Today we live in the advanced ‘Cyber Space’ where we all are connected through various means of Communications via using Internet. More than 99% internet users visit lot of websites includes Social Networking, Email Services, E-Commerce, Banking etc. where we pass our User Names & Passwords many a times each day. At the same time the problems of ‘Cyber Crimes’ are also rising up where most of the problems are related to the Hacking of the User Names and password. Today if we see, most of the websites are on http instead of https which is supposed to be a much secure protocol. That extra "S" in the URL means that your connection is secure and it's much harder for anyone else to see what you're doing. However, the question is that if HTTPS is more secure, then why doesn't the entire Web use it for security reasons?
HTTPS is used only by those sites that handle money, like your bank's website or shopping carts that requires financial information like Credit Card details or the Online Bank Details. For example if we talk about the websites of Banks, it is mandatory for every Bank to implement https on their website, as per the RBI guidelines. It is easy for anyone to capture your current session's log-in cookies in any insecure networks like your College/ Office hotspot or public Wi-Fi at the restaurants.
You might not mind anyone reading your messages on twitter or so. However, you never prefer anyone sniffing your User Name & Password. That’s why Twitter has announced a new option recently to force to HTTPS connection. However, it is available only for the Desktop Browsers and not available for the Mobile Browsers which is another issue.
Slowly and gradually the websites are moving on HTTPS but why not entire web should move towards it? That’s the question that was put in front of Dr. Anup Girdhar, (CEO-Sedulity Groups) during an interview. There are lot of issues due to which it’s taking lot of time to move from http to https completely. The major problem is the high cost which is to be paid to get the secure Certificate due to which most of the vendors do not prefer to move to https. The another problem which is also encountered is the slow performance hit when using https, said Dr. Girdhar.
Moreover, if you calculate the cost of running the https site, it is expensive as compare to the http site. An https website doesn’t work because it requires good Broadband speed and should be the Browser Compliant. It is possible with the Man-in-the-middle attack to crack the password on http sites, where https websites are comparatively more secured. However, the hackers are so advanced that they’ve even hacked the https websites as well, which has become the another security constraint for the W3C. Certain add-ons and plugins are available which simply recover the username & password from the https websites as well. I have demonstrated the same in one of the International conferences held at Singapore, said Dr. Anup Girdhar.
If we measure, the reasons can be taken care of with providing optimum level of solutions in order to get secure connections. So we need to look broadly that if https will be implemented completely, how well it safeguard our websites and protect our data.