Beginners Guide: Understanding SSL Certificates
There is a huge amount of sensitive information being plugged into websites all over the world on a daily basis. You’re filling out forms, purchasing goods and services, or paying bills. You feel safe, knowing that the reputation of the company you are providing the information to is stellar and you are confident that they will keep your information secure.
They wouldn’t use your data for anything other than the transaction you are trying to accomplish. But, what happens if someone else can see that information as you send it through?
Unfortunately, this is a really easy way for hackers to obtain your sensitive data. They will use tools like spyware to record the information that they want as you are sending it through to the target recipient. It’s often hard to know you’ve been compromised until it’s too late.
One way to thwart hackers is for the owner of the website to ensure their site connection is secure in the first place by having SSL.
What is SSL?
SSL stands for Secure Sockets Layer: excellent technology that has a funny name, and resolves a huge security problem.
For a long time now, most URLs began with “ http:// “ Over the last few years, you may have noticed that more and more website URLs begin with “ https:// “ That extra “s” indicates the presence of SSL encryption- that the website comes with added security to maintain the privacy of sensitive data as it passes back and forth from a browser and a web server.
Why is SSL Important?
Many companies do an outstanding job making sure that their website is an impenetrable fortress. Once the information is on there, it is difficult to obtain if you are a hacker.
The weak link is when that information is passed from your browser to their servers.
With SSL, an instantaneous direct connection is established between the browser and the server. Any information that is shared is encrypted.
Data Encryption isn’t Fiction
Once encrypted, the only way to translate that data back into plain text is to have the secret code to decipher it. If a hacker obtains encrypted data, it’s gibberish and your data remains secure.
How Many Websites Have SSL?
According to the Collaborative Projects site run by the Linux Foundation (who collects and reports statistics about websites loaded using Mozilla’s Firefox), approximately 78% of American websites were loaded by Firefox in the last 14 days using https, and nearly 70 million fully qualified domains are active at of this writing.
Compare that to 32 million fully qualified domains that were active and the 62% of American websites loaded by Firefox using https around the same time last year. SSL adoption has been picking up speed, especially after so many reports of sensitive data being compromised online over the last few years.
It’s clear that the numbers will continue to improve daily- people do not want to exchange sensitive information online without a sense of security.
Identifying Secure and Unsecure Websites
Your browser is your best friend. Instead of taking a microscope to your computer screen to search for the little extra “s” in a website address every time you work on the Internet, most browsers have added (or are in the process of adding) information tabs and labeling to the beginning of the address of websites that are not https, or provide an information tab to let you know the status of the website’s security protocol.
For example, this Google Chrome help page details the labels they use that are placed on sites. Labels include: “Secure,” which is usually in green to indicate “good to go,” “Info or Not Secure,” which provides general information on security and “Not Secure or Dangerous,” which shows up in red, to alert you to potential issues. This gives you the ability to identify sites that may be problematic, without having to learn the hard way.
SSL Adoption for Popular Sites
Despite the widespread adoption of SSL, there are still many major websites that have not made SSL a priority. It is wise to reach out to those website owners to help them understand that as a consumer, you are concerned and they can then prioritize keeping your information safe.
GitHubGist has been maintaining a list of popular websites that have not yet adopted SSL. The list is substantial and includes many well-known websites including (at the time of this writing) Fox News, HBO, British Airways and many other household names.
How to Secure Your Website
Technically, every website on the planet does not need SSL. You may not be a site that has a form, or accepts credit card payments, etc. However, with more and more people hearing about the importance of SSL or seeing that “secure” or “unsecure” indicator on their browser, it’s beneficial to have an SSL encrypted site for people’s peace of mind, no matter the purpose of your website.
At Josiesque Designs, we make sure that every new website
hosted on our server that needs an SSL is secure at no additional cost.
There are also organizations out there like Let’sEncrypt that offer domain owners certificates for free, for the benefit of the public. You’ll have to stay on top of recertifying every few months, so it may be in your best interests to pay for the service or partner with a great hosting provider, so that you won’t have to do the extra leg work.