HTTPS User Guide

In light of my previous post where I talk about how it’s relatively easy to commit a man-in-the-middle attack, I feel like I should explain how people can protect themselves.

If you’re typing information that you consider private (typing your SSN or typing a password, especially for webmail or your bank), use this checklist:

  1. Go to the login page (the page that asks you to type your password), but don’t type anything yet!
  2. Look at the address bar at the top of your web browser.
  3. Inspect the web page address and make sure it’s correct. For example, if you’re logging into Bank of America’s website then the address should be https://www.bankofamerica.com/ and not https://www.bankofamerica.youcantrustus.com/ and not https://www.bankofamerica.com@3468664375/ (the difference between these is subtle, but extremely important)
  4. There should either be blue or green text, and/or a blue or green background in the address bar. Sometimes your browser will even show you the name of the company who operates the website; this gives you an extra level of trust.
  5. There should not be a red X, a broken lock, a black slash, a yellow caution triangle, etc.

That’s it. Beyond that you’re trusting that the owner of the website you’re using knows what they’re doing and is competent.

This entry was posted in All, Computers. Bookmark the permalink.

Leave a Reply

Your email address will not be published.