Do you see that little padlock just before the start of the website address in your browser?
It means you’re secure and you can trust the website right?
Well, not exactly.
What does the padlock do?
The padlock icon means that the website you are visiting has been verified by a CA (certificate authority) as using the HTTPS protocol. This is the protocol used to make sure that all information being sent to and from the website is being encrypted.
That’s great news when doing online banking or any other task that requires safe transmission of your data (passwords etc)
The bad guys have joined the party
Circa 2000 and we were all getting used to the internet for many different tasks; banking, shopping and viewing cat videos on YouTube. We were being told at that time that we should only trust websites with the padlock icon as that would make everything we did much more secure.
Now we know that although it definitely helps, unfortunately, the padlock icon doesn’t have any relevance on whether or not the website you are visiting is malicious or not.
According to the Anti-Phishing Working Group, the number of phishing websites that are using the HTTPS protocol has risen dramatically from 35% in the second quarter of 2018 to a whopping 82% by the 2nd quarter of 2021.
How do we know if we’re secure?
Ronald Reagan once used the phrase “trust but verify” and for this, it’s brilliant advice.
The best advice I can give you now would be to not only make sure that the padlock still appears if you are entering details into a website but also verify where the link to that website has come from.
We can often stop these kinds of phishing attacks by simply checking that the URL looks correct (www.youtube.com not www.y0utub3.com) as a lot of malicious sites will try to mimic a legitimate one. Or secondly, if you have been sent a link from someone that you know and it feels a bit “phishy” (pun intended), ask them if they meant to send you that link as they may have been phished themselves.
References: https://apwg.org/
Greg Charman
Penetration Testing Consultant
FAQs
What does the padlock do? The padlock icon means that the website you are visiting has been verified by a CA (certificate authority) as using the HTTPS protocol. This is the protocol used to make sure that all information being sent to and from the website is being encrypted.
Does a padlock mean a website is safe? ›
When you go to a site that has a padlock icon next to the site name, it means the site is secured with a digital certificate. This means that any information sent between your browser and the website is sent securely, and can't be intercepted and read by someone else while the information is in transit.
What does a 🔒 beside a website mean? ›
The padlock symbol on a web browser simply means that the data being sent between the web server and the user's computer is encrypted and cannot be read by others.
What does the lock symbol on a website mean? ›
The lock symbol and related URL containing “https” simply mean that the connection between your web browser and the website server is encrypted, which is important. It prevents others from eavesdropping or intercepting your communication between your browser and the website's server.
What does a padlock in the address bar indicates a website is genuine? ›
What does the padlock icon mean? The padlock icon shows that a website has an SSL certificate. An SSL (secure sockets layer) certificate is something which is added to the website that provides you with additional security.
Is A padlock Secure? ›
A security padlock is a very effective deterrent, consisting of a small, strong steel casing that protects fixed and mobile objects from theft and break-ins. For example, you can protect a bicycle, a locker, a chest, a piece of furniture, a door etc.
Does a padlock mean a website is safe reddit? ›
HTTPS insures a website encrypts data from client to server, it does not guarantee that the server you are connected to is malicious.
What does the 🔒 mean? ›
The 🔐 (lock with key) emoji is used to indicate internet security or two people who belong together in a relationship. The 🔑 (key) emoji can represent success. You can also use it when you're talking about something that's crucial or important.
How to tell if a website is safe? ›
6 Ways to Tell If a Website is Safe
- Look for an SSL Certificate. Secure websites have an SSL, or a Secure Sockets Layer. ...
- Evaluate the URL Structure. ...
- Look for the Company's Contact Info. ...
- Check the Spelling and Graphics. ...
- Heed Your Device's Security Warnings. ...
- Opt Out of Sites that Flood You with Pop-Ups.
Does https mean a website is safe? ›
HTTPS is HTTP with encryption and verification. The only difference between the two protocols is that HTTPS uses TLS (SSL) to encrypt normal HTTP requests and responses, and to digitally sign those requests and responses. As a result, HTTPS is far more secure than HTTP.
The exact origins of the “love locking” practice are unknown, but it rapidly gained global momentum after emerging in Rome and Paris during the 2000s. The locks have become romantic tokens – universal symbols for the commitment, strength and constancy of a relationship.
How do you get the padlock on your website? ›
The padlock means that the information which is being transferred via your website is secure, and it is a great way to ensure that your customers feel confident to use your website. To have this facility, you would need an SSL Cert.
Is a padlock icon in the address bar indicates the current website is unsafe yes or no? ›
Expert-Verified Answer. Explanation: The statement that a padlock icon in the address bar indicates the current website is unsafe is false. In fact, the presence of a padlock icon in the address bar typically indicates that the website is secure, especially when using a modern web browser.
What does a GREY padlock mean on a website? ›
A gray padlock means that Firefox connected securely, but that the site didn't get a more expensive Extended Validation SSL certificate. In order to get an EVSSL certificate, which shows a green padlock in Firefox, the company which operates the website has to verify additional details to the certificate issuer.
What does it mean if a website doesn't have a padlock? ›
SSL is enabled, but no lock will appear
This means that these images or links can be accessed via http:// instead of https:// (mixed content). The browser will therefore indicate that your website is unprotected.
What happens when you click the padlock icon on a webpage? ›
To be specific, it signifies the site has an SSL/TLS certificate and the connection is encrypted with HTTPS. Clicking the icon will reveal more information, including the nature of the connection, any stored cookies on the site, and the number of site visits.
What is the GREY padlock on my website? ›
In Firefox, a grey padlock indicates that the site in question does not use an EV certificate. Sites using EV certificates shows up as a green padlock. There is mostly no practical difference between the two types of certificates. Both are equally secure from a technical POV.
What does the padlock mean on Chrome? ›
The lock icon is meant to be a helpful indicator to show you a site's HTTP connection is encrypted, which is also known as HTTPS.