HTTP and HTTPS are both responsible for providing a channel where data can be transmitted between your device and a web server so that normal web browsing functions can take place. The difference between HTTP and HTTPS is the s at the end of the latter. However, even though only one letter differentiates them, it’s indicative of a huge difference in how they work at the core. In short, HTTPS is more secure and should be used at all times when secure data needs to be transferred, as in the case of logging into your bank’s website, writing emails, sending files, etc. So, what do HTTPS and HTTP mean? Are they really that different? Keep reading to learn more about these concepts, including what role they play in using the web and why one is far superior over the other.
What Does HTTP Mean?
HTTP stands for HyperText Transfer Protocol, and it’s the network protocol used by the World Wide Web that lets you open web page links and jump from one page to the next across search engines and other websites. In other words, HTTP provides a pathway for you to communicate with a web server. When you open a web page that uses HTTP, your web browser uses the HyperText Transfer Protocol (over port 80) to request the page from the web server. When the server receives and accepts the request, it uses the same protocol to send the page back to you. This protocol is the foundation for large, multi-functioning, multi-input systems—like the web. The web as we know it wouldn’t function without this bedrock of communication processes, as links rely on HTTP in order to work properly. However, HTTP sends and receives data in plain text. This means that when you’re on a website that uses HTTP, anyone listening in on the network can see everything that’s being communicated between your browser and the server. This includes passwords, messages, files, etc.
What Does HTTPS Mean?
HTTPS is very similar to HTTP, with the key difference being that it is secure, which is what the s at the end of HTTPS stands for. HyperText Transfer Protocol Secure uses a protocol called SSL (Secure Sockets Layer) or TLS (Transport Layer Security), which essentially wraps the data between your browser and the server in a secure, encrypted tunnel over port 443. This makes it much harder for packet sniffers to decipher, unlike HTTP. TLS and SSL are especially useful when shopping online to keep financial data secure, but they’re also used on any website that requires sensitive data (e.g., passwords, personal information, payment details). Another benefit of HTTPS over HTTP is that it’s much faster, meaning that web pages load more quickly over HTTPS. The reason for this is because HTTPS is already understood to be secure, so no scanning or filtering of data has to take place, resulting in less data being transferred and ultimately quicker transfer times. The easiest way to know if the website you’re on is using HTTPS is by looking for https in the URL. Most browsers put a lock icon to the left of the URL, too, to indicate that the connection is secure.
HTTPS Doesn’t Protect Everything
As important as it is to use HTTPS whenever possible, and for website owners to implement HTTPS, there’s a whole lot more to online security than just choosing a secure web page over an unsecured one. For example, HTTPS doesn’t help much in phishing cases where you’re fooled into entering your password into a fake login form. The page itself may very well use HTTPS, but if on the receiving end of it is someone collecting your user information, the secure protocol was just the tunnel they used to do it. You can also download malicious files over an HTTPS connection. Again, the connection protocol used to communicate with the web server doesn’t speak at all about the data it’s transferring. You could download malware all day over a secure channel; HTTPS will do nothing to stop it. Something else to remember about web security in terms of HTTPS and HTTP is that the network protocol doesn’t protect you from hacking or over-the-shoulder snooping. As obvious as it might seem, you still need to create strong passwords for your accounts—ones that are difficult to guess—and log out when you’re done with an online account (especially if you’re on a public computer).