Is it worth spending $$$ for that SSL?
You might have noticed that the ubiquitous “http://” website prefix has mostly been replaced these days by “https://” — and on the rare occasions when it’s not, you might get a severe-looking warning at the top of your web browser letting you know that it can’t verify the safety of whatever site you’re visiting.
But does that mean that it’s actually dangerous to visit that website?
And is it important for you to obtain the extra “s” for security on any websites you’re building?
First you might be glad to know that you can feel pretty confident, no matter what: Most modern web browsers will actually prevent you from landing on URLs that they sense to be truly dangerous to your computer. So if you’re allowed to proceed, even if you get a paranoid feeling that you’re “proceeding at your own risk” — there is no reason to think that your browser and all of its algorithmic smarts actually suspects that there’s a risk.
So not having it doesn’t mean that your site is risky, or that you’re at risk by visiting an unsecure site. But on the flip side, having it does mean that the site is secure. That it’s swept and vetted and your browser will feel confident telling perfect strangers that they’ll vouch for you. And that’s a nice feeling always, right?
What Does “Security” Actually Mean?
The “s” for “security” in your special “https://” address actually means that your website has an SSL Certificate. And that means the data on your computer — the kind that could be relayed via your browser — won’t be communicated to the website (or, more specifically, that the website isn’t some kind of personal data vampire trying to suck it up through the ‘net).
How can that be known? Well, anyone who wants one of those fancy letters for their web address has to go through a validation process. The kind you’re hoping for is the Extended Validation, which is indicated by a green bar on your browser, as well as a lock symbol.
But at the end of the day, protecting the website from getting access to your credit card information and bank password (such as via phishing) doesn’t necessarily mean, for certain, that the website doesn’t contain any kind of virus, for example. And of course, the web isn’t going door-to-door shaking hands, conducting background interviews, and looking up criminal records for people who own and operate websites, either. If they’re doing something illegal, like trying to sell you counterfeit wares, the SSL Certificate isn’t going to keep them from doing that.
You can only depend on the fact that your browser is (or should be) robotically trained to keep any truly suspicious websites from even opening on your computer. So they’ll never give or take anything from you, period.
As for whether or not you should spend the extra cash to obtain that “s” for your web address, well … the better question might be asking yourself how educated your intended visitors are on website security, and whether you’re willing to risk losing them when their browser turns red.