What SSL means – and why it’s about to change
With forthcoming changes to the way websites are secured, it’s important to know what SSL means and why it matters to consumers
Fans of the all-action drama 24 might remember staff in the Counter Terrorism Unit’s head office instructing each other to open a socket.
This sounded glamorous when it involved dynamic (and generally very attractive) cast members who would probably be dead three episodes later.
Yet it’s rather more prosaic when our web browsers do the same – which they do regularly while we’re online.
The Secure Sockets Layer protocol is one of the main methods of preserving our personal and financial data and keeping it out of the hands of criminals.
And it’ll soon be changing, making this the perfect time to establish what SSL means and how it keeps us safe.
Sold secure
Any explanation of what SSL means has to start with the way information is transmitted over the internet.
On an insecure network, individual packets of webpage data are bounced around the world along the quickest available route at that millisecond, before being reassembled.
While in transit, these packets of information could potentially be intercepted and viewed.
And in today’s privacy conscious age, web browsers and antivirus software will label sites which aren’t SSL-enabled as potentially dangerous, encouraging people to navigate away.
You can tell the Broadband Deals website is safe because the http prefix in our address bar has an ‘s’ after it. This stands for ‘secure’, indicating the gold standard of site security.
Any correspondence between your device’s browser and our servers will be conducted along a secure connection, which is protected using encryption technology.
Before it’s sent, data is encrypted using algorithms which also decode it on the recipient’s computer or phone.
This prevents it being read or modified by third parties, effectively rendering the data meaningless to anyone who sees it en route.
This is crucial in terms of ensuring financial data being shared over the internet can’t be hijacked or abused once it’s been typed in and entered into a browser.
Encrypting and decrypting webpage data only takes a few milliseconds, yet the level of additional security it provides is compelling.
The times they are a’ changing
It’s up to website owners to obtain an SSL certificate, and consumers don’t have to do any more than use a modern web browser – Edge rather than Internet Explorer, for instance.
Obtaining an SSL certificate isn’t a complex process, and historically, new certificates were valid for two years.
However, from the first of September, that will be changing.
Web browsers will no longer trust SSL certificates which are (or have been) issued for 400 days or more.
That’s because these certificates could become obsolete as technology advances, or become compromised as cybercriminals develop workarounds to their protections.
If you receive a browser warning about a formerly secure website, don’t automatically assume it’s compromised.
But do take a moment to decide whether you trust it before paying it a visit…