We need HTTPS for 3 reasons.
Privacy, integrity, and identification.
Let's talk about privacy first.
Bad crab. Bad.
When you browse to a website without HTTPS, I could be eavesdropping on your password.
Reason number 2: integrity.
Example coming up!
I am sending another message to Browserbird unencrypted.
But before it reaches Browserbird, I intercept the message.
I update the message to say bad things about Browserbird and forward it to him.
Why would Compugter say such things about me?
And crab-in-the-middle attacks are the worst.
Bad Crab. Bad.
I make sure that your communication is not being tampered with.
Reason number 3: identification.
Identification means that I can check that this message is coming from Compugter.
HTTPS, via SSL certificates, ensures you are connected exactly with the receiver you would expect.
This SSL certificate is valid and has been issued by a legitimate Certificate Authority. You are good to go.
We'll be talking more about SSL certificates and Certificate Authorities soon, so stay tuned.