You wouldn't write your username and passwords on a postcard and mail it for the world to see, so why are you doing it online? Every time you log in to Twitter, Facebook or any other service that uses a plain HTTP connection that's essentially what you're doing.
There is a better way, the secure version of HTTP—HTTPS. That extra "S" in the URL means your connection is secure and it's much harder for anyone else to see what you're doing. But if HTTPS is more secure, why doesn't the entire Web use it?
HTTPS has been around nearly as long as the Web, but it's primarily used by sites that handle money—your bank's website or shopping carts that capture credit card data. Even many sites that do use HTTPS only use it for the portions of their websites that need it—like shopping carts or account pages.
Web security got a shot in the arm last year when the FireSheep network sniffing tool made it easy for anyone to detect your login info over insecure networks—your local coffeeshop's hotspot or public WiFi at the library. That prompted a number of large sites to begin offering encrypted versions of their services via HTTPS connections.
Lately even sites like Twitter, which has almost entirely public data anyway, is nevertheless offering HTTPS connections. You might not mind anyone sniffing and reading your Twitter messages en route to the server, but most people don't want someone also reading their username and password info. That's why Twitter recently announced a new option to force HTTPS connections (note that Twitter's HTTPS option only works with a desktop browser, not the mobile site, which still requires manually entering the https address).
Google has even announced it will adding HTTPS to many of the company's APIs. Firefox users can go a step further and use the HTTPS Everywhere add-on to force HTTPS connections to several dozen websites that all offer HTTPS, but don't use it by default.
0 komentar:
Posting Komentar