https://www

What is https and why should you care? That’s the topic for today’s post!

HTTPS is a protocol for secure communication, widely used on the Internet. When you enter data into  website (i.e name, address, credit card number), the owner of the website has to “send” this information somewhere for processing. HTTP on the other hand is a unsecure protocol for communication.

Let’s use an analogy to illustrate: if an armed guard needs to transfer money from his truck to a bank, he could simply put the money in a paper bag that anyone can open (think HTTP), or he can put the cash in a safe that only the bank has the combination to unlock (think HTTPS).

HTTPS is the protection of exchanged data while in transit. wikipedia

HTTPS is not 100% foolproof because keys/combinations can always be hacked; but, when you see this designation on a website you can be a little more sure protection in is place.

Feel smarter? If you know to look for HTTPS before entering personal data into a website, I’d say you are!

 

Encryption

EncryptionToday I watched Eric Snowden’s address at SXSW, transcript. It was a very interesting discussion. One of the more interesting and recurring themes mentioned as a way to protect personal data is called Encryption. It dawned on me that some people may not know what this is, so I’m here to explain!

There’s a whole lot of information that we don’t want other people to see, such as:

  • Credit-card information

  • Social Security numbers

  • Private correspondence

  • Personal details

  • Sensitive company information

  • Bank-account information 

Encryption is the process of encoding (or making secret) information so that only the person (or computer) with the key can decode it (HowStuffWorks). While there are many ways to encrypt information what I want to focus on the easiest way to tell if a website you frequent is encrypting the information you provide. The way to tell is with HTTPS (Hypertext Transfer Protocol Secure ). It describes HOW websites should transmit data.

Let me give you an example – You open your browser and head over to your bank’s website, say Chase. When you get to the site, you enter your username, password and click on the button that says Log In.

chase

What happens to the information (username, password) that you entered? How do we make sure that no one can easily intercept (or hack) the data and log in to your account later?? As mentioned earlier, the HTTPS protocol mandates that this information be transmitted in a secure way… For the sake of this post, you don’t have to understand any more details than that!

What I want to focus on is how you can tell if a website you frequent is following the HTTPS protocol. That’s important because if you log into a site that does not use HTTPS, it’s like the equivalent of writing your username and password on a postcard and mailing it for the entire world to see (Slashdot). The simplest way is to look at the browser bar – you know, where you typed “chase.com”. If the site is using one of many encryption methods, you will see https://www.chase.com/ instead of http://www.chase.com/. Go ahead and try it out on your favorite sites…

https

So, you may be asking to yourself… “If HTTPS is more secure, why doesn’t every website use it?” Well, that’s because it’s expensive and requires more processing power (computer hardware). Or you be thinking, “Why doesn’t someone mandate that personal data always be transmitted in this way?” Queue Congress and the NSA! …

I just want you to be AWARE of the situation. If you are asked to make a payment on a website and you don’t see HTTPS in the browser, politely decline! If there’s a new, hot social media site that you want to join that utilizes your personal information and you don’t see HTTPS, think again!

Now, I hate to burst any bubbles, but encryption algorithms CAN BE HACKED. In the case of Target and the recent credit card debacle, they actually were encrypting credit card data and pin numbers. The problem is with the method of encryption they used. And yes, you can combine more than one encryption method to make information transmission more secure. It would be sort of like using a key to lock your doors + having a dog + setting your house alarm before you leave for work each day (yes, someone can still break into your house, but AT LEAST you’ve taken measures to protect your assets.) Just keep in mind that the method and approach is currently left up to the individual business or entity.

Knowledge is Power!