If you ever used some popular online platforms (Gmail, facebook, twitter, …), at some point in time they should have asked you if you want to activate https. I don’t know about you, but if I were a regular user who is averse to technical jargon, I’d say “thanks for asking, but what is https?” and “Why use HTTPS?”. The purpose of this article is to give you a simplified (as usual) explanation on what it is, and why you need it.
Firstly, what is HTTP?
You know it, most of the websites address all begin with a technical jargon/acronym similar to HTTP://, simply put, HTTP is the protocol used for transferring websites from one web server to your browser. This has been around for years now and hasn’t changed much. Be careful though, it is different from HTML which is the language used for describing the web page itself.
On HTTP mode, all the transactions, or discussions if you prefer it, that is happening between your browser (Mozilla, Chrome or Safari, or Internet Explorer…) are happening in the clear text.
What does this mean? Let’s take an analogy: if you are using a phone line to call someone else if a third person (called man-in-the-middle) plugs himself into the actual phone wire. He would be able to listen to your discussions as there is no protection or whatsoever that hides this discussion from being heard. That’s what actually is happening with HTTP: any man-in-the-middle can listen to your web discussion.
Why is this important?
Although it may directly raise a red flag for you, think about it a second time. Just consider the following: you are in a public internet café, and just dropped by to check your Gmail (or whatever online e-mail account you have). You open your browser and enter your username and password through an HTTP connection. Bingo! You’ve just allowed a man-in-the-middle to get access to your credentials (ok, I do admit there won’t always be a man-in-the-middle trying to sniff your password in every internet café, but you have to admit too that the risk is real).
So how do you prevent it from happening? This is where HTTPS connection come handy. Unfortunately, this isn’t yet a commonly used protocol. But major mainstream websites are implementing it although it isn’t turned on by default. At the beginning of this article, I was referring to Gmail, Facebook, and twitter – those aren’t the only websites implementing it, but at least they will protect your traffic from being sniffed.
So, why use HTTPS?
Here is how HHTPS protects you: in fact, when using the HTTPS protocol (the website you are viewing is using https:// instead of HTTP://), every traffic going between your browser and the website you are accessing is encrypted, thereby making it very difficult for a man-in-the-middle to decrypt it and have access to your credentials.
Now, at least you know that when you have activated https for your service, you can be sure that you are giving a hard time to the hacker that is quietly waiting inside (or outside) the internet café waiting for you to enter your credentials.
The bad thing though (because there’s always a bad thing, isn’t it), there’s not an On/Off button that switches on or off the HTTPS for every website you are trying to access, you have to do it on a case-by-case basis. I know it can be a lot of hurdles, but it’s definitely worth the effort.