You may have seen that a lot of popular sites such as Facebook, Twitter and Hotmail are moving from using HTTPS only for their login pages to using it for their entire site. For some of these sites, it is a user configurable option right now, but ultimately it will be the default method of access over standard HTTP.
So that may raise the question to you that if HTTPS is much more secure, why doesn’t every site use it? That very question is answered in this excellent article on Ars Technica: HTTPS is more secure, so why isn’t the Web using it?
There are several reasons HTTPS isn’t used everywhere:
- Adds latency to connections since servers have to process key exchanges and lose the ability to cache
- Extra cost of security certificates
- Requirement that a unique IP must be used for an SSL certificate (i.e. no shared hosting which just about every web host employs)
- Many sites simply don’t need it (if you never send sensitive informatin to a site then there is no reason to secure the traffic)
This is a very interesting read and well worth it. While I think HTTPS will become a bit more commonplace, I don’t see the web ever moving to HTTPS only as it is cost prohibitive for smaller sites.
The PCMech.com weekly newsletter has been running strong for over 8 years. Sign up to get tech news, updates and exclusive content - right in your inbox. Also get (several) free gifts.