We all look for safety, security, credibility and trust when doing any finance or non-finance transactions on websites that we visit. This safety is granted to us by SSL shield as seen in Facebook’s mandatory SSL for all applications and Google’s transition to standard “HTTPS” for logged-in searches on Google.
So what is SSL? SSL stands for Secure Sockets Layer, a protocol for managing secure interactions between a web browser and web server by encrypting the traffic. This add-on feature acts as an enabler in keeping sensitive information such as debit or credit card details, CVV number, one time password, normal passwords, and so on “confidential”. It prevents unwanted third party or hackers from breaching your security.
With customers getting more aware and tech savvy it is essential for you to shift from HTTP to HTTPS if you haven’t already done so. By not having in place SSL you will deter potential customers who are security conscious from using your site and even visiting it.
- HTTP is the default protocol for browsing web pages
- HTTPS is the more secure version of HTTP which tells the website to communicate using the SSL certificate
- Earlier most sites had HTTP but HTTPS was invented to provide additional protection.
How do you check if your website is secure? The best way to do this is to see if the address bar has got a green padlock in it. If it does then it means that the website has SSL certificate and is loading the content securely. It can vary depending on the browser but the green padlock must be somewhere in place.
It is to be noted that some of the sites may have an SSL certificate but not automatically tell your browser to load the page through HTTP. You can check this out by changing the HTTP part of the address to HTTPS. Some websites may be configured in such way that they would redirect you back to HTTP automatically. If it is successful you will be directed to the secure version of the website and you may find either a green padlock or else one of the following:
Red Padlock or HTTPS crossed out: This means that the page made an attempt to load securely but it doesn’t have the SSL certificate. It may popup with a warning in some browsers.
Yellow Padlock or No Padlock: The website may have an SSL but it is loading some resources insecurely. It could be an image, a Java script library, external resources from a website which doesn’t have a SSL set up, or any other things.
Not Secure: Some browsers particularly Google’s Chrome has of recent focused on SSL certificates in a bigger way. The recently launched Chromium 62 has added a “Not Secure” message in the address bar of websites which do not have SSL certificate. Users if they observe properly while entering data can see this.
We are in the age of e-commerce and many of us make purchases online, the usage of internet and website will keep increasing and it is paramount to protect the communication of confidential data online.
What are the various types of SSL and how can we use them?
There are various types of SSL certificate extended validation (EV SSL), organization validated (OV SSL) and domain validated (DV SSL).
Most of these certificates can be purchased and these certificates provide protection for 128 bit encryption. Although industry standard is 128 bit, 256 bit is also available.
Domain Validated SSL: This type of certificate just validates the domain. It is the most common form of encryption but since it does not have company information it doesn’t identify who is on the other end. As no additional information is required this is obtainable easily.
Organization Validated SSL: This is akin to domain validated but with an additional feature. This requires some company information to be submitted. The information is displayed in the certificate if the user wishes to confirm the same. Users can see the green padlock in the browser. This type of certificate is more expensive when compared to Domain validated and it takes longer since the information needs to be submitted to the certificate authority for vetting.
Extended Validation (EV SSL): This certificate is the latest in the market and provides the best levels of authentication. This displays the company name in the address bar next to the padlock and requires a large amount of verification. Though the longer time can be cumbersome and users need to shell out more pennies this one guarantees safety and security.
To sum up it is important to know your audience in particular. If there are lots of cards or cash transactions to happen EV SSL can be handy. However, for blog sites and small businesses it is suffice to do with Organization Validated SSL. For firms having multiple domains the prices will increase as per usage. So it is best to consider in advance what you really need for your website as in the long run it has to be used for your business.