You’ve likely already noticed that many websites, including the Dynamic Website Kits that OPLIN manages, now have URLs that often begin with “https://” rather than “http://.” That’s no accident; we’ve been buying and installing SSL (Secure Socket Layer) certificates for a while now. Why are so many sites, not just OPLIN’s, now sporting the extra security? In a nutshell, it’s additional protection. Next month, January 2017, Chrome will even begin showing a warning to users when they visit sites without HTTPS, marking those sites as insecure. If your library’s website doesn’t already have HTTPS, better get ready.
- HTTPS Everywhere: Security is Not Just for Banks [Lullabot] “What exactly does HTTPS give us? It’s two things, really. First, it’s a way to ensure data integrity and make sure that traffic sent over the internet is encrypted. Secondly, it’s a system that provides authentication, meaning an assurance that the site a user is looking at is the site they think they are looking at.”
- Beginner’s Guide To Website SSL Certs [Hongikat] “SSL behaves as a digital passport which verifies the credentials of both yourself and the end web server. When both identities are verified, SSL grants a secured connection through HTTPS. This process is performed using certificates.”
- HTTPS does not secure your website [PerezBox] “The actual act of securing a website is a very complex process. HTTPS does not stop attackers from hacking a website, web server or network. It will not stop an attacker from exploiting software vulnerabilities, brute forcing your access controls or ensure your websites availability by mitigating Distributed Denial of Services (DDOS) attacks.”
- How does HTTPS actually work? [Rob Heaton] “Whilst the little green padlock and the letters ‘https’ in your address bar don’t mean that there isn’t still ample rope for both you and the website you are viewing to hang yourselves elsewhere, they do at least help you communicate securely whilst you do so.”
From the Ohio Web Library:
- Digital Privacy Is Important Too [Computers in Libraries. Mar2016, Vol. 36 Issue 2, p23-24.]
- Bitly Embraces Let’s Encrypt for Short Link Security [eWeek. 5/18/2016, p4-4.]
- Analyzing proposals for improving authentication on the TLS-/SSL-protected Web [International Journal of Information Security. Nov2016, Vol. 15 Issue 6, p621-635.]
