HTTPSLast month, Google announced a change to its Chrome browser that would clearly show the user that they are browsing on an unsecure site by showing a red padlock with an “X.” This update by Google, along with other companies’ updates, is part of an effort to Encrypt All the Things, a huge push toward HTTPS and creating more secure forms of web browsing. While HTTPS may be something that you’ve heard before, you may not completely understand what it is and why it’s so important. To help you better understand, we take a look at HTTPS and how it impacts you.

What does HTTPS mean?

HTTPS is a modification of the HTTP (Hyper Text Transfer Protocol) standard used to allow the exchange of content on the Internet. The “S” stands for secure, which means the HTTP connection is encrypted — preventing exchanged information from being read in plain text, or “as you see it.” Even if someone were to somehow obtain the encrypted data shared in the exchange, it would be nonsense with nearly no means of decryption to retrieve the original content. Think of HTTPS as locking a door before starting a meeting; only the parties in the room can see what is happening.

Why is HTTPS important?

Generally, unsecured HTTP activity can be read by anyone on the same network, such as your Internet service provider or people you share access with on a home network. But if your device, network or the website you’re using is compromised – or if you’re on an unsecured public network like at a coffee shop – this activity can be seen by anyone. While your information may not be in danger at home (assuming your network is protected with a strong password), unsecured networks may make you susceptible to scammers or other malicious individuals. So HTTPS is a means of ensuring privacy, security and a way of authenticating that the site you’re on is the one you intended to visit. It should be noted that you’ll want to make sure that all pages of the site are secure (or start with HTTPS), as some websites may only encrypt the login page.

How do I know if a site uses HTTPS?

You’ll generally notice that any legitimate website where you have to enter personal information, such as your bank’s website or email provider, will use HTTPS. Other sites, like news websites, do not use HTTPS, as they are not collecting any of your personal information. The easiest way to tell if a site is secure is to check for the HTTPS at the beginning of the URL.

Another helpful tool is to choose a modern browser like Google Chrome or Mozilla Firefox, which make it easier for users to know what type of connection they’ve established with the site they’re visiting. Almost universal among browsers is the green padlock (or simply the color green) in the leftmost part of the address bar. That said, browsers may have different ways of rendering other types of connections. For example, Chrome only gives the green to HTTPS connections that use the most modern type of encryption (SHA-2), while other forms of HTTPS will simply have a grey padlock or a red padlock for an unverified HTTPS connection. To see how your browser notes connection types, go to your browser’s home page or help guide.

This feature of modern Internet browsing is meant to empower you, so make sure to take advantage of it. While not all HTTP sites are bad, you should be suspicious of entering your information onto a web page with only a HTTP type connection. It should be noted that a lot of websites use HTTP on front and splash pages, but switch to HTTPS on pages where you’ll have to share personal details. Most browsers also note something called EV or extended verification, which means that the site had its identity verified by a third party – a certificate authority – and the site is owned by the entity who claims to own it. Not all sites have EV, but all EV sites have HTTPS connections.

Is there anything else I should know?

Outside of paying attention to the connection status your browser reports, you’ll need to make sure you’re following basic cybersecurity practices for safe Internet surfing. You’ll specifically want to verify any hyperlinks before you click on them, and opt to not click if you’re not sure of the legitimacy. Also be on the lookout for typosquatting, which is a form of phishing designed to target people who type in a URL incorrectly. Here’s how it works: scammers will buy domain names that are similar to popular websites (e.g. vs. banking on the fact that people make mistakes. These fake websites are often so similar to the real thing that unless you catch your typo, you’ll end up “using” the fake site designed by a scammer. Once you interact with or log into this spam site, you’re exposed to malware designed to steal your information or take control over your computer.

It should also be noted that just because a site is secure, doesn’t mean it legit, as scammers are increasingly adding HTTPS to their sites in order to enhance their perceived authenticity. Because of this, you can’t simply rely on the green padlock to know if a site is safe. That’s why it’s important for you to make sure you’re typing web addresses correctly and consider protecting your computer or device with an Internet security software, as it will alert you to any potential fraudulent, phishing or scam websites before you visit the page.

Read our Internet security software reviews to find a service that suits your device and budget, and keep up with our identity theft protection blog to learn more ways to protect your personal information online.