In this article we explain what HTTPS is and why it’s necessary to secure any website or web application that transmits personal information or login details.
what is HTTPS?
HTTPS lets your web browser or mobile phone talk to a website securely, preventing eavesdropping by other people on the same network.
It is widely used on the Internet, employed by millions of websites to protect their customers. Most of the big players (Facebook, LinkedIn, Twitter, Gmail) have started using HTTPS by default in the past few years, and some of them now only allow access through HTTPS (e.g. Gmail since March 2014) to keep their users safe.
When HTTPS is enabled on a website, the URL starts with “https://” instead of “http://”, and the user’s browser will display a padlock icon, and in some cases a green bar, to tell the user the connection is secure.
|Gmail in Firefox|
|Twitter in Firefox|
|LinkedIn in Internet Explorer|
|Facebook in Chrome|
|PayPal in Chrome|
why does it matter?
If a user connects to your website or web application via an insecure network, critical information such as account passwords or personal data could be picked up by criminals and used illicitly on other websites.
We have previously stressed the importance of keeping passwords secure, but the reality is many users reuse the same passwords on different accounts. The criminal may not be able to do much with your user’s password on your website, but if they have the same password on their Amazon account, just imagine what could happen; and you can potentially be blamed for it.
Without wanting to overreact to the security paranoia, the fact is that these criminal attacks are widely documented and available to anyone through a simple Google search. Some examples of these attacks target Wi-Fi networks; there are plenty of opportunities to connect to Wi-Fi networks when you’re on the go these days, which is great, but even if a Wi-Fi network has a password, that doesn’t keep you safe from other people connected to the same network. It’s very simple for any of them to see what you’re doing and potentially steal critical information.
Ensuring data is sent through the browser using HTTPS ensures that such information is encrypted and secure, which means that your website users will be protected when connecting to your website from anywhere.
It can help increase your search ranking
Google recognises the importance of online security and is pushing for all websites to create a HTTPS connection and has started using SSL as one of the factors that increases search ranking.
As an added benefit, links from other SSL-protected websites will show up in your analytics traffic sources data – which they don’t for insecure websites.
What you need to enable HTTPS on your website
To be able to create an HTTPS connection a web server requires an SSL Certificate that you will need to purchase from a certified authority and install on the server. The certificate has an expiration date – they are normally valid for a year, but some providers will offer reduced prices for longer periods. The time to issue a certificate varies from 10 minutes to several days, depending on the type of SSL certificate and therefore the level of security check required.
Yes, going for the secured option has a cost – but it’s one worth paying. The use of HTTPS on websites that require sending sensitive information will protect your customers, protect you, and help you to gain your customers’ trust and thus sell more.
If you have any questions about this, or would like to enable HTTPS on your website and need help with it, please do get in touch with us.
Our friendly, highly experienced team of web designers and software developers are dedicated to helping our clients achieve the outcomes they want. From web design and development, to complex software solutions, we apply our creative and technical know-how to deliver the perfect solution.