HTTPS has been around nearly as long as the Web, but it’s primarily used by sites that handle money—your bank’s website or shopping carts that capture credit card data. Even many sites that do use HTTPS only use it for the portions of their websites that need it—like shopping carts or account pages.
Web security got a shot in the arm last year when the FireSheep network sniffing tool made it easy for anyone to capture your current session’s log-in cookie insecure networks—your local coffeeshop’s hotspot or public WiFi at the library. That prompted a number of large sites to begin offering encrypted versions of their services via HTTPS connections. Continue reading