Browser Padlock
Browser Padlock: a reader asks…
Hi Chris, some websites I visit have a green padlock (like your website) and some don’t. I know it has something do do with security, but can you give me a quick primer?
Sounds like you’re using the Google Chrome web browser (or perhaps Firefox). The green padlock to the left of the URL lets you know that every bit of data that passes between your computer and that website is encrypted so hackers can’t read everything you’re exchanging. Of course that doesn’t count the hacker looking over your shoulder in Starbucks!
Other web browsers have slightly different ways of showing you that the website is secured, but all are some form of a padlock.
- Microsoft’s latest Edge browser (in Windows 10) shows a padlock outline to the left of the URL.
- Microsoft’s Internet Explorer 11 shows a grey padlock to the right after the URL.
- Mozilla Firefox shows a green padlock to the left of the URL
- Safari shows a green padlock to the left of the URL
You may see other variations for different versions or types of browsers, but what you’re really looking for is that padlock. If it’s got a red X, slash through the https:// part of the URL, or something similar, then the website’s security is in question. One exception might be if you see a yellow triangle over the padlock, or a warning that the site contains a mix of secure and unsecure items. That’s not necessarily a cause for concern, this can happen sometimes when the website includes 3rd party advertising, images or other media from another website. Good webmasters who service secure websites will work hard to make sure that only the padlock shows.
What the padlock means is that the webmaster has obtained certification that their website and organization is a real entity. Certification is provided by a trusted 3rd party, known as a Certificate Authority (CA). After the CA verifies the organization, they give the webmaster an SSL Certificate which is installed on the website’s server. That SSL certificate both handles the encryption of all data going from and to that website server and instructs the web browser to display the padlock. There are quite a few CA’s around, including:
- Verisign/Symantec
- Comodo
- Entrust
- Thawte
- Trustwave
More and more websites are taking the extra step to get the certification needed so their website shows that padlock. But at the very least, you should be on the watch for that padlock on any website where you:
- provide credit card or any personal information, or
- log into an online account
Don’t neglect to consider item #2 above – if there’s no padlock on the login screen, then your username and password are transmitted over the internet without encryption and quite frankly, hackers are watching. There are tons of fake websites out there and scammers are constantly trying to grab your info. When the website you visit shows that padlock, you can trust that they are who they say they are. But it doesn’t necessarily mean that you can trust them with everything – hackers are continuing to show everyone that our security is sadly lacking. Before you shop online, know the organization you’re shopping at – check them out.
Some smaller online retailers won’t secure their entire website, just the checkout portion of the shopping experience. Some may even send you to a separate payment processor (Paypal, Authorize.net, etc.) to handle the payment for their goods and services. That’s nothing to worry about, as long as the payment processor’s website shows the padlock.
In general, watch for any web page that has form fields for you to fill out – that page should show the padlock in the URL bar. If it doesn’t, consider carefully whether you want to continue. I suggest you close that page and find another online site where the padlock shows.
One thing you should know: since all the information between your browser and the website is encrypted, it takes a little longer for the webpage to display, since it has to go through those extra steps: encrypting on the website server, and decrypting on your web browser. Please have a little patience, that extra time is to help keep you a little safer online.
This website runs on a patronage model. If you find my answers of value, please consider supporting me by sending any dollar amount via:
or by mailing a check/cash to PosiTek.net LLC 1934 Old Gallows Road, Suite 350, Tysons Corner VA 22182. I am not a non-profit, but your support helps me to continue delivering advice and consumer technology support to the public. Thanks!