Just like we all have IDs verifying us, websites have certificates verifying their identity and provide a secure connection for the information you share with the website. This certificates are Transport Layer Security TLS which is an upgrade of Secured Socket Layer SSL and their functions are to provide authentication and data encryption between servers, machines and applications interacting over a network.
Let's look at web browsers and security over the web browser. How to identify and query a secure site. There were times that having an SSL certificate was not really easy but now, SSL is everywhere and free, thanks largely to Let's Encrypt so websites have no excuse to be unsecured.
There are two protocols for connecting to the internet, HTTP which is unsecured and HTTPS which is secured.
How can you identify a secured connection on your web browser?
Web browsers are client applications used to access websites. Most popular browsers are Chrome, Firefox, Safari, Opera and they all provide an indicator for a secured connection and warning should you connect to a website insecurely.
You could be accessing a fraudulent website posing as another because you failed to check or don't know how to check and verify the identity of the website in question. This is called phishing and some employ this to get sensitive information like usernames and passwords.
You can learn more about phishing at phishing.org
A common example is Facebook, you hear often people say their accounts have been hacked, there is high probability the intruder got access by means of phishing. This works cos you willingly submit your login details and the intruder gets a front door entrance.
An example of a fake Facebook login
Looking at the image above you can easily spot that it's a fake Facebook page because of the URL or web address. Facebook can be accessed at facebook.com or fb.com, this are the base Facebook domains for accessing the web app.
Also a connection to Facebook is secured and there is a easy way to identify a secured connection, we'll use Facebook as an example and the browser is the Chrome browser by Google, you can use any browser and still get the same results.
Open your browser, enter facebook.com and tap go. You'll get a Facebook mobile login page similar to the one below.
Observing the image, there is a locked padlock at the beginning of the web address bar followed by 'https://' which is a secured protocol as mentioned above. This are key indicators that your connection is secured and the website has verified it's identity to some extent.
Next, click on the padlock which will bring you a drop down similar to the image below.
The browser verifies the connection and gives feedback that all information to and from the website is private which means nobody can steal your information when been sent to Facebook. This is important and never ignore your browser warning for an unsecured connection.
Click on details so we can know more about the security talked about and the certificate authority verifying that Facebook is safe.
The certificate is issued by DigiCert and it uses TLS version 1.3. The most important thing to notice is the green padlocks, you are safe when the padlocks are green and not red.
A red closed padlock means the information you're sending can be read by only you and the website when being sent but the website is not who they claim to be and could be an attacker stealing your information, more like a fake ID situation.
There are other platforms that phishing is done on and the most common is the email. You can see more phishing examples at phishing.org.
Always remember to check your connection and connect only through the secured HTTPS protocol. HTTPS Everywhere is an extension you can install on your Firefox to automatically route all connections through the secured protocol. Similarly, you can test all website URLs by starting them with 'https://' . Most developers automatically redirect all traffic to their site through the secured protocol this boosts confidence in visitors and increases your website rankings.