If you have a website, you have probably heard of HTTPS. It is a data exchange protocol on the Internet. Is this necessary for your website? Please read the following lines and make your own judgement.
How does HTTPS work?
HTTPS provides authentication of the website and associated web server that one is communicating with, which protects against man-in-the-middle attacks (a common type of cyber attack).
HTTPS also provides bidirectional encryption of communications between a client and server, which ensures that the contents of communications between the user and site cannot be read by any third party.
Here is a simple example for a traveller who is using an online hotel booking website with a login and password:
- If the website does not use HTTPS, the login and password are not encrypted. If the traveller uses a public internet connexion (such as a wifi hotspot) the data can be intercepted and re-used by malicious persons.
- But if the website uses HTTPS, the login and password are encrypted, which means that they cannot be read by people who would intercept the data.
Advantages to using HTTPS
HTTPS is based on SSL or TLS security protocols. These are standardised security systems which are safe. They have been analysed by many cryptography specialists.
Since last year, Google has put HTTPS under new spotlight with starting to use it as a ranking signal. This is another big advantage to using HTTPS: it improves your SEO!
Common mistakes to avoid
The most common mistake is just ignoring HTTPS and thinking that only websites with online payment system should care about security. If your website contains a registration space this is far enough for having some hackers interested about it!
Other mistakes include not updating your HTTPS certificate. If the certificate has expired, the web browsers will send alerts telling users to avoid your website. Furthermore, there are several types of HTTPS certificates and various encryption algorithms. Some of them can be out of date, some being safer than other. This is why you should also ensure your server configuration.