Non-secure HTTP

In recent months, you may have noticed browser icons and messages like these...

What's going on?

Earlier this year, certain browsers began to warn users when they visit a login page that doesn't use https. Https is a secure version of the http protocol used to pass information between websites and browsers and is commonly used by websites passing usernames/passwords, credit card information, and other sensitive information.

There is a big push to implement https on all websites to help keep users' browsing and personal data secure. Not all websites currently use https, and it will take time to convert them. You may have already noticed some websites managed by SCLS have not yet made the jump, but some like LINKcat and the ecommerce payment website DO provide secure connections. In upcoming months, we will be working on converting more of the SCLS-managed sites.

In the meantime, remember: never (NEVER!) enter your credit card, social security number, bank information, or other super-sensitive information on a website that is NOT https.  ALL banking, tax, financial, and retail sites should provide https for security.

Want to know a little more about https and secure websites? Take a look at this short but informative 3-minute CommonCraft video!

Additional reading
A short tutorial on your browser's security features: http://www.gcflearnfree.org/internetsafety/your-browsers-security-features/1/
Mozilla's and Google's blog posts about https:

• Mozilla (Firefox) - https://blog.mozilla.org/security/2017/01/20/communicating-the-dangers-of-non-secure-http/
• Google (Chrome) - https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html

Comments

You can follow this conversation by subscribing to the comment feed for this post.

Thanks for this, Kerri!

Posted by: nichole | 06/29/2017 at 08:25 AM