When we visit different websites, we often see a green lock icon with the word "Secure" to the very left of a URL in the Web Browser's search bar and we see it only if that website is a https site. HTTPS stands for Hypertext Transfer Protocol Secure, and this internet communication protocol protects the confidentiality of data between an internet user and the website, so it means a secure connection between that internet user and the website he or she visited. But does this https before a website URL really mean a website is safe?
The answer is NO. In a single sentence "a secure connection does not mean a secure site". So, if you are seeing this green lock icon with the word "secure" before any website URL it means the confidentiality of data no matter what you share with that website are protected and secure, no third person would be able to see them when the data are being transferred from the user to the website server, but that website may or may not be safe.
To understand HTTPS first we have to understand HTTP and SSL separately because in short HTTPS = (HTTP + SSL/TLS).
[updated and more secure version of SSL is TLS]
HTTP stands for hypertext transfer protocol, and it is used to transfer data like images, sounds, videos, texts, multimedia files etc. on the world wide web. But the problem with HTTP is when we load any website over plain http the connection to that site is not encrypted, any data that are being shared between the user and the website remain in their plain format or remain unencrypted so anyone on the network can look at the data or can modify any data information with special technique. So, http is clearly not secure.
To deal with this problem SSL protocol was developed in 1994 by Netscape and the purpose was to design an encrypted data path. SSL stands for Secure Socket Layer and SSL certificate was created as a solution for internet security. SSL certificate is needed to create SSL connection. Many genuine SSL certificate providers are there. When website owners buy and use SSL certificate in their websites then their websites become SSL-protected website. It then ensures a secure and encrypted connection. So, when you visit a website with SSL, https appears in the URL.
So, it is now clear that when we see a https before any website URL it means the data that are being transferred from a user computer to a website server are secured and encrypted and no one can see or decrypt them but what about the data that are being stored on a website server's database? or what about the data that are on the user's Computer? If the website server's database does not store them securely or if the user's computer is not secured, then in both cases data can be hacked.
A phishing website or a scam website can also use SSL certificate because now a day it is very easy to buy SSL certificates. There are three types of SSL certificate available that offer 3 levels of user trust: Domain Validated Certificate (DV), Organization Validated certificate (OV) and Extended Validation certificate (EV). And it is very easy to buy DV for websites and need no special requirement. So, any phishing or scam websites can also use them to create a secure connection. So just because a phishing or a scam website is using https does not mean it is a secure site.
0 Comments