Detox-Comic

Are you logging in to websites securely?

Summary

Do you know what the difference is between a secure and non-secure web page?

How to check that you are logging into web sites using a secure connection

By default web sites use the HTTP protocol, which is not secure. Any web site that requires you to supply login credentials SHOULD offer you a login page that uses the HTTPS protocol. Note the 'S' at the end indicating a secure http connection.

Not all web sites offer secure connections, possibly assuming that they don't need to as they are not recording your financal data. Some do offer a secure connection but not as the default. For instance at the time of writing everyone knows the address: http://www.facebook.com, but most don't know that you can type an 's' after the http to force a secure connection with the address https://www.facebook.com.

What I like to do is to go to each of my bookmarked web sites that require you to log in and add the 's' to see if they do offer a secure login, and if they do I update each bookmark to point to the secure address rather than the default one.

A further issue is that after logging in securely some sites drop you back out of a secure connection. There is nothing we can do about this other than maybe contacting the sites owners asking for a secure connection to be available for their web site by default.

Other checks that you can use to identify secure web pages

As well as looking for HTTPS in the web address there are several other visual clues that a web page is secure. The first is the presence of the padlock icon on your browser. This indicates that the current web page is using a secure connection. If the padlock icon has an exclamation mark in it then it is telling you that there are some non-secure items on the same web page such as adverts or other content.

Another visual clue is a coloured box (usually green) at the start of the web page address in the browser window. Clicking on this box should provide details about the security certificate and signing authority used to verify the website. This is usually the same information that can be retrieved after clicking on the padlock icon.

A further visual clue, is the change in colour of the web page address box.

Summary

Always make sure that you are using a secure connection when you log in to a web site where one is available.

Note: The S in HTTPS stands for Secure and uses SSL which stands for Secure Sockets Layer.

If you have any feedback regarding this article, or you have a suggestion for a new article, or just want to say thanks for the info then feel free to drop me an email at dave@detoxcomic.com.

Article date: 19th January 2011

Click here for more articles