Google Disrupts Internet Security16 Nov
With online and Internet security all over the headlines these days, it’s important to take some time to understand some of the terminology and nuances of online security. Best practice dictates an understanding of the security utilized by websites and browsers across the World Wide Web. Also, keeping up-to-date on the latest news that could affect your browsing habits is key – for example, the tweaks Google made to its popular Chrome browser.
A team at Google is aiming to disrupt these standalone security beacons by creating easier-to-comprehend notations next to secured and unsecured websites versus the regular HTTP/HTTPS listing. And, considering visits to secure websites stand at 50% or less of the total sites viewed by users across operating systems, Google has a lot of work to do. To understand the base of these changes, we must first explore the SSL and TLS protocols before moving on to HTTPS:
SSL – Secure Sockets Layer
SSL describes secure communication between websites – essentially, it is a cryptographic protocol that authenticates the counter-party with whom it’s communicating. SSL certificates are used in web browsers (of course), e-mail, online message, and VoIP in order to give users a secure connection.
TLS – Transfer Layer Security
TLS is often referred to as “SSL 3.1” due to the similarities between the security protocols – the difference is that TLS is an “open” secure protocol to be improved over time. TLS also uses a cryptographic protocol to authenticate other parties on the web, like web browsers and e-mail.
With these definitions in mind, how does HTTPS round everything out?
HTTPS – Hypertext Transfer Protocol Secure
HTTPS is defined as a protocol for secure communication over a computer network and used in addition to SSL/TLS. Originally used for secure payment transactions, HTTPS spread throughout the entire Internet so browsers and other applications could conduct necessary verifications.
Google is turning web security on its head by utilizing color-coded “secure” or “not secure” notations next to the web address, allowing users to determine the security of the site they’re visiting. By next year the team hopes to begin flagging those sites that aren’t using standard security protocols like the ones explained above. Overall, the changes may be slow-going but the reward at the end of the project will be worth it for users worldwide.