7 myths about HTTPS and SSL Certificates busted

The basic interface through which you make use of the internet. You visit a website almost every time you use a browser. You may have noticed that there is a string of words that precede the address of a website. This is either HTTP or HTTPS. The HTTP stands for HyperText Transfer Protocol. This is the protocol over which data is sent between your browser and the website that you are using. HTTPS stands for HyperText Transfer Protocol Secure. This is the secure version of the protocol and this ensures that the connection between your device and the site is secure.

Secure connections are established on the web by using a secure sockets layer (SSL) certificate. There are a lot of aspects about this that have been blown out of proportion thanks to the myths that prevail about the same. Let’s take a closer look at the same to understand it a little better.

Only E-commerce Sites Need SSL

While it is true that E-commerce sites will have secure connections established. Encryption is important for any site. Google by default displays a secure version of a site. Google Chrome who visit a site that does not have an SSL certificate will see a warning page. This will let them know that the page is not secure.

SSL has no effect on Web Traffic

The cold, hard truth is that no one stays too long at a page if Google tells them its dangerous. The first thing that pops up into someone's head when they see a warning is often something sinister, like being targeted by hackers.

Google also tends to list pages higher if it is found to implement proper security measures.

SSL will slow page loading

HTTPS refers to HTTP/2, this is a variation of the standard HTTP protocol. It was designed to have a 50 percent reduction in page load time. This is done through compression of data and reduction of processes involved.

Even if there is a reduction in speed, this will be in the range of milliseconds.

SSLs are the most advanced type of encryption

The successor for SSL called TLS has been around since 2008. It fixes a lot of vulnerabilities present in SSL certificates. However, it has been primarily used for sites that require payment details or manage your money.

SSL certificates are expensive

There are plenty of services that are free to use which allow you to obtain free SSL/TLS certificates. Let's Encrypt and Encryption Everywhere is two of the notable ones.

SSL certificates encrypt all data

The only thing that SSL certificates do is make sure that the data is encrypted when it is being transferred. This in no way provides any guarantee as to whether the data is protected when it is in the web server.

SSL encryption is perfect

SSL certificates can and have been compromised. Heartbleed is one such vulnerability in SSL certificates that was revealed in 2014. Although they can be trusted to a certain extent, it should be kept in mind that no system can be perfect.