Imagine you are at a public swimming pool with some friends. You’re enjoying some conversation and banter on the side of the pool while people walk by on the pool deck, or screech and splash in the water a few feet away. Likely, no one is listening to you because they are engrossed in their own conversations or in their attempts to dunk their friends. But because you’re in a public place, anything you and your friends say to each other can be overheard by anyone passing by. No big deal if you’re just joking around. But it would be silly to hammer out business deals or share your credit card number in a place where a clandestine eavesdropper might easily hide in the fake shrubbery beneath the waterslide, or bob mostly-submerged just feet away.
Put a cork in your would-be eavesdroppers
But that is what an unsecured website is like. The internet runs on “HTTP” requests, which are unsecured messages sent between your browser and a website’s server, much like conversations between friends on a pool-deck. Easily intercepted with very little effort.
To solve this problem, people started installing security certificates on their servers, which transform the information passing between your browser and the server into a bunch of alphanumeric garbage that is completely unreadable without the specific encryption key. In the pool-side scenario, it would be like you’re chatting with your friends in some unintelligible language like Ancient Kryptonian. People can listen all they want, but they won’t be able to make heads or tails of it. With the use of a security certificate, a regular HTTP request turns into an “HTTPS” request, or a “secure” request.
Web security is easier and more affordable than ever before
In the olden days of even 5 years ago, most websites didn’t bother with security certificates because certificates were costly, and the tricky work of data-encryption would sometimes slow down a website’s performance. Online banking and other sensitive-information websites took the plunge, but they were a tiny minority. But a lot has changed in 5 years.
In 2015, HTTP underwent an enormous overhaul with the emergence of HTTP/2. This upgraded HTTP request prefers secure connections, resulting in huge speed increases for secured websites. Wishing to hasten the spread of HTTP/2, search providers like Google began flagging unsecured websites, and awarding better search rankings to secured ones.
In addition, organizations like Let’s Encrypt and Cloud Flare have made it really easy (and free) to equip your website with top-notch security certificates. Back in 2014, only 27% of the web was secured, while today we are approaching 80%, with over 32% running on fully-fledged HTTP/2 connections.
From simple blogs to government websites, web security isn’t just for banks anymore. It’s never been easier to lock down your data. With so much of our lives conducted on the internet these days, why risk doing anything over an unsecured connection?