Page 5 of 8 
Security and Privacy in Opera
Shopping and Transaction Security
Opera is designed with the most advanced and widespread security measures available, making on-line purchasing simple.
Some sites may greet you with a page saying something along the lines of "You do not have a secure browser; please download Netscape Communicator or Internet Explorer." The site designer may, mistakenly, believe that only those browsers support advanced security, although Opera has levels of security that are as good as or superior to these browsers.
Changing how Opera identifies itself will often allow you to circumvent this problem: press F12 to display the Quick Preferences dialog box, then use , and select to "Identify as" Mozilla or Internet Explorer. When you have selected one of these alternatives, go back to the page you were attempting to enter.
Before you enter any information about yourself, especially credit card details, look for the security bar that should appear on the address bar. On the security bar, there should be an icon that looks like a locked padlock. If you hover your mouse over the icon, you will see what kind of encryption the site uses. The organizational name of the security certificate holder should appear beside the padlock icon. See our advisory for more information. Additionally, clicking on the security bar should show the security certificate information.
Some Web sites will open a separate window with the address bar hidden. In this case, Opera will display the security bar as a collapsed address bar that shows the domain that the window belongs to. Before you enter any sensitive information, check that the domain matches the domain that you were expecting. You can also click the collapsed address bar to show the full address bar, and security bar.
Opera supports internationalized domain names (IDN), which allows domain names in languages such as Russian and Chinese to be written in their own native scripts. Opera will only allow certain combinations of scripts to be displayed in localized characters, unless the top level domain is trusted. Trusted top level domains are selected if they have established strict policies on the domain names they allow to be registered.
What is encryption?
Encryption is a way of scrambling information so that only a legitimate recipient of that information can make it readable again. The most common form of encryption today is public key/private key encryption. Imagine a strongbox that has two keyholes and two separate keys. If you lock the box using one key, you can only unlock it with the other.
Security protocols
Hovering the padlock icon when visiting a secure server, you will see a string of text that looks something like this: TLS v1.0 128 bit C4 (1024 bit RSA/SHA)
The first three letters will show what security protocol is used on the site. There are four common security protocols; in order from good to best, these are SSL version 2, SSL version 3, TLS 1.0, and TLS 1.1.
- SSL
- SSL stands for "secure sockets layer". SSL version 3 is better than version 2, which is being phased out and is only used by a small number of Web sites these days.
- TLS
- TLS is short for "transport layer security", a security protocol based on SSL. This is considered the most secure protocol in common use today.
Levels of encryption
When you send or receive information from a site where Opera's icon displays "Secure", Opera and the Web site use a secret one-time key before sending the information. When you entered the secure page, Opera and the Web site used public keys to agree on that secret key. That is called a handshake. The key encrypts all the information sent and is used for this session only.
The level of encryption depends on the available key space, which means the number of possibilities when generating keys. The more possible keys, the higher the security. For session keys, the most powerful form of encryption available in browsers today is 256-bit encryption. Although Opera supports as much as 3072-bit encryption when generating key pairs (a public key and a private key), some secure sites may not support this level of encryption. Opera's default setting of 1024-bit encryption should work with most secure sites.
The number on the padlock icon signals the level of encryption. Three dots means that the Web site has a high level of security. When rating the security level of a secure document, Opera takes into consideration the following:
- Everything loaded with the page, including images, frames, and redirects
- Insecure images will automatically result in a level one rating
- Other insecure content (such as scripting) will result in level zero
- The size of the symmetric key
- The server's public key size
Only documents using the most secure methods, 3-DES or 128-bit C4 and public keys larger than approximately 900 bits, get a level three rating.
Adding certificates
Reputable on-line merchants have their public keys signed by authorities, which are trusted security firms. These firms issue digital certificates that contain the public key, signed in a way that can be automatically proven. To display your current list of authorities, click "Manage certificates". Opera, like all secure browsers, comes with a set of certificates. Most of the time, certificates are fully valid, and if there is something questionable about a certificate, a warning dialog will be displayed. You may choose to proceed, but full security cannot be guaranteed at this point. Warnings may say:
- Server certificate expired. Certificates have expiry dates, and they must be renewed on a regular basis by the people maintaining the site. Accepting an expired certificate does not necessarily reduce security, but consider the site you are visiting and how long it has been since the certificate expired, before accepting.
- Wrong certificate name. A certificate is issued by an authority for a single site to use, and sites cannot borrow certificates from each other, as this invalidates the whole concept of certificates. Accepting a certificate belonging to another site is not recommended.
- Certificate signer not found. If the signer of a certificate is not found in your list of authorities, only accept the certificate if you are absolutely confident that whoever is running the site in question, can be trusted.
Some certificates are self-signed, which means that they are signed by the Web site owners themselves, and not an authority outside the organization. If you know that the signer can be trusted, and you want all sites using this signer to be considered as safe, install the certificate to add the signer to your list of authorities. Trusting self-signed certificates from for example your employer can be considered as safe.
It is unlikely that you will need to upgrade Opera's existing certificates, as most of them will not expire for a decade or more. The necessary updates are taken care of with each new release of the Opera browser.
E-mail security
If you leave the authentication type for your login as "Auto", Opera will try the most secure authentication available and then work its way down the list should the first type fail. The authentication types available to you will depend on the mail server. Note that this will not encrypt your actual mail data, only your login. See the Opera Mail tutorial for information on using TLS or SSL to encrypt e-mail.
More Information
For more information about encryption, please read our knowledge base article on encryption levels. We also recommend our security in Opera page.
Support search
Search our knowledge base:
Related pages
Web analytics powered by HitsLink. 
Copyright Opera Software ASA. All rights reserved.
Site Index | Contact | Privacymy.opera.com | operamini.com | widgets.opera.com | dev.opera.com | jobs.opera.com | operapowered.com
jp.opera.com | ru.opera.com | pl.opera.com | de.opera.com | cn.opera.com | tw.opera.com | in.opera.com