What is an SSL certificate & Why do I need one?
You may have noticed the padlock and word ‘SECURE’ in the URL field at the top of your screen when you’re shopping online or browsing the web. Without you realising, your web browser has established a secure and encrypted channel to the website you’re viewing. Your communications at that point have become encrypted so any data you might be about to enter onto that website is completely secure. In other words, all the communication between your web browser and server are turned to gibberish using the encryption method so that anyone who intercepts the messages sent from your computer to the website (such as your name, address and credit card details) is protected.
The system that is being used when this happens is typically described as PGP. Essentially, PGP relies on a system of two keys – one private and one public. These days, the keys used to encrypt and decrypt messages are 2048 bit keys so that’s two keys needed to read any message encrypted with this method.
So how long would it take to break a PGP encryption? Well, according to mathematicians, a very, very long time! Just to break one communication would take a standard PC a lot more time than there’s ever been since the birth of the universe! And that’s just to break one code – you have to break two! So, it’s pretty secure!
That doesn’t mean that your information is completely secure though. Most servers and personal computers are still secured with regular passwords which can be cracked using a brute force attack. So the weak point of all security systems in place is us humans. So here's another quick reminder to make sure you always use high quality difficult passwords!
What happens when a website has an SSL?
Unless you’re a mathematics expert, it can hurt your brain to work it all out but essentially what’s happening is that your web browser sends a message to the website and asks it to validate itself. The website then sends a public key back to the browser. This is one of the two 2048 bit keys mentioned above that are required for the completely secure communication. Despite this key being public you still need the private key in order to read it, you can’t decrypt a message using a public key, so it is still very secure.
Along with the public key, the website sends a certificate of registration that the browser can validate with a third-party – the organisation that supplied the certificate. So it checks with the certificate authority that the key is genuine before using it to encrypt the message. This is the bit that you are paying for when you buy an SSL certificate. To install an SSL certificate on a server you have to prove you own the website you’re securing and you can only buy a certificate from a few trusted suppliers further enforcing the security. Although new providers are constantly popping up and with Google pushing website owners to secure all websites the costs are decreasing to become more and more affordable.
Why does my website need an SSL?
Up until only recently, the only time you would need an SSL was if your website took information from your users that would need to be kept secure, such as credit card details or personal information. Therefore, ecommerce websites should always be protected. Giving your credit card details on a website has risks which many people are aware of, so website owners need to protect their users as well as conform to regulations on security. And that’s how it’s been for years until Google decided to change it all.
Google started by tweaking their algorithms to prefer sites with an SSL back in 2014. Then last year decided to take it a step further by requiring any site with a form, whether it takes credit card details or not, to have a SSL proving secure communication. It's not a surprise that Google has a huge influence over website owners, with Google itself being the most popular search engine and Chrome being the most popular browser. Whatever Google says you should do is probably what you should do! Currently this is having an SSL regardless of whether your site takes personal details or not. To push this further Google has changed their Chrome browser to display a warning if a site isn’t secured with a SSL. If user’s see ‘not secure’ when they visit your site, they will worry and may be put off using the website.
If you take a look at the top of your browser now while on our website, you an see a padlock icon indicating our website is secure. This is much more reassuring for users.
We offer SSL certificates for all our websites. If you are an existing client and would like at add one or if you just want to find out more simply get in touch with us and we can answer any questions you might have.