HTTPS buys a website three things:
- User privacy: but that's not what we're discussing
- Data integrity: my favorite benefit as a website publisher
- Authentication: a means to build trust
Data integrity means no content modification
Data integrity assures a website publisher that users are consuming the content as it was published. That is, users get to consume the content without fear someone changed it.
Authentication and trust
Authentication answers a simple question of trust: Am I really talking to the website I wanted to talk to? To rephrase for you reading this page right now, how can you be sure you're really accessing pierrefar.com? Your browser tells you by changing the address bar to make it clear that is the case, usually by displaying a green padlock. In Chrome, if you click on the green padlock in the address bar, you'd see something like this:
Your CMS passwords
Have you ever logged into your website's content management system (like Wordpress or Drupal or whatever) without using HTTPS? Come on, be honest here. Wouldn't it be nice if your site's admin password was not sent over your company network, the WiFi in the cafe from where you like to blog, and the internet in the clear?
Not just user privacy: HTTPS is also for website owners