How Secure Login Works

How login works

When using an internet form, such as a search field or login box, you are transmitting information over the internet for the receiving server to process and send you back results.

When you send your information on the internet, it is not a direct connection to the destined server. In fact, your transmission is normally routed through many servers and different connections before it reaches the target.

This is where secure connections come into play. Without a secure connection, your information can easily be read by people on those servers. With a secure connection, your data is encrypted before it is transferred over the internet. By doing this, data cannot be read by people along the way.

How does a browser know when and when not to secure data?

The HTML Form

Web pages are simply text documents that are fed into your web browser. That browser uses that text as instructions on how to create your web page. One part of this code is the FORM tag. This is used when posting data over the internet.

When a web developer designs one of these FORMs, they have to specify the target of the FORM (also called its action). This is where the developer places the web page address for posting the data. When you submit the page and the FORM is pointed to a secure web page (HTTPS), the browser first encrypts the data for the transmission and then posts the data to the website.

So, does that mean the page you type information on needs to be secure? Not at all. When posting data on the internet, the page receiving the data must be secure for your transmission to be secure.

This poses another question. What if you are already on a secure page (HTTPS), but you post to an unsecure page (HTTP)? Is your transmission still secure? The answer is no. Again, the target FORM is what determines the security procedures your browser will take before it sends the information.

So How Can I Tell?

Depending on the browser you are using, there could be a number of options that indicate if you are posting to a secure web page. Some browsers can be set to notify you, before sending your data, when you are changing security modes. Many browser companies have developed product add-ons that are able to display this information for you.

Most modern browsers will display the target of the FORM in the status bar at the bottom of the screen. If this does not appear you should update your browser to the most recent version. Not keeping your browser up to date is a security risk.

Why Isn't All Data Secured?

Encrypting data takes extra time and work on the website server. While one request causes an insignificant amount of strain, hundreds of connections at the same time would if each one needed to be encrypted. In order to keep response time fast, websites only secure data when it is necessary.