Ask Professor Puzzler
Do you have a question you would like to ask Professor Puzzler? Click here to ask your question!
Historical note on this blog post: This question was originally asked and answered in 2005 - more than a decade ago! It became one of the most popular pages on the "Ask Doug" blog, and began circulating widely on the internet. As it went along, portions of it were modified, garbled, or even deleted, until eventually it came to the attention of those kind folks at Snopes, who wrote an article about this article, verifying the information within it. Imagine my surprise when one day my wife received her weekly Snopes e-newsletter, and at the top of the e-mail was my blog post!
The blog post has been moved to the "Ask Professor Puzzler" blog as part of our process of consolidation.
Question: I got an email from my * company, and it talked about logging in at their 'secure site', and it mentioned https and http. What is that?
Answer: HTTP stands for HyperText Transport Protocol, which is just a fancy way of saying it's a protocol (a language, in a manner of speaking) for information to be passed back and forth between web servers and clients. You really don't need to know what it all stands for; the important thing is the letter S which makes the difference between HTTP and HTTPS.
The S (big surprise) stands for "Secure". You probably didn't need me to tell you that, because you already knew it had something to do with security. If you visit a website or webpage, and look at the address in the web browser, it will likely begin with the following: http://. This means that the website is talking to your browser using the regular 'unsecure' language. In other words, it is possible for someone to "eavesdrop" on your computer's conversation with the website. If you fill out a form on the website, someone might see the information you send to that site.
This is why you never ever ever enter your credit card number in an http website!
But if the web address begins with https://, that basically means your computer is talking to the website in a secure code that no one can eavesdrop on. You understand why this is so important, right? If a website ever asks you to enter your credit card information, you should automatically look to see if the web address begins with https://.
If it doesn't, there's no way you're going to enter sensitive information like a credit card number!
It should be pointed out that just because a website has that magic "S" in its address, that does not mean it is wise to do business with them; even scam artists can have https sites! It simply means that no outsiders can eavesdrop on your conversation...doesn't mean you should be having the conversation in the first place. Only do business with reputable firms, or firms you have thoroughly checked out!