DEV Community

Sreekar Reddy
Sreekar Reddy

Posted on • Originally published at sreekarreddy.com

🔒 HTTPS Explained Like You're 5

#eli5 #security #web #beginners

A sealed envelope instead of postcard

Day 43 of 149

👉 Full deep-dive with code examples

Postcard vs Sealed Letter

HTTP (no S): Like a postcard

  • Anyone who handles it can read it
  • Your password could be visible to others along the way

HTTPS (with S): Like a sealed envelope

  • Typically the sender and receiver can read the contents
  • Carriers just see a sealed envelope

The S = Encrypted

HTTPS uses encryption (via TLS):

Your message: "hello"
             ↓ encrypted
Sent as: "xK9#mL@pQr!5vB2n..."
             ↓ decrypted by server
Server sees: "hello"
Enter fullscreen mode Exit fullscreen mode

Anyone in between typically sees encrypted data.

How You Know

Look at the URL:

  • https:// usually means your connection is encrypted
  • http:// means it isn't

Avoid entering passwords on HTTP sites.

What It Protects

  • Passwords and login info (in transit)
  • Credit card numbers (in transit)
  • Personal messages (in transit)
  • Any data you send between your browser and the site

Note: HTTPS protects data in transit. It doesn't make a malicious website trustworthy.

In One Sentence

HTTPS encrypts the connection between your browser and the website, protecting your data from eavesdroppers.

🔗 Enjoying these? Follow for daily ELI5 explanations!

Making complex tech concepts simple, one day at a time.

Top comments (0)