How to verify a website identity

Many websites use SSL to encrypt traffic (protects against eavesdropping on WiFi) and also to verify identity. Verification is important because criminals often use an exact copy of a website to collect passwords and other personal information.
  1. The URL should start with "https://", not just "http://"
  2. The SSH certificate should be valid, and issued to the correct domain
All web browsers provide some way to verify certificates. Usually there is a padlock icon to click on; in older browsers it may be hard to find. Newer ones such as Firefox make it simpler.

Regular SSL certificate

Extended Validation certificate
Mouseover the coloured logo to show the certificate authority, click it for more detail.

See details for specific browsers:

Some TRIUMF sites use a TRIUMF SSL certificate. If you get an "unknown authority" warning when visiting these, you should install the TRIUMF CA root certificate. Websites using these certificates then say "verified by TRIUMF" in the security popup.

Network Security Manager