of the web design but don't execute it throughout. Often, you might notice a redundant extension to the address. So pay close attention to anything that might be off and trust your gut in the event you encounter inconsistencies.
- Additionally, banks don't request information via email. If you receive an email from your bank with a prompt asking you to provide personal data delete it.
The need for security and privacy when going online is more important now than ever. To help with this, many websites are using HTTPS addresses to provide secure connections when you enter and send data on their sites.
Consult our internet safety and online privacy guide for more tips and strategies to keep your information protected. However, it's important to remain vigilant as phishers have become adept at disguising fraudulent websites to access your data.