Cybersecurity Insight

The Land of The Free SSL Certificate

17 Sep

In a few recent posts we discussed some of the finer points about safely browsing the Internet, as well as what to look out for including HTTP vs. HTTPS and what makes a website secure. SSL certificates were a large part of that discussion and are becoming increasingly important for website owners and visitors alike, including sites like social media.

While online shopping is becoming the method of choice for many people over traditional retailers, there is one aspect that truly escapes the average online shopper. Security. We inherently trust those who sell online, we believe there are regulations or rules in place that make shopping online a safe and secure endeavor. However, what many of us don’t know is that while there are some rules and regulations in place, the online marketplace is essentially the wild wild west.

It’s not necessarily required that a website use a secure or encrypted connection when taking your payment information. For instance, some “mom and pop” type shops may just have a traditional contact form that includes fields for your credit card information. They don’t use payment gateways like PayPal or BrainTree to handle the payment or use SSL to encrypt the data when it is sent. This is a recipe for disaster.

You would think that as technology has progressed we would be privy to these types of things, or that our government would make more stringent rules for online retailers. The sad truth is many online retailers resist changes, since their bottom lines have done so well without them.

On top of that, there are a few reasons many websites do not use encryption, even in a progressive technology landscape:

  • They simply don’t know how to obtain the proper certificates for their website
  • The cost of certificates
  • The cost of payment gateways and credit card fees
  • Lack of technical knowledge to implement these measures

While many, many people have adopted the latest technology such as smartphones, laptops, and tablets they really don’t know how everything works. You can now “build your own website” and watch movies on your devices, so why bother to ask how it all works.   Of course, most of us aren’t technology gurus, and it would be over our heads, but it never hurts to ask.

That said, there is a group out there trying to change the way we think about online security. A project known as Let’s Encrypt is attempting to make it easier for e-retailers and shoppers alike to be more secure online. Let’s Encrypt is run by the Internet Security Research Group and backed by many major technology players such as Mozilla (Firefox) and Cisco among others.

The project aims to give web masters a way to encrypt their websites without any cost. In this case SSL certificates would be completely free of charge. Currently, the cost of an SSL certificate can range from $20-$30 to several hundred or more. Some hosting companies do offer SSL with the purchase of a hosting plan, but these certificates are often outdated.

Let’s Encrypt’s certificates require additional steps, such as installing a root certificate so that your browser will recognize the SSL/TLS. However, this is just a temporary issue according to the project’s director, and within a month or two the free certificate will be recognized by almost every modern browser.

Online security is no joke, and is an increasingly important part of the technology world. We all assume that the Internet is “safe” or that what we do is private; but that’s really not the case at all. SSL certificates for every website is a step in the right direction, but we still have a long way to go to ensure that our online lives remain safe and secure, whether we’re shopping for diapers or making massive stock trades.