Verifying a Website

How to verify a website identity

Many websites use SSL to encrypt traffic (protects against eavesdropping on WiFi) and also to verify identity. Verification is important because criminals often use an exact copy of a website to collect passwords and other personal information.

The URL should start with "https://", not just "http://"
The SSH certificate should be valid, and issued to the correct domain

All web browsers provide some way to verify certificates. Usually there is a padlock icon to click on; in older browsers it may be hard to find. Newer ones such as Firefox make it simpler.

Firefox 12 verification
Regular SSL certificate
Extended Validation certificate
Mouseover the coloured logo to show the certificate authority, click it for more detail.

See details for specific browsers:

Some TRIUMF sites use a TRIUMF SSL certificate. If you get an "unknown authority" warning when visiting these, you should install the TRIUMF CA root certificate. Websites using these certificates then say "verified by TRIUMF" in the security popup.

How it works
Identify a Phishing Scam (external link at wired.com)

A.Daviel
Network Security Manager