Any time that a web page asks you for sensitive information, you want to be able to identify if the page is secure or not. The ability to recognize a secure web connection is extremely important.
The Quick Answer: Look At Your Address Bar
Most internet traffic takes place between a browser (like Firefox, Chrome or Internet Explorer) and a server. Both the browser and the server need to have the right tools in place to protect sensitive information in transit by encrypting it. The industry standard for encrypting traffic is SSL (also known as SSL/TLS), and a browser will confirm that it has made a secure SSL connection to a server in one (or more) of the following ways:
– A web address using “HTTPS” (The extra “S”means it’s a secure connection.
– Secure sites show a closed padlock emblem you can click on for security details – the most trustworthy sites will have green padlocks or address bars.
– And browsers show warning signs when the connection is NOT secure – like a red padlock, a padlock that is not closed, a line going through the website’s address, or a triangle on top of the padlock emblem.
The Longer Answer
When you visit a web site, information is sent from your computer to the web server and from the web server to your computer. The transmission of this information is broken down into packets which are normally sent unencrypted, and each packet can traverse many networks to reach its destination. Although this means that packets can be routed for the fastest path, this also means that anyone in that path could
You can run a traceroute to see just how many machines your information traverses. The command for Windows users is tracert and in this example we’ll see what our path is to google.com:
1) On your computer, click Start, then Run (Or use the Windows key + R)
2) Type “cmd” and click OK (or press Enter)
3) Type in the command tracert google.com
4) Press Enter
Each listing in the window is a “node,” a networking term for any different computer, router or switch your packets might travel across. it is not uncommon to see as many as twenty or thirty hops from node to node- and each node represents a point at which your data might be captured. (Consider that the next time you type in a password or your credit card number.) Encrypting your data is a vital way to prevent malicious actors from sniffing important information from traffic they intercept. The Secure Sockets Layer (SSL) protocol — and its descendant Transport Layer Security (TLS) — was designed to provide seamless encryption for internet data.
SSL uses a complex system of key exchanges between your browser and the server you are communicating with in order to encrypt the data before transmitting it across the web. A web page with an active SSL session is what we mean when we say a web page is “secure”.
How can I tell if a web page is secured?
There are two general indications of a secured web page:
1) Check the web page URL
Normally, when browsing the web, the URLs (web page addresses) begin with the letters “http”. However, over a secure connection the address displayed should begin with “https” – note the “s” at the end.
Try it! – Visit our home page (http://www.ssl.com). Note the URL begins with the “http” meaning this page is not secure. Click the link in the upper-right hand corner to “Log in”. Notice the change in the URL? It now begins with “https”, meaning the user name and password typed in will be encrypted before sent to our server.
2) Check for the “Lock” icon
There is a de facto standard among web browsers to display a “lock” icon somewhere in the window of the browser (NOT in the web page display area!) For example, Microsoft Internet Explorer displays the lock icon in the lower-right of the browser window in older versions of Internet Explorer and on the right of the address bar in newer versions of Internet Explorer:
MS Internet Explorer Lock
As another example, Mozilla’s FireFox Web Browser displays the lock icon in the lower-left corner:
Mozilla FireFox Lock Icon
THE LOCK ICON IS NOT JUST A PICTURE! Click (or double-click) on it to see details of the site’s security. This is important to know because some fraudulent web sites are built with a bar at the bottom of the web page to imitate the lock icon of your browser! Therefore it is necessary to test the functionality built into this lock icon. Furthermore, it is very important to KNOW YOUR BROWSER! Check your browser’s help file or contact the makers of your browser software if you are unsure how to use this functionality.
Try it! – Visit our home page (http://www.ssl.com). Click the link to “Log in” to initiate a secure session. Note the lock icon display in YOUR browser. Click the icon, or double-click (varies by browser), and examine the security information displayed about the web site. If there is no display at the bottom of your browser try clicking “View” in the main menu and make sure “Status Bar” is checked.
Other Indicators of a Secured Web Page
Many SSL Certificate vendors (Verisign, GeoTrust, SSL.com, etc.) also provide a “site seal” to the owners of these web sites. Common characteristics of these site seals include:
High Visibility – Online merchants want you to see these site seals. They want you to know they have made every effort to make their site a safe shopping experience. Therefore, the site seal is usually located where you, the customer, can easily see it.
Difficult to Duplicate – The site seals are designed to be difficult for thieves and scammers to duplicate. Many times the site seal will have a date and time stamp on it.
Verification Functionality – The site seal should have some functionality whether by clicking on the seal or by hovering your mouse over the seal. The functionality should display detailed information about the web site you are visiting.
These site seals should not necessarily be trusted on their own, but should serve as a reminder to “investigate further”…
1) Check for that “https” in the prefix of the web page address.
2) Click on that “lock icon” in the status bar of your browser.
If everything looks good, the company or individual(s) running that web site have provided you with a safe means of communicating your sensitive information. The web page is “secure”.