Ask Kurt: The vital distinction between HTTP and HTTPS in securing your online data

Know what the difference is and what each acronym means

Kurt ‘CyberGuy’ Knutsson shows you how to secure your Google account

CyberGuy shows you how to manage your Google account to make sure that your information is safe.

Online dangers are growing with our love of online shopping. In fact, 79% of U.S. consumers say that they shop online more frequently now than they did before the COVID-19 pandemic. Although, it also has some risks and challenges, especially when it comes to paying with your credit card.

How can you tell if a website is trustworthy and secure for online payments? What does it mean when a website has HTTP or HTTPS in its web address? How does it affect your online security and privacy?

We'll get to those questions. Let's start by answering this one from Margaret from Fort Lauderdale, Florida.

"Does https mean the site takes credit cards and http is okay if they don’t take credit cards?" – Margaret Jane, Fort Lauderdale, Florida. 

Margaret Jane raises an excellent question. Let's go over the difference between "HTTP" and "HTTPS" and whether it matters or not when you're paying with a credit card online.

ask kurt the vital distinction between http and https in securing your online data

Woman shops online (Cyberguy.com)

CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK TIPS, TECH REVIEWS AND EASY HOW-TO’S TO MAKE YOU SMARTER

What's the difference between "HTTP" and "HTTPS"? 

The difference between HTTP and HTTPS is that HTTPS uses a SSL (Secure Sockets Layer) certificate to encrypt all data transfer while HTTP is not secured with an SSL certificate and is much more open to hackers stealing sensitive information.

HTTPS is internet security geek-speak for Hypertext Transfer Protocol Secure, and it functions similarly to HTTP, except that it works to protect communication between web servers and browsers when transporting data. A website that begins with HTTP does not have this same layer of protection.  

It’s all about the letter "S"

In the simplest of terms, imagine you are sending a letter to your friend through the mail. HTTP is like sending a letter in a normal envelope. It is not very secure, and anyone who intercepts the letter can open it and read your message.

HTTPS is like sending a letter in a locked envelope. It is very secure, and only you and the recipient can open it and read your message.

Why is HTTPS more secure than HTTP?

HTTPS is more secure than HTTP because it uses an SSL certificate to encrypt the data that is transferred between the web server and the browser. This means that anyone who tries to intercept or tamper with the data will not be able to read or modify it.

How HTTPS protects your data with SSL certificates

MORE: DON’T FALL FOR THIS NEW BANKING SCAM

SSL certificates also verify the identity of the website, so you can be sure that you are dealing with a legitimate site and not a fake one. An SSL certificate is a digital document that contains information about the website, such as its domain name, owner and expiration date. 

It also has a public key and a private key, which are used to encrypt and decrypt data. The public key is shared with anyone who wants to communicate with the website while the private key is kept secret by the website owner.

How your browser verifies and encrypts data with HTTPS

When you visit a website that uses HTTPS, your browser will check the SSL certificate and make sure that it is valid and matches the website’s domain name.

If everything is OK, your browser will establish a secure connection with the website and exchange encryption keys.

Then, all the data that is sent and received will be encrypted using these keys.

How to identify HTTPS websites in your browser

You can tell if a website is using HTTPS by looking at the web address in your browser.

MORE: HOW THIS SAFE BROWSING FEATURE IS USING AI TO STAY AHEAD OF SCAMMERS

If it starts with https://, then it means the website is secure.

You may also see a padlock icon or a green bar next to the web address, which indicates the website has a valid SSL certificate.

Why you should avoid paying with credit cards on HTTP websites

Whether a site takes credit cards or not has nothing to do with whether it uses HTTP or HTTPS. However, if a site does take credit cards, it’s important that it uses HTTPS to protect the sensitive information being transferred.

If you're on a website that uses HTTP, and it's telling you to pay for something with a credit card, you should probably steer clear of it.

The website could be a phishing page or be infected with some sort of malware that could hand your credit card information over to a hacker, and then they could do whatever they want with it.

ask kurt the vital distinction between http and https in securing your online data

Woman working on the computer (Cyberguy.com)

MORE: PROTECT YOUR BACON: THE RISE OF PIG BUTCHERING SCAMS AND HOW TO AVOID THEM

What can I do to protect myself from a keylogging attack

There are a number of precautions that you can take to avoid becoming the next victim of a keylogging attack.

Have good antivirus software on all your devices

Keeping hackers out of your devices can often be prevented when you have good antivirus protection installed on all your devices. Having antivirus software on your devices will help make sure you are stopped from clicking on any known malicious links, attachments or images that may install malware on your devices and thus allow hackers to gain access to your personal information.

Get my picks for the best 2023 antivirus protection winners for your Windows, Mac, Android & iOS devices.

MORE: HOW YOUR BROWSER COULD BE EXPOSED TO A SECURITY RISK 

Use a password manager

Keyloggers can’t record what you don’t type, so using a password manager that automatically fills in your login credentials can help you avoid typing them. You should also use strong and unique passwords for each account and change them frequently.

Keep your software and apps updated

Updating your operating system, browser, antivirus software and other applications can patch any security vulnerabilities that hackers can exploit to install keyloggers. I know I sound like a broken record here. You should avoid clicking on suspicious links or attachments that may contain malware.

Use a Virtual Private Network (VPN)

We recommend using a VPN to protect against hackers snooping on your device. VPNs will protect you from those who want to track and identify your potential location and the websites that you visit.

ask kurt the vital distinction between http and https in securing your online data

Man on the computer (Cyberguy.com)

See my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android & iOS devices.

Kurt's key takeaways

Always keep a watchful eye out when you're visiting websites that you have never seen before. Check the URL and make sure that it begins with HTTPS, especially when you are dealing with sensitive information such as passwords, credit card numbers, personal details, etc. This way, you can protect yourself from hackers who may try to steal your information or harm your cellphone or computer.  

What else do you wish websites could do to prove that they are safe and secure? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

ARE YOU PROTECTED? SEE MY 2023 BEST ANTIVIRUS PROTECTION WINNERS

Copyright 2023 CyberGuy.com. All rights reserved.

Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurt’s CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Authored by Kurt Knutsson, Cyberguy Report via FoxNews September 14th 2023