In today’s blog post we’re going to shed some light on two often mixed up technical terms. Although authentication and authorization sound somewhat similar with both being integral to online security processes, that’s where the similarities end. As it turns out, they serve quite different functions.

Let’s dive in.

Generally, with every major browser update there comes a tightening of security measures, and rightly so. Google Chrome 86 is no exception. The newest version of the Chrome browser is set for release on October 6th, 2020, and will have a promising new feature — protecting users from dodgy text boxes. 

Although Certificate Authorities (CAs) are central to the operation of the SSL industry and, in turn, the overall security of the Internet, casual Internet users probably don’t know a whole lot about them. They visit websites with HTTPS-enabled websites not realising the role CAs play in establishing that secure connection. Similarly, some website owners may buy an SSL certificate without really knowing where it came from. 

The Coronavirus pandemic has been an unprecedented time in many ways. Beyond entire populations and societies having to adjust to deal with its impact, there has also been an unfortunate uptick in cyber crime related to the virus. 

A point of confusion for many people is the difference between TLS and SSL certificates. It’s an understandable confusion, especially when you consider the fact that in 2020, SSL certificates actually work by using the TLS protocol. What exactly does all that mean?

In February 2020, Apple announced that they would be limiting the allowed lifetime of SSL certificates in their Safari browser from September 1st 2020. The new allowed validity period will be 398 days, which basically amounts to a one-year certificate. 

A common myth is that an SSL certificate will completely secure your website. This is not the case. While an SSL certificate will certainly help make your website a more secure place to visit, there is far more you need to do to protect your site beyond enabling HTTPS.