SSL (Secure Sockets Layer) is an encryption technology that creates a secure connection between your web browser and a web server. It stops eavesdropping and in essence is what banks and ecommerce sites use (or should use) when handling your personal information.
How do I know if a site has an SSL certificate?
It is really easy to see if a connection with a site is secure by looking at the website’s URL. A standard webpage, (such as this one) which is unencrypted, will have a URL that starts http:// while an encrypted URL begins https:// (the ‘s’ standing for secure). A lot of web browsers will also make this subtle change a little more obvious by adding a padlock to the web browser.
You may have seen some sites that have an address bar that is filled green.
This doesn’t actually mean that the connection is any more secure than a standard SSL connection but denotes that the company has been ‘vetted’ extensively to ensure that they are who they say they are.
What sites need SSL?
It is possible for any piece of data transmitted over the Internet to be seen by others unless it is secured by an SSL certificate. Obviously you don’t what your bank details transferred over an unsecured connection so all banks and ecommerce sites will have an SSL certificate.
Note: Some companies use PayPal to process payments in which case they don’t need an SSL certificate.
Any site that exchanges personal information, especially your password, should really have an SSL certificate.
Why are some SSL certificates so expensive?
This is a common question to ask. People seem to automatically think that you get what you pay for. A $600 certificate must be better than a $10 certificate, right? No, they all offer the same level of protection. The key thing is trust. People trust some names, for example VeriSign, which is used to secure the majority of banks. Having said that, I’m guessing that you probably haven’t heard of VeriSign. Hopefully the following should ring a bell?
You have probably seen these images (seals) on your travels around the Internet.
Do you need an SSL certificate?
If you are a website owner considering buying a SSL certificate continue reading.
When is SSL Important?
You should be using SSL whenever you transfer sensitive/private data over the Internet. The obvious example of this is if you own an ecommerce site or bank (I highly doubt that a bank will be reading this post). Some people go a bit over the top and won’t even enter their name into a website unless the connection is secure. In reality, you need to put yourself in the shoes of the consumer. Could they afford the details provided to your site to be intercepted? In the case of a postal address this is probably tolerable but not their bank details.
The key to your decision is whether the consumer will trust your website. Having an SSL certificate is one small part of building the consumer’s trust. The average consumer probably won’t have heard of SSL but they know that a padlock appearing next to a site is good.
Don’t rely on SSL
It is important to remember that SSL doesn’t actually secure your website, only communications to and from it. You should always follow industry standards when storing personal information and comply with any laws when storing payment details. SSL will not protect you if:
- The server is attacked directly – therefore always follow best practices and make sure all software is up to date.
- The user’s computer is attacked directly – a virus on your user’s computer can steal personal information before it reaches the Internet. To overcome this, use good anti-virus software.
Should I use SSL if I don’t need it?
No, SSL has a number of disadvantages if it is not required.
- Speed – Using an SSL connection is slower as all data needs to be encrypted and decrypted putting extra strain on the web server. SSL not only secures sensitive data it will need to secure everything on the page. This includes images and style sheets that don’t need to be encrypted.
- Administrative burden – SSL certificates aren’t free and need to be renewed on a regular basis (usually annually). Some types of SSL certificates require additional paperwork to verify a website’s identity and sometimes the company’s identity. They also require a dedicated IP address which will likely be at an additional cost from your web host.
Hopefully you now understand that SSL certificates can be essential for some applications but are best avoided when not required. Make sure you remember that SSL isn’t the only type of security you should think about and always follow best practices for storing personal information.