Why we need HTTPS on our websites
The web is becoming unsafe. New vulnerabilities and data breaches being reported on a daily basis. Security on the web is becoming more important than ever. It is important for web admins to do a better job of securing the content that we use so that we can protect users from various attacks.
Why HTTPS?
Software engineers had to adopt HTTPS. HTTP simply means Hyper text transfer protocol while HTTPS has an s appended to it that stands for security. HTTPS protects the authenticity and integrity of the exchanged data over the network by encrypting and decrypting the requests and responses between clients and servers. This encryption is done over the Transport Layer Security (TLS) or Secure Sockets Layer (SSL).
Prevention of Man in the middle attacks
A Man in the middle attack occurs when a devious third party secretly monitors and then alters communications between two parties who believe they are directly communicating with each other.
The HTTPS layer ensures that the communications between the client 's web browser and the server is encrypted and cannot be intercepted by the devious party
3 Ways by which a Man In The Middle attack can occur include:
- Using a Cyber Cafe: Your data can be compromised if you don't use a trusted Cyber cafe
- free Wi-Fi : Connecting your computer to a public WI-FI where a Man In The Middle may exist.
- If you are careless and an attacker has control over your router, and the browser communicates with the router, a Man In The Middle attack can also take place.
Why we HTTPS is needed today
Most browsers are actively discouraging users from using webpages served insecurely
The most famous is Mozilla. It recently announced that secure contexts is now required for all new features that are web-exposed. They said:
Effective immediately, all new features that are web-exposed are to be restricted to secure contexts. Web-exposed means that the feature is observable from a web page or server, whether through JavaScript, CSS, HTTP, media formats, etc. A feature can be anything from an extension of an existing IDL-defined object, a new CSS property, a new HTTP response header, to bigger features such as WebVR. In contrast, a new CSS color keyword would likely not be restricted to secure contexts
SEO benefits
in 2014, Google announced that HTTPS will count towards a website’s rankings in its Search Engine Result Pages (SERPs ). It is believed that Google will soon start enforcing this rule.
Conclusion
The signs are all here. If you’re developing a new website, you need to start with HTTPS from day one. If you have other existing websites, it is important to switch over to HTTPS as soon as possible to prevent any incidence.
Thanks for reading