In this episode, Daniel Weaver, a developer at Infomedia, discusses what HTTPS and SSL mean, how SSL can protect your information and what could happen if a site doesn’t have SSL.
The “s” in HTTPS stands for SSL. SSL is a way in encrypting your interactions with a website. A website speaks in a kind of code — not like programming code, but more like a code you might have used with your childhood friends. Encryption is essentially the same thing, and SSLs are the key to this special code language.
SSLs have several parts: a client side part that lives in your browser, and a server side part. When your browser wants to talk to the server, they communicate to one another using the same version of a code (called a “handshake”) and begin sending messages using this special, secret code. This protects the messages between your browser and the server.
A few years ago, there were very few sites that had SSLs. Suddenly, it seemed that Google began requiring SSLs. This is because we began to realize that the majority of the internet is very insecure. Maybe in the past, you visited a coffee shop and used their free WIFI to log in to your bank account. Before SSLs and HTTPS, your information would be sent from your computer to the coffee shop’s WIFI network and then to the server. The problem is that without using SSLs, all of this information (username, password, etc.) was sent plainly — not encrypted. Anyone who knew how to do so could see this information traversing the WIFI network because it wasn’t protected. With an SSL, the information is encrypted and is very hard to decipher.
These days, browsers have started to warn users if a website doesn’t have an SSL. There’s no reason to not have an SSL on your site, especially since they’re free these days. As Daniel says, it’s like adding a deadbolt to your front door.