For most of us, the only difference between HTTP and HTTPS is that one has an S added at the end. Until relatively recently, people didn’t really get the concept of security while browsing the internet – most browsers simply showed a small exclamation mark if a website wasn’t secured, something which the general population ignored. This is no longer true.
Websites that are not secure are now flagged by Google as being insecure, and are given less preference in search results. If you run a website, then you know how big of a problem this is; searching is one of the premier ways people discover new websites. Let’s look at what HTTPS and SSL mean and why you need to understand and adopt them.
HTTP refers to Hyper Text Transfer Protocol. It is the main protocol through which we access different websites, and have been doing so for decades at this point. HTTP was fine when the world wide web was still in its infancy. Soon, as more and more services started requiring privacy, the need for a more secure standard was needed. The problem with HTTP is that it is naked data which can easily be intercepted.
HTTP passes data between networks unencrypted which makes it very easy for hackers to intercept data. This is a big problem when it comes to services that require privacy and security like payment gateways passing credit card information, which is why HTTPS was born. HTTPS is the same protocol, but it is encrypted, which is why Hypertext Transfer Protocol Secure is being adopted widely now as the standard protocol method.
When you visit a website that uses HTTPS, someone who has access to your network cannot see what you do on that website. They may be able to see that you visited https://www.google.com, but they won’t be able to see what you are searching for, or what data you entered. This is all done through security certificates.
SSL stands for Secure Socket Layer. It is an encrypted channel on which data can be sent securely. SSL Certificates are the key to this process. The way they work is very simple. A website has a SSL Certificate which is unique to it – when you visit it, the SSL Certificate is shared with you. The data you get is encrypted using the certificate, so no one can pretend to send fake data to you, because only the original website has the certificate to encrypt things. Then, in turn, when you submit data to the website, it is also encrypted using the certificate, so the website can ensure that the data came from you. Anyone trying to eavesdrop will fail, simply because they don’t have the certificate, and thus cannot understand the communication.
The Growth of Security
In the beginning of 2016 around 40% of websites loaded by Firefox users were over HTTPS. By July 2017 this number had grown to 60%, and it will only continue to increase. The reason why this increase happened and why you need to get an SSL certificate is the same, and the reason is Google.
Unencrypted communications are dangerous. Even if you aren’t posting confidential information online, it is still information about you that can be used in some way. The solution is to ensure that all communication is encrypted, which is exactly what Google and other companies want. Google is now directly punishing websites that do not use HTTPS and SSL. Users are told that your website is not secure, and this will effect your search results (SEO).
Thus, if you want your users to visit your website with confidence, and if you want it to be ranked good on search engines, you need to start using HTTPS by getting an SSL Certificate right now.