By Igor Magun
See that little lock at the top of your web browser? It’s a sign of something very important, and we need more websites to adopt it.
The lock shows that you’re connected to our website over HTTPS. In other words, you’re viewing this column over an encrypted connection. This makes your connection safer against any miscreants that might try to intercept it, especially if you’re on public WiFi, where your web traffic is easier to snoop on.
Anyone who manages to capture HTTPS data in transit will, in theory, end up with an unreadable blob. This helps protect login credentials, payment info, and your privacy. It also makes it harder for someone to modify the data you’re receiving.
Over a regular connection, data is transmitted unencrypted, making it readable to anyone who captures it. Your browser also makes no attempt to verify its authenticity, making it easier to slip changes in unnoticed. With HTTPS, a valid certificate has to be presented for any data that’s sent to you. In theory, only the website can produce such a certificate.
All other things equal, HTTPS can slow down connections slightly, but it’s insignificant on modern devices. And if the website supports the faster HTTP/2 protocol, it can be faster than a regular connection.
A well-designed website should default to HTTPS on its own, but if you want to be sure you’re using it whenever possible, the HTTPS Everywhere browser extension can help. Available for Mozilla Firefox and Google Chrome, the extension uses a crowd-sourced list of websites to redirect you to the HTTPS version whenever available.
Column continued below
The problem, however, is that many websites still haven’t made the switch. This is partly because some web hosts still make it difficult, if not impossible, to implement without spending money.
The Let’s Encrypt service can issue free certificates for HTTPS to website owners, but if a web host doesn’t automate the process for you, it can be challenging or outright impossible to use. Some hosts have made this super simple, but others will only offer a paid option that can cost up to $100 per year.
HTTPS needs to become widespread, and removing any financial barriers can make this much easier. As I’ve talked about before, security matters for everyone. Regardless of what kind of websites a host manages, there’s no excuse for not offering the option.
If you’re a website owner of any kind, I encourage you to consider adopting HTTPS. There are certainly many problems it doesn’t solve, but it’s an additional layer of security and there are increasingly fewer reasons to avoid it. If your host already supports Let’s Encrypt, it shouldn’t take long at all. And if they don’t, encourage them to do so–or frankly, look for hosting elsewhere.