When HTTPS Doesn’t Mean Safe — A Thumbs Down to Free SSL

How free SSL certificates became a double-edged sword?

Who doesn’t love free things? And few challenges this if it’s sponsored by Google, Mozilla, and Facebook. Google revealed in 2014 that it plans to encrypt the site as a whole. Let’s Encrypt released its free SSL Certificate, an open source security authority, in the same year. With such well known supporters it became the pioneer of encryption and had signed over 380 million certificates in the first three years.

  • Don’t blindly trust your email name: question your email content purpose.
  • When you receive a suspected e-mail with a connection from an unknown source, you will ensure that the e-mail is genuine before you call or e-mail the contact.
  • Check for miscopy or incorrect domains within a link (e.g., if an address that should end in “.gov” ends in “.com” instead).
  • Because a website has a lock icon and the ‘https’ in its browser address bar you cannot trust it easily.

Google Chrome plans to phase out the SSL padlock icon

Safe websites on the internet should be the standard for the Google. Even the phishers benefit from it, the company is doing an excellent job in encryption so far. It’s not needed to recall anyone about anything when somethings become familiar. That’s what Google believe at least.

Extended Validation Certificates prevent phishing

The SSL industry is still quite young with Extended Validation, simply EV certificates. The first version of EV guidelines was approved by the CA/Browser Forum in the year 2007. EV SSL Certificate was a critical element of securities for the large companies and the financial institutions.

Final Words

Web security has improved because of free and affordable SSL Certificates. From few years, it is much easier to exchange sensitive data throughout the network. The availability of free SSL certificates has, however, also led to the gloom. The phishers are deceitful with free SSL Certificates, which are harder to detect and tough to prevent. As experts of the industry continue to increase the awareness of users about encryption and why it is so important to stress that HTTPS is not an indicator of an authentic web site, unless an EV certificate is installed.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Nishi Agrawal

Nishi Agrawal

5 Followers

Management Student, Digital Marketing Enthusiastic Interested in Web Security and Internet topics. Young Mind with creative thinking capabilities.