The HyperText Transfer Protocol Secure, mainly known as HTTPS, in the secure version of the HTTP. HTTP is the main protocol used to send data between the browser and the web site. At the same time, HTTPS uses encryption to increase data transfer security.
This is crucial when user transmit sensitive data, as when logging into a banking application, an e-mail service or any other similar service.
HTTPS has an encryption component known as TLS/SSL, and which uses certificates from the standard X.509. This is a public key standard that is used to create digital certificates to allow users to authenticate the senders of messages. With them, web browsers make sure thath a server really belongs to the domain you want to access. Furthermore, this secure protocol uses the port 443 and not port 80, the usual port for HTTP. Ports are part of a network address and allow an exact allocation of connections between client and server.
How does HTTPS work?
When you want to access a web page from a browser, is first encrypted with the HTTPS layer. Thus, the data transmitted from the served to the browser are encrypted and, via the HTTPS sublayer of web browsers, thay are decrypted again so that users can see the information. The relevant web page can then be accessed as usual. The difference with HTTP browsing is that it is truly end-to-end secure.
HTTPS security and limitations
The security guaranteed by the HTTPS does not only depend on the encryption, but also on its implementation on browsers and servers. SSL certificates are currently considered secure, but this data transmission, in itself, is not enough to guarantee complete protection.
Why? The reason is because data security requires secure storage at the recipient. Furthermore, the transmitted information is available unencrypted in the final system, so security is as important as the computer used (and its system).
HTTPS use and importance
HTTPS is currently used as an standard, specially on websites that require user to enter sensitive information. The main areas of application are therefore (and because of their importance) online banking transactions and password-protected accounts.
As examples of those we have online ecommerce sales accounts, e-mail accounts and social media accounts. An attack on this accounts and the information stored intham can cause great personal or business damage. However, there are websites that require personal data to be entered even without an account, such as travel agencies or flight and hotel providers, which require traveller’s data to be sent to the provider via internet.
For this reason, when surfing the Internet, users should always ensure that the website they visit guarantee a secure connection and the protection of sensitive information.
Therefore, any user should look at the URL of the site they are accesing and check there is a «https://» at the beginning of the address line in the browser. On most of the cases, the secure protocol is also visually highlighted by a small padlock symbol: if the padlock is missing, web browsing is not secure and anyone can access the user’s login information (credentials) This is why HTTPS is the best choice for secure browsing.