Have you being paying attention to the address bar of your web browser while surfing the internet? If yes, then you must have noticed a padlock icon just beside the URL as shown above, otherwise, look out for it from today or type https://google.com/ on your browser to see the padlock Icon. The padlock icon brings good news indicating “the page you are on is secured” and all data sent back and forth are only for you therefore no third party can snoop into your traffic and access or steal your data. Historically, this padlock icon is known to be found mostly on bank sites, payment sites e.g. PayPal and on site using password in order to secure the user data, however, this has even been extended to search engines and other sites.
How it works…
This protocol is called HTTPS (Hypertext Transfer Protocol Secure) – this is a secured transfer protocol that the web server uses to communicate with web browsers. Data sent back and forth between the web server and the web browser are encrypted hence preventing third party attacks. The SSL (Secure Sockets Layer) or TLS (Transport Layer Security) encrypts and verifies the integrity of the communication between the web server and the web browser and also verifies that the browser is talking to the correct server. In order to use SSL or TLS, a certificate is needed. The administrator must create a public key certificate for the web server and this certificate has to have been approved by an independent certificate authority (CA) certifying that the certificate holder is the operator of the web server that presents it. Once this is done and deployed, the website becomes secured for users.
You should be worried when…
- Your address of the website you are visiting uses http:// and not https://
- You can’t see a padlock Icon on your https site
- Https is crossed or red
- The padlock Icon is crossed
- Browser warning “only secured content is displayed…”
The outlined signs above are things to worry about as they are all indications that something is wrong however what is wrong each time might vary – It might be that certificate has expired, server was misconfigured, user error, incorrect clock on your PC, certificate validation failed. My advice is “do not give out your details when you see any of these signs as whatever information you share will be at your own risk”.
You should also know that…
There is a certificate called Extended Verification Certificate which some sites use. They are harder and expensive to get because they provide additional verification. They show a slightly different thing in place of the padlock. The beginning of the address bar displays not just the padlock but with the name of the entity e.g. https://paypal.com/
So, next time when you see the padlock Icon or the padlock Icon with the Entity name (most times in green colour), you can be rest assured that you are in good hands…have fun surfing the internet!!!