Video coming soon
HTTPS, SSL, and TLS
Visual · https_padlock
A browser address bar showing a green padlock icon next to a URL starting with "https://".
The Padlock in Your Browser
Every time you look at the top of your web browser, you see a tiny padlock icon next to the URL. That little icon represents one of the most important security protocols ever invented. Without it, the modern internet—online banking, e-commerce, and private messaging—would completely collapse.
1. HTTP vs. HTTPS
Historically, the internet ran on HTTP (Hypertext Transfer Protocol). The problem? HTTP sends all data in Plaintext. If you logged into a bank using HTTP, anyone on your Wi-Fi network could literally read your username and password flying through the air. HTTPS adds an "S" for Secure. It takes standard web traffic and wraps it in a layer of heavy encryption.
2. SSL and TLS (The Engines Behind the S)
How does HTTPS actually encrypt the data? It relies on cryptographic protocols called SSL (Secure Sockets Layer) and its modern replacement, TLS (Transport Layer Security). When you connect to a website via HTTPS, your browser and the website's server perform a rapid digital handshake. They use Asymmetric encryption to verify each other's identities and securely exchange a Symmetric key to encrypt your browsing session.
3. What HTTPS Does NOT Protect
It is critical to understand the limitations. HTTPS only encrypts the data in transit. It protects you from the Wi-Fi hacker. However, it does not mean the website itself is safe. A scammer can easily buy an SSL certificate and set up a malicious, fake Amazon website with a padlock icon. The padlock only means your connection to the scammer is securely encrypted; it does not mean the scammer is trustworthy!
Pro-Tip: Never Ignore Certificate Warnings
If your browser ever throws a massive red warning screen saying "Your connection is not private" or "Certificate Invalid," Stop. Do not click 'Proceed anyway.' This usually means a hacker is actively trying to intercept your connection (A Man-in-the-Middle attack) using a fake digital certificate.
Knowledge Check
You are visiting a website with a valid HTTPS connection and a padlock icon. Does this guarantee that the website is a legitimate, trustworthy business and not a phishing scam?\n\nA) Yes, hackers cannot get padlock icons.\nB) No, HTTPS only encrypts the traffic; a scammer can still have a secure, encrypted connection to their malicious site.\nC) Yes, but only if you use a VPN.