Quite often, people using the Internet will need to send or receive information that may be confidential or sensitive. The quickest and easiest solution is to use an encrypted webpage or website address – and for this we turn to SSL, or Secure Sockets Layer.
SSL is a standard and very widely used method of making sure that only the website at one end and the Internet user at the other can view a webpage or send/receive information. Frequently, there is little to indicate that your Internet 'session' (ie. the communication between website & user) has changed from a normal, open, un-encrypted one to an SSL-protected encrypted one. However, there is a critical indicator that everyone should know about and always check - web browsers use the padlock symbol to show when a webpage has been encrypted.
In Internet Explorer, this is a yellow padlock in the bottom right-hand corner of the window – in the 'status bar' area. If you do not see a status bar, click on “View” in the menu at the top of the Internet Explorer window and click “Status Bar”. In Firefox, this is also a yellow padlock bottom right, but the padlock is additionally shown at the right-hand end of the website address at the top of the window. Similarly in Firefox, if there is no status bar to be seen, just select “View” and click on “Status Bar”. The additional padlock display in the website address area ensures that people cannot be tricked just by turning off the status bar.
Other browsers will be similar, but in all of them, the point is that it is immediately obvious that a secure connection has been established. No padlock, no encryption, regardless of what the webpage says. For a secure connection to be set up, the website has to have an SSL certificate – this is the equivalent of a birth certificate for the website, proving who it is. The SSL certificate will contain the name of the website the certificate relates to, and that name must exactly match the name of the website you are looking at. No match, no encryption, no padlock.
Sometimes, you may see a warning pop-up window that says the name on the certificate does not match the name of the website, and asking you whether to trust the website or not. Be careful that you make the right choice if this happens. Professionally run businesses should not be using inappropriate SSL certificates. You may also see a warning pop-up that the SSL certificate matches the website, but it has expired (SSL certificates need to be renewed regularly by the website operator, at a cost of around US$100). You may also be connecting to a valid website that has a range of different website names but only one (or a few) SSL certificates – try https://hotmail.com to see an example.
Lookout too for the website address to start with “https” (note the 's' on the end, for 'secure'). This is not always the case, but most of the time the address will use it, and in this case the link should also be encrypted using SSL. But beware any images or messages inside the webpage that say it is encrypted – the padlock is the one to believe!
Any IT questions & comments? Email
- Tony Phelps is part of the Merlin Pacific IT team, dedicated to effective & efficient business IT
