Ever came across a website that your browser reports as unsecure? Browsers have different methods of reporting a site as unsecure. Google Chrome, for example, shows a padlock before the URL of a secure website. FireFox and Safari employ similar measures to indicate that the website that you’re visiting is secure.
What does the padlock mean?
The padlock means that the website you’re visiting is secure. What does secure mean here? Well, secure means that the website has a security certificate (SSL/TLS) issued by a recognised and trustworthy authority.
Whenever you visit a website, Chrome (or whichever browser you’re using) expects an HTTPS prefix before the URL. If in case the browser doesn’t detect that, it indicates that the site lacks an SSL or TLS certificate and is unsafe to visit.
In this case, you are susceptible to phishing and data theft attacks. Any information exchanged between your device, and the server can be intercepted and hijacked. An example would be a man-in-the-middle attack, which hijacks data travelling between two machines on the internet.
The padlock also ensures that you’re visiting the real website and not a fake one designed to potentially phish your data. Duplicate pages of common sites don’t have security certifications and hence can be detected by browsers.
Should you heed the warning?
This warning is going to show up on any unencrypted website on the internet. What should you do if that happens? The answer to this question depends on what you’re visiting the website for.
Keep in mind that the data transferred between your device and this website can be intercepted. Even if the website doesn’t have any evil intentions with your data, it’s still at risk of being intercepted. So it’s recommended that you do not share your credit/debit card details on a website without a security certificate.
Security certificates are expensive to get and require thorough verification and frequent renewals. Not everybody who’s running a website on the internet is going to get one. There can be many reasons for that. You don’t need a security certificate if you’re running just a personal blog.
Note: ‘http://’ prefix means that the website doesn’t have a security certificate while ‘https://’ means they do.
This can, however, lower your website’s stats as the people visiting might see a warning page telling them the website isn’t secure. This may sound unfair, but Google’s decision of making HTTPS mandatory means that even smaller websites take care of your data.
When can the warning be bypassed?
You can easily bypass the security warning if you’re visiting a personal blog or something similar. If you are not going to enter any sensitive information on the website, you can bypass Google’s warning.
That said, you still need to be careful of your actions on the website. Just because you aren’t giving away your data to the website, doesn’t mean you can’t be compromised. Any malicious downloads and pop-ups can still release a malicious script or software on your device.
If you’re confused, it’s always advisable to not visit the website at all. It’s always better to search elsewhere instead of risking your security. It’s the world wide web after all.
Someone who writes/edits/shoots/hosts all things tech and when he’s not, streams himself racing virtual cars. You can reach out to Yadullah at firstname.lastname@example.org, or follow him on Instagram or Twitter.