Security

Enabling HTTPS will prevent man-in-the-middle attacks, this attack can intercept form data. HTTPS will encrypt this data with a specific algorithm.

HTTP vs HTTPS

How does it work?

How HTTPS authentication works

The way that it works is that you need to identify the user requestion the page and the user retrieving the page is the same person. On request of the website, you'll actually send a piece of data to Let's Encrypt (in this example) to identify the user with, Let's Encrypt will provide the browser with another piece of data which form a key pair.

Now Let's Encrypt will verify that it can authenticate with the server, so the server has to let Let's Encrypt know it may control it's HTTPS connection.

As soon as that's validated the server will send out those key pairs back to the browser and the browser will verify those. In case these are not valid it means the requester is no the same as the retriever.

What is it good for?

How do I get one?

Nowadays many hosting providers give either their own secure HTTPS connection, so depending on your host you might actually get a really good encrypted connection.

Are there different encryptions? Yes, there are paid ones and free ones. The paid ones are usually harder to crack, but that's not always the case so do a good research before investing in one.

Is there a free one? Let's Encrypt! Is a free service by the Linux Foundation delivering excellent secure connections between your client and your server? Because it's so popular, most hosting integrate this as a free option to their hosting.

Written by Ciryk Popeye
Founder of Web hints and professional web developer