This is a guide to the different security information that is displayed in the browser. This information helps you to decide if each website is the right site and is trustworthy, which is especially important when entering private or financial information.
The security information to look for in the browser is shown and described below.
The address for the webpage is displayed in the address field. This contains the registered name of a company, organization or person that identifies the specific computer on the Internet that is storing the webpage you requested. This is called a domain name, and ends with a suffix, such as .com, .org, .gov, or .edu, to indicate the type of organization.
To make it even easier for you to see exactly where you are, the most important part of the address is highlighted. The protocol, such as HTTP, and some parameter details are hidden. To see the full address, click the address field. You can disable this feature and display the full URL for all webpages. From the menu, select and select “Show full URL in address field”.
Domain names in other languages
Opera supports Internationalized domain names (IDN), which allows domain names in languages such as Russian and Chinese to be written in their own native scripts. Opera will always display domain names in such a way that no two domains will look alike.
The security badge indicates the security of the website. Always look for a badge containing a padlock symbol , which indicates a webpage with a good level of protection.
For a full guide of the security badges, see the Fraud and Malware Protection topic.
Some websites automatically open a separate window with the address bar hidden. In this case, Opera displays the security bar as a collapsed address bar that shows the domain to which that the window belongs. Check that the domain matches the domain that you were expecting and click the collapsed bar to show the full address bar and security bar.
Also, avoid using shortcuts that hide the address bar, such as F11 for fullscreen mode in Opera, if you want to view the security information of a website.
To see security information, click the security badge. Summary information displays, as shown in the example below.
The summary describes the type of connection and may provide notes about the security record or organization running the site. For more information, click the Details button. This displays the Security Information dialog, which provides information in three tabs, as shown and described below.
The Security Information tab tells you about the following:
When you select the Fraud and Malware Protection tab, it runs a check and tells you if the website has been reported as harmful or fraudulent. It also allows you to:
For more information, see the Fraud and Malware Protection topic.
The Certificate tab provides specific and detailed information about the security certificate, such as the server name of the secure site, the organization name and country, the expiry date and who issued and signed the security certificate (Certificate Authority).
The increasing number of fraudulent websites has highlighted the importance of certification. Opera is a member of CA/Browser Forum, a voluntary organization of leading certification authorities (CAs) and browser vendors, and is part of the decision-making process in creating certificate standards.
If the organization name looks wrong, investigate further or consider carefully before entering personal information.
Most of the time, certificates are fully valid. If there is something questionable about a certificate, a warning dialog will be displayed. You may choose to proceed, but full security cannot be guaranteed. Warnings include the following:
Some certificates are self-signed, which means that they are signed by the website owners themselves, and not an independent authority. Be aware that the browser cannot certify that the certificate comes from the person or organization stated. If you know that the signer can be trusted, and you want all sites using this signer to be considered as safe, install the certificate to add the signer to your list of authorities.
Opera, like all secure browsers, comes with a list of authorities that can issue certificates. This is upgraded with each new release of the Opera browser. To display a list of the authorities currently being used and your installed certificates, click "Manage certificates". For more details, see the "Manage certificates" section in Opera Help — Security.
These are common ways of accessing information over the Web and are defined in more detail below. HTTP is used for normal communication, while HTTPS is used for extra security for private information.
While HTTPS is generally considered to be the more secure protocol, HTTPS does not automatically mean that you have a totally secure connection. A HTTPS site may still have some issues that make it vulnerable. Opera’s security badge in the address field is a more reliable indicator of security.
Encryption protects your data while it is being sent from your browser to the website. It is a way of scrambling information sent so that only a legitimate recipient of that information can make it readable again. The most common form of encryption today is public key encryption.
Imagine a strongbox that has two keyholes and two separate keys. When you enter a secure page where Opera's icon displays "Secure", Opera and the website use public keys to agree on secret keys for that session. When you send your information to this secure site, you are effectively locking the box using your key; no one else can read the data being sent. The box (your data) can only be unlocked by the other key held by the website.
These security protocols are usually described as a string of text that looks something like this: "TLS v1.0 128 bit C4 (1024 bit RSA/SHA)". The first three letters indicate the security protocol used, such as the following:
Opera supports TLS and SSL version 3.
The level of encryption depends on the size of the key — the bigger (and more complex) the key, the higher the security. Opera automatically attempts to use the biggest keys possible.
If the encryption method used by a site is outdated, you will see a notification along the lines of: "The site is using an outdated encryption method" and the site is blocked. A site matching one or more of the following criteria will trigger this type of notification and block:
If possible, use a corresponding service with a more updated server.
Page 2 of 10