What is the HTTPS protocol?
When we access a website, what we really do is request that a machine shows us in the browser its contents, which is downloaded to our computer. But what we want when we log on to a website such as our online banking, for example, is that our user name and password, the information we view from our accounts and the transactions we perform, i.e. the information we exchange with the server, is carried out in a secure manner and cannot be intercepted by unwanted persons. That is when the HTTPS protocol, also known as the secure hypertext transfer protocol, becomes particularly important.
What is the HTTPS protocol and how does it work?
It is an internet communication protocol, a set of commands or instructions executed by the browser when we type in a URL, click on a link or fill in a form. The initial protocol from which it originates is the well-known HTTP, in which all information exchanged between our browser and the server is in normal text. In HTTPS the traffic is encrypted, ensuring a secure connection.
What is it used for?
The purpose of the HTTPS protocol is to prevent a malicious person or attacker from obtaining our sensitive information: usernames, passwords or credit card numbers.
If the information that our browser exchanges with the server is not encrypted (web page implemented with HTTP, which is not secure, http://www.page.xxx), an attacker who is on the same public or unsecured network as us could capture our traffic and access our sensitive data. To do this we must always ensure, when using sensitive data over unreliable networks, that the pages have HTTPS implemented (https://www.page.xxx) so that our information is encrypted when it travels.
It is possible that a person on the same Wifi network as us can capture our network traffic and, in the case of transporting sensitive and non-encrypted information, can access it. The general recommendation is to always use pages that have HTTPS enabled when making purchases or exchanging sensitive or confidential information and to thus guarantee an initial security barrier for our personal data.