HTTPS use has finally reached its ‘moment of critical mass’

HTTPS has reached a “moment of critical mass.” That’s according to cybersecurity researcher Troy Hunt this week after he published statistics that showed HTTPS (Hypertext Transfer Protocol Secure) usage had grown so substantially that it was becoming the “norm” now rather than the exception.

HTTPS is a more secure version of the HTTP protocol. It encrypts the data sent between your browser and the sites you are visiting, which ensures that your data is protected while browsing. HTTP had been the standard for a long time but it is now being usurped by HTTPS.

The evidence to back up this tipping point claim has been growing gradually, said Hunt (who is best known for running haveibeenpwned.com). He added that the protocol has become faster and more freely available to use.

Last October, Mozilla recorded that more than half of its page loads were encrypted with HTTPS while many major sites, such as Twitter and Facebook, are using HTTPS by default. Another security researcher, Scott Helme, found that of the top million sites listed on Alexa, 18.4 percent are redirecting users’ browsers from HTTP to HTTPS. Granted, 18.4 percent may not seem like a huge segment but that’s more than double the percentage from August 2015.

Helme carries out this research every six months, so expect to see even more growth in the next round of figures.

Hunt goes on to point out how browsers are now holding websites to account for not implementing better security. He claimed that this is further evidence that HTTPS is becoming more and more ubiquitous.

The latest versions of Chrome and Firefox are now warning users when they are accessing webpages that are not adequately secured, which should only drive the trend toward HTTPS further. Sites that aren’t using the protocol are more susceptible to man in the middle attacks where hackers could scoop up data during the occurrence of a transaction.

Hi @Qantas, I just went to login to my frequent flyer account and the browser is warning me that it's not secure. Is something wrong? pic.twitter.com/6Bu4v9f5Qn

— Troy Hunt (@troyhunt) January 26, 2017

These warnings are vital for spreading the word to everyday users, said Hunt, especially when it comes to financial transactions. “Warnings about a site’s security at the time where you’re providing sensitive information is precisely the sort of thing that will force the hand of these sites,” he said.

Over the last two years or so there has been increasing demand for HTTPS, with most major sites now pointing to the need for better security for its users. Earlier in January, the New York Times moved to the protocol by default. Google even favors sites running HTTPS in its search results above those that do not, creating a further incentive for sites to make the move.