Why HTTPS is Important
The web is a magical and wonderful place, full of random knowledge, videos, memes and just about everything else in between. But sadly the internet is not safe and as web developers, we need to take security more seriously. The good news is that there are a number of simple steps we can take to make our websites more secure, one of which is enabling HTTPS.
What is HTTPS?
To understand HTTPS we need to step back and talk about HTTP and how the web communicates. HTTP stands for HyperText Transfer Protocol. It is the way two computers communicate with each other via an IP address.
One analogy I like to use is to think of HTTP as the GPS for the web. So when you enter a domain in your browser, it uses the HTTP protocol to get you to your destination. HTTP navigates the connection from one IP address to the other. This is done every time you visit a webpage.
So What's Wrong with Just HTTP?
Here’s the thing, when I mentioned that HTTP is like your GPS, I forgot to mention that it's like your GPS is connected to a loudspeaker. So when you type http://example.com you are in essence announcing to the rest of the world that you are going to this website.
Say now you are going to a website that requires a login. If your page is using HTTP and you are entering your username and password, you are now announcing to the world that not only are going to this website, but you are also announcing your username and password. Depending on where you are, say a coffee shop, it’s possible for someone to be able to “listen in” and compromise your information.
So Why the S?
To prevent people from listening in, HTTPS was created to ensure that your connection from your browser to the website is secure using protocol called SSL. Using our previous analogy, with HTTPS your GPS is silent and no longer announcing to the rest of the world where you are going. With HTTPS, your connection to the website is encrypted ensuring that no one is able to listen in on what you are doing.
Ok, How Do I Set Up HTTPS?
Great question! As I said before, now it's even easier for people to set up SSL. I personally use CloudFlare which offers free SSL certificates as well as other security benefits, or you can explore Let's Encrypt.
I'm Still Confused
If you still are not sure about https I recommend you visit this website to learn more about it. Or another way of thinking about it is that every year Apple comes out with a new iPhone model that is called the S series. It looks the same as the previous year’s model but it's better and faster. So when in doubt just know that HTTPS will always be better than HTTP and that you should do everything you can to ensure that your website has HTTPS enabled.