‘HTTP’ is ‘insecure’

‘HTTP’ is ‘insecure’

We all ignore the use of http:// or https:// when we type in our address bar the website link. What’s the difference between the two anyway?

 

HTTP stands for Hyper Text Transfer Protocol which is a protocol over which data is sent between your browser and the website that you are at. The ‘S’ at the end of HTTPS stands for ‘Secure’. This means that all communications/connections between your browser and the website are encrypted. HTTPS is often used to protect highly confidential online transactions like online banking and online shopping order forms; however, has slowly become the new standard to all websites, highly confidential or not.

Google Chrome Labels HTTP as insecure!

With the increasing use of the internet, google, in an attempt to make surfing the web safer, has now labelled any and all websites that do not redirect or automatically load in https as insecure in their web browser. Most websites do not care if they have an insecure connection if they do not require personal information.

 

 

Google has also been lowering the rank of websites without https on their search engine, thus, forcing website owners to place an https certificate on websites in order to keep high google ranking results and secure connections with clients. But the real question is, will google chrome browser effect other browsers, such as firefox, edge, etc. to preform the same changes in the near future?

Developers have been transitioning their sites to HTTPS and making the web safer for everyone due to the implications that google has put into place. Progress last year was incredible, and it’s continued since then:

  • Over 68% of Chrome traffic on both Android and Windows is now protected
  • Over 78% of Chrome traffic on both Chrome OS and Mac is now protected
  • 81 of the top 100 sites on the web use HTTPS by default

 

How Does HTTPS Work?

“HTTPS pages typically use one of two secure protocols to encrypt communications – SSL (Secure Sockets Layer) or TLS (Transport Layer Security). Both the TLS and SSL protocols use what is known as an ‘asymmetric’ Public Key Infrastructure (PKI) system. An asymmetric system uses two ‘keys’ to encrypt communications, a ‘public’ key and a ‘private’ key. Anything encrypted with the public key can only be decrypted by the private key and vice-versa.

As the names suggest, the ‘private’ key should be kept strictly protected and should only be accessible the owner of the private key. In the case of a website, the private key remains securely ensconced on the web server. Conversely, the public key is intended to be distributed to anybody and everybody that needs to be able to decrypt information that was encrypted with the private key.”

What is a HTTPS certificate?
Benefits of Hypertext Transfer Protocol Secure

 

References:

https://www.instantssl.com/ssl-certificate-products/https.html

https://www.theverge.com/2018/2/8/16991254/chrome-not-secure-marked-http-encryption-ssl

https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html

Related Post