Https is an acronym that stands for Hypertext Transfer Protocol Secure and it is a protocol that is used for the secure communication over computer networks. The secure transfer of data over the Internet is essential for all businesses to prevent wiretapping and attacks by middlemen. Although technically not a protocol, Secure HyperText Transfer is the result of layering the HTTP on top of the SSL/TLS protocol. A secure connection is preferred when transferring sensitive information, such as personal data, social security numbers, or credit card details.
The transfer of data becomes secure by ensuring that data is encrypted between the client and the server. A short term key will be converted into a long term asymmetric secret key that will be unreadable to anyone trying to intercept data which is being passed over the Internet. The server holds the public key certificate, which is used to verify the entity and ensures the identity of the organization or person receiving any data sent.
Https is a great start to security on the web, but outside secure transfers there are limits to what can be accomplished with https. For example, the protection afforded by https is dependent on proper web browser implementation, server software used, and supported algorithms. Outside of man-in-the-middle attacks and eavesdropping, https provides no protection whatsoever. In addition, any information sent is only as secure as the server it is sent to and if any of the above is not being implemented correctly information can be siphoned off.
Most casual internet users understand that when they see https at the front of a URL it is affording them some sort of protection, and they may even know that it indicates a secure connection. This is positive as it is an easy way for people to know they have some protection for their personal information, which helps to instil trust. In general it is good advice to avoid entering any sensitive information on sites that do not use an https address.