Wednesday, April 8, 2015

HTTPS gives you more than just Encryption!

You probably know the main benefit of HTTPS. ENCRYPTION.

If you're navigating to a website, it ensures that your passwords, banking numbers, credit card numbers, etc. are encrypted from your laptop all the way across the internet to whatever data center the website's web servers are located in. It prevents somebody from sitting anywhere in between and sniffing out your data in plain text (something that has been almost trivial nowadays with the free tools available). It also prevents malicious attackers from easily grabbing your session cookie in plain text, hijacking your session, and logging in as you. That would suck.


1.) Authenticity - If you are navigating a website, how do you know that page you're receiving is even from the website you initially navigated to? What if there is a man-in-the-middle who's intercepting all your web requests and serving back his malicious pages instead of the real ones? HTTPS gives you strong confidence in that aspect.

2.) Integrity - How do you know that the content you're downloading is original or if additional malicious content has been injected in by some malicious attacker? HTTPS also gives you confidence that the data hasn't been tampered with.

3.) 3rd Party Vetting - HTTPS certificates aren't just handed out, there is a little bit of vetting that goes on especially by the big trusted Certificate Authorities. Thus if you're on site and the certificate is from a trusted authority, you gain a bit of confidence in knowing that a 3rd party is marking this site as trusted.

4.) Revocation - Benefit #3 above about 3rd Party Vetting isn't always bullet-proof. The nice thing about HTTPS though is that if a Certificate does get compromised or is marked as malicious, it can be revoked, and then suddenly all browsers will warn a user if they're going to a site that is no longer trusted.

5.) User Trust - If you're running a website, you can potentially gain trust and increase sales by having the EV certificate that shows the Green lock/bar across the top of a browser.

6.) SEO - If you take the time and do it right, based on Google's current algorithm, HTTPS will give you a boost in your search ranking.

It's time get it done and migrate the entire Internet over.

Copyright © 2015, this post cannot be reproduced or retransmitted in any form without reference to the original post.

No comments:

Post a Comment