It simply means that you are using an insecure Hyper Text Transfer Protocol (HTTP) rather than the protected Hyper Text Transfer Protocol Secure (HTTPS) to transmit data between your website and its server.

Why does it suddenly matter?

Lately, all major web browsers, including Firefox, Internet Explorer and Chrome, are pressing for a more secure web experience. In doing so they are taking steps to indicate to the web user whether a website is indeed using a secure connection or not. Several website clients of ours here in Aberdeen, South Dakota, have been asking about why their site is suddenly “not secure.”

How is your site affected?

If your website address uses the label http:// it will be flagged as insecure. All communications sent over regular HTTP connections are in ‘plain text’ and can be read by any hacker that manages to break into the connection between your browser and the website. This presents a clear danger if the ‘communication’ is on an order form and includes your credit card details or social security number. With an HTTPS connection, all communications are securely encrypted. This means that even if somebody managed to break into the connection, they would not be able to decrypt any of the data which passes between you and the website.

Below is an illustration of the difference between HTTP and HTTPS:

HTTP and HTTPS comparison courtesy of Comodo Inc.

Benefits of HTTPS

  • Increased Customer Confidence
  • Improved security and data integrity
  • Avoid ‘connection is Not secure’ warning in browsers
  • Authentication – This validates that users are communicating with the intended website. Not only does this build user trust, but it also prevents intruder attacks, which is beneficial to any business
  • Encryption – With the data exchange between your browser and the website being encrypted, no-one can track activities across multiple pages or steal your information

How does HTTPS work?

HTTPS pages typically use one of two secure protocols to encrypt communications – SSL (Secure Sockets Layer) or TLS (Transport Layer Security). Both the TLS and SSL protocols use what is known as an ‘asymmetric’ Public Key Infrastructure (PKI) system. An asymmetric system uses two ‘keys’ to encrypt communications, a ‘public’ key and a ‘private’ key. Anything encrypted with the public key can only be decrypted by the private key and vice-versa.

As the names suggest, the ‘private’ key should be kept strictly protected and should only be accessible by the owner of the private key. In the case of a website, the private key remains securely ensconced on the web server. Conversely, the public key is intended to be distributed to anybody and everybody that needs to be able to decrypt information that was encrypted with the private key.

When you request an HTTPS connection to a webpage, the website will initially send its SSL certificate to your browser. This certificate contains the public key needed to begin the secure session. Based on this initial exchange, your browser and the website then initiate the ‘SSL handshake.’ The SSL handshake involves the generation of shared secrets to establish a uniquely secure connection between yourself and the website.

When a trusted SSL Digital Certificate is used during an HTTPS connection, users will see a padlock icon in the browser address bar. When an Extended Validation Certificate is installed on a web site, the address bar will turn green.

Talk to us about making your website secure

McQuillen Creative in Aberdeen, South Dakota has been developing and managing websites for over 15 years. Security, reliability, and service help keep your website safe and working. If your website is suddenly not secure, call us for website help at 605-226-3481, especially if your current web provider won’t respond.

More reading

Smashing Magazine : The Complete Guide To Switching From HTTP To HTTPS

Learn more about MCG’s website management services