How protocols differ - the difference is in security
You may have noticed that some links start with HTTP and others with HTTPS. In this article, I will explain what these letters mean and how they differ from each other.
All web pages are stored on a specific server. Every time you visit the site, the browser finds the server you want, downloads the page content and displays it on the screen. In cases where the site requires a username and password to log into an account, the browser sends data to the server, and the profile is entered.
The transfer of user data is protected. For this, protocols have been developed that describe the rules for transferring information about the user and from the user.
HTTP (HyperText Transfer Protocol) is a protocol that is responsible for the correct transfer of data on the network. With its help, the browser loads the pages, and the server receives the information entered by the user. Information is transmitted via the HTTP protocol in its usual form.
Let's consider a specific example.
You go to the site to fill out a questionnaire from a company whose services you have been using for more than a year. If the site uses the HTTP protocol, then all the information in the filled fields will be received not only by the company manager, but also by hackers who might (conditionally) need to know which detergent from the new collection you liked the most.
An unrealistic scenario can be transferred to a perfectly possible picture. Imagine that instead of a questionnaire, you need to enter your bank account details. And here already hackers may really be interested in intercepting data.
And at some point, they decided to improve the system.
HTTPS (Secure HyperText Transfer Protocol) is the same protocol, only with a security add-on. Before sending data to the server, the browser encrypts the information. A key is required to read the information. It is stored on the server. Cryptographic encryption (as it is called) prevents fraudsters from reading information. Well, only if the hacker does not go through all the possible keys, which will take years of vain attempts.
What is our story with a survey and laundry detergent on an HTTPS-encrypted website?
You open the same survey, only on an encrypted website, fill in the same fields, but the fraudsters receive a cipher that cannot be manually translated into the required information.
Let's transfer all the same to the site with bank accounts. You enter the login qwerty123 and the password bank000. What can a hacker intercept? Login 3G7n8l1a and password P8h2n1J6. Of course, this is conditional.
The fact is, HTTP would show the exact information you entered, but HTTPS would only show the cipher.
The value of HTTPS mainly lies in the fact that Google approves of additional protection of user data, and therefore contributes to higher ranking of sites on HTTPS.
What does this mean for the user?