So What’s the Scoop on “HTTPS” and “SSL”?

April 27, 2011  |  Web 101

Think of chinese telephone. Let’s say Ben and Franklin want to talk to each other, but there are people in between that they must pass their messages through. Ben and Franklin can talk to each other with plain English. The downside to this is that everybody in between will hear what they are saying. On the other hand, Ben and Franklin may decide to talk to each other by scrambling a message, passing that message through the chain, and then unscrambling it at the other end. With this method, nobody in between Ben and Franklin knows what is being discussed. They only know that Ben and Franklin are talking to each other.

https in chrome

This is what a secure https connection looks like with Google's Chrome browser.

You will notice that most login pages for legitimate web sites use https to prevent anybody in the middle from intercepting your username and passwords.  However, most web sites serve the rest of their pages in http because it’s faster for them (they don’t have to waste time scrambling messages).  You should NEVER fill in credit card information on any page that is not protected with https. Anybody in between can steal your information. Companies like Facebook and Google are starting to figure out how to serve pages using https quickly.

For those interested in securing their information from men-in-the-middle, Google started promoting the https version of their search engine this week for secure googling. Special thanks to my Middle School P.E. teacher Miss Davies for pointing out that Facebook also recently added support for https.

  • Jjunerr

    very good example to use and I can share this with my children and they will understand