If you’ve been following this series of security maxims, you’re probably pretty careful about what you do on the web. You certainly have strong passwords for all of your logins, all of them different, and you don’t go around telling people what they are or keeping them on sticky notes attached to the monitor at your workplace. Good for you! But if you make this one common mistake, you may as well paint your passwords in 10-foot tall letters on a lighted billboard next to a busy freeway.

I’m talking about entering your password — or any sensitive information — into any web page that’s not secure. All communication — including your username and password — between your browser and a web server is normally transmitted in clear text, easily read by anyone who cares to look. Your data is being sent in clear text if you enter anything onto a page with the prefix http://. That’s how you know the page isn’t secure.

How do you know a page is secure? It will use an encrypted connection, signified by the prefix https://, known as Secure Sockets Layer (SSL). Any information you put into such a page is unreadable by anyone who might intercept it. Only your browser and the web server at the other end can decipher it. Some browsers even show a lock icon to let you know it’s secure. SSL relies on special security certificates issued by a trusted authority who has verified the identity of the website you are logging onto.

Never enter sensitive information into any web page unless you have verified that the information is being sent over a secure connection signified by https:// in the address bar and/or a lock icon in the browser’s status bar.

The Geek

Have a question? It can be about anything from cooking to science, whatever you’re interested in: Click here to Ask the Geek! Kenny “The Geek” Harthun has been playing with geeky stuff since 1965. He’s a former research scientist and Microsoft Certified Systems Engineer at Connective Computing, Inc. and loves to learn about anything and everything.