HTTPS, TLS…PHP, TCP…ph’nglui mglw’nafh Cthulhu R’leh wgah’nagl fhtagn…
Overflowing with acronyms, the language of internet security can sometimes sound like an alien language directly pulled from an H.P. Lovecraft story.
As such, it can often appear unfathomable to us mere mortals and as if only a handful of experienced followers are equipped with the knowledge to comprehend its true meaning.
Fortunately for you, we’re not followers of the Great Cthulhu and HTTPS is less incomprehensible than the jumbled syllables of Lovecraft’s fictional, Elder God language. We want to demystify it for you and banish the notion that internet security is difficult to understand.
Let’s start with what happens when you visit a website. When you visit a site, your computer communicates with the web server and downloads the information in order to make it viewable but it also has to send information back depending on the type of website it is, such as your login details, online banking information and personal data.
This method is known as HTTP (Hypertext Transfer Protocol) and it’s problematic because all of the information passed back and forth is in plain text, meaning your information is readable and easily intercepted by hackers.
Fear not because this is where ’S’, the 20th letter of the alphabet, steps in like a burly security guard on the door of an exclusive club (we’ll call him Steve). Without the addition of Steve, anyone can come and go as they please, he also keeps the guest list hidden respecting the privacy of the club-goers. Hire Steve and he’ll keep out those unscrupulous types who want to steal your information.
The ’S’ in HTTPS (which actually stands for Secure, sorry Steve) ensures that all of the information passing between your computer and another server is scrambled so none of your personal details or data can be stolen.
HTTPS uses a special key on the server to encrypt the data in transit, meaning if someone were to intercept it, the information would be a mess of unusable, scrambled nonsense.
This whole process can be illustrated by a recent news story where artist Banksy installed a shredder in his own work ‘Girl With Balloon’ at a Sotheby’s auction, setting it to shred once the final auction hammer hit the podium.
But how can you know if a websites connection is secure or equipped with its own virtual shredder? Luckily, sites using HTTPS show an image of a padlock in their address bar. When you request a HTTPS connection to a webpage, the website will send a certificate to your browser. This TLS (Transport Layer Security) certificate contains the key which is needed in order to proceed securely.
You may be more familiar with the term SSL (Secure Sockets Layer). TLS is simply an upgraded and more secure version of SSL, but the term is still commonly and acceptably used.
If your website exchanges personal information in any way, whether you have a mailing list, a ‘contact us’ form or you sell goods and services, if your site doesn’t include HTTPS then you’re putting your customers at risk by leaving their data unsecured.
Every trusted website uses TLS certificates and without them, not only are you letting down your customers but your site will show up less frequently in online searches.
You can acquire free TLS certificates with LetsEncrypt but if you want extra piece of mind and want to build a trusted relationship with your customer, there are more premium, professional versions that can also validate your company ID.
We have one on the Twist Development site, which shows our name alongside the all important padlock, cast your eyes upward to your address bar and take a look. We take our customers security seriously and value their privacy, you should too.
So while HTTPS and TLS might not protect you against the rise of the Elder Gods it can certainly protect both yours and your customers information from anyone looking to exploit it. Remember you can always contact us if you have any questions or need additional support, though we don’t speak Elder God, sorry.
If you have a website and hosting through Twist Development, then rest assured that your website will include a security certificate as standard.
Sign up for our newsletter for updates on blog posts and Twist servicesSubscribe
Free self-signed certificates from Let's Encrypt