The difference between HTTP and HTTPS websites
You may or may not have noticed "HTTPS" showing up just before the URL in your browser, often highlighted in green. In case you're among those who haven't seen it, go for a quick glance now on your browser. You'll either see HTTP or HTTPS.
Sometimes, with browsers like Chrome, you’ll also see a lock or green secure label that indicates you’re browsing an HTTPS-enabled site.
But just what is it? HTTPS is an evolution of the age-old internet protocol HTTP or hypertext transfer protocol – the foundation which enables computers to send or receive information and data from one another on the internet. HTTPS is HTTP with the "S," which stands for security, and in a nutshell, makes it harder for malicious entities other than the intended computers to read the information being sent. Below is a more detailed explanation of it.
What’s the difference between HTTP and HTTPS?
HTTP is what servers, browsers and remote devices use to facilitate the transfer and retrieval of data packets. When you visit a website or URL, a remote server sends your machine data packets, or chunks – bits of code that the common human eye won't be able to comprehend. When these chunks arrive on your computer, they are then converted or rebuilt on your web browser, resulting in the page you can read and see.
This process is an efficient way to deliver web content, which can amount to hundreds or thousands of megabytes of data at a time.
HTTPS, the more secure version of the protocol, has an extra step in between sending and receiving data packets: an encryption process that secures any and all data being synced. On HTTPS, data packets being sent are "locked," which only the intended computer can unlock. HTTPS encryption relies on a secure process that prevents unauthorized eyes to access content or data.
On HTTP, there is no lock. At any point, a malicious entity can intercept the data packet and rebuild and read the contained information. All information and content sent via this method are in clear text. If a hacker or tool is on the other side of a connection monitoring, collecting and storing this data, they’ll end up with some incredibly sensitive and damaging information – passwords, bank account details, credit card information and the like.
That’s why a lot of online stores, forms and services now use HTTPS instead of HTTP. Given that, you should follow this rule whenever you're shopping online or filling out forms that require you to input sensitive information: look at your address bar and see if it says HTTPS. If it doesn't, don't put in your information or avoid transacting with that website.
Google, one of the biggest data-driven companies, is among the technology's biggest supporters. It announced in March 2016 that they had successfully encrypted about 77% of their traffic data. They’re currently gunning for that number to jump to 100 percent.
The goal is to ensure all customers, brands and organizations are protected under the new HTTPS security measures, especially in light of all the recent, high-profile data breaches and attacks. Its browser, Google Chrome, also puts out a warning message when users visit a non-HTTPS site that tries to collect information.
Why is HTTPS catching on now?
As the technology grows and more efficient internet standards are adopted, especially to make optimizations for mobile, companies are shifting to HTTPS.
Most of this change is because those new, speedier standards explicitly require a secure HTTPS connection over a non-secure one. Technology companies are also pushing the use of HTTPS; data breaches are costly for them too – not just money-wise but also reputation-wise.
As more consumers become more aware of HTTPS, companies will be wise to adopt to the new standard or risk losing customers or users. Consumers who know the big security gap between HTTP and HTTPS websites, will know that it's unsafe to provide sensitive information on non-HTTPS websites. – Rappler.com