What does “Secure” mean in the context of websites? Why is it important for websites to be secure?
Let’s start out by answering the first question.
When you load a web page, in effect you are downloading the web page and open the web page “file” in your web browser – no differently to how you download a PDF file and open it in a PDF reader. Since the first website was created in 1990, the protocol, (or method), to send web pages over the internet has been HTTP.
HTTP has been improved on since 1990 and has a lot of benefits. However, there is a major downside to it. Information sent over HTTP is sent in plaintext – that is, it is not encrypted and can be read by anyone looking. Loading a web page might seem almost instant, but in reality, the data is travelling through potentially hundreds of different routers, servers, computers and other networking hardware in order to arrive at your own computer. Anyone of these devices could, in theory, be reading the contents of the web page you’re downloading, and reading anything you type into the webpage, including usernames and passwords.
You might have noticed that some web address begins with HTTPS, rather than just HTTP. HTTPS stands for “HTTP Secure.” It is secure because it encrypts the data before sending it. The data being encrypted means that anyone attempting to read passwords you type into the website will just see random letters and numbers – in fact, they won’t even be able to see which individual web page you’re reading on the website. For example, if you browse through the various product pages on our website, the only thing anyone in the middle will be able to see is that you are visiting www.cambition.co.uk, not any of the individual pages you viewed, or any of the content of these pages.
An SSL certificate can be thought of as an add-on to a website which allows it to communicate securely over HTTPS rather than insecurely over HTTP. You see the padlock icon next to www.cambition.co.uk because we have added an SSL certificate to our site. You will hopefully see it on any website you visit which requires you to input a username and password, or other personal data. If you ever find yourself typing in sensitive information to a website without a secure icon, be very, very careful – all the information that you type in is visible for anyone looking to read.
In January 2017, Google Chrome started showing websites that require sensitive information that didn’t have SSL certificates as “Not Secure.” Other browsers quickly followed suit. Eventually, Chrome will start showing any website without an SSL certificate as unsecured, and further in the future, it’s possible that browsers show warning messages for, or will actively block HTTP websites and only allow HTTPS.
CAMBITION provides SSL certificates as part of our service offering – you can find out more by emailing firstname.lastname@example.org or calling 01223 656 156.