How can I tell if my connection to this web site is encrypted?

As mentioned before, just because you are sending information through your computer (versus a physical form like a letter) does not mean it is completely private. And just because you use a password to log into a site does not mean the information you send/receive is completely private. In my last post, we looked at the importance of having an encrypted connection when using wireless internet, especially the free public kind.

How can you tell that your connection with a certain web site is secure and private?

Encrypted web sites have the URL "https://yourwebsite.com" instead of "http://yourwebsite.com". Note the extra 's' in "https". This shows that you are connected using secure http (and not just regular http).

Most web browsers show a picture of a padlock in the lower right-hand corner of the browser if your connection is encrypted. Note that a web page can display any pictures that it wants, including a picture of a padlock - but that doesn't necessarily mean anything. You must look for the browser's padlock picture. Below are pictures highlighting the "https" and the padlock in Internet Explorer 6 and in Firefox 3.







Even if you have an encrypted session, you should make sure you have an encrypted session to the right site. Are you connected to "https://www.amazon.com" or are you connected to "https://www.amazon.org"? Are you connected to "https://www.paypal.com" or are you connected to "https://www.paypal.online-site.com"?
Someone could set up a fake web site that looks like the web site you want to go to, and just wait for you to enter and send him your username and password.

If you log into a web site using regular http, your username and password is sent unencrypted, and anyone trying to "overhear" what you said will be able to know your username and password. So, to be sure, use https when possible. (Windows Hotmail uses http by default unless you click on "Use enhanced security" to use https.) Some web sites where security is a priority (such as any online banking web site) will automatically switch you over from http to https when you go to their site. (Try going to http://www.bankofamerica.com and you'll see this happen.)

Many online webmail sites use https to log you in (so your username and password are kept secret), but switch to regular http afterwards (which means someone can eavesdrop on the mail you send/receive at the very least.) Yahoo! mail does this, and so does Gmail by default, unless you turn on the https setting mentioned before.

Not all web sites are set up to use https. But if you had a choice, would you choose to use http or https? Hopefully you answered https! Make it a habit and type in https://...!

More on how you can tell a site is who it says it is later.