Hi,
I have to explain why getting an ssl cert (https) is important to some non-technical folks. I can't for the life of me simplify this down to a concept. Can someone help.
I have so far:
http is how the web used to work / https is how the web is expected to work in the future
http is vulnerable to being eavesdropped / decoded while in transit
https is not
https is http over a secure protocol (usually (ssl) port 443 or (tls) port 587)
My Start:
Think of it this way:
you're standing in line at the bank, the teller in front of you asks for your pin.
Do you feel secure saying your pin code for all hear?
Or speaking it to the teller in a some sort of code only you and the teller can understand?
My plan is to use letsencrypt for the cert. I've done this for my own site and it works great.
Mastering the art of technical explanation to non-technical folks is a work in progress for me.
Thanks,
jbeetz
Top comments (2)
If you are explaining HTTPS to non-technical people, this is the real point you want to hit home. HTTPS at its core, still uses HTTP but as you mentioned takes advantage of TLS to encrypt the HTTP requests in between servers and browsers.
This achieves an effect two fold. Privacy and Validity. With normal HTTP traffic, ISPs and any public router, whether that be corporate proxies or public hot-spots, are able to read and intercept all the Web traffic that passes through them. So imagine if someone who visited your site, something you spent countless hours designing and crafting the experience for is all of a sudden replaced with something else, or gets ads and crypto-miners injected into it. Just because they were on public Wi-Fi.
HTTPS prevents this and ensures that the users of your site actually receive your site, and only your site.
We believe in a magic policeman that holds a list of people we trust called certificate authorities. They have the right to generate secret papers that tell us that a website is secure. When I go to a website that does not have this secret paper it is very unsafe and people in the coffee shop can potentially read everything I read. If the website has the magic paper then I know that no one else in the coffee shop can read what I am reading.