Web Security and Extended Validation Certificates

Digital certificates make it easy for a company to let you know they are running a legit Web site -- meaning they're letting you know the Web site you're visiting isn't a cleverly crafted page designed to trick you into giving up personal information. There are ways, however, for people to get certificates for their Web site even when they shouldn't, so now we have Extended Validation certificates that require additional screening before they can be issued.

Identifying an EV certificate in Safari

Companies that issue digital certificates, or Certificate Authorities, can create an Extended Validation certificate only after a multi-step process that involves verifying the identity and operational status of the organization requesting the credentials.

Once issued, your Web browser will let you know when you visit a site that uses an EV certificate. Web browsers will typically highlight the site's name in green to, but there isn't much in the way of standardization for identifying EV certified sites beyond that.

Identifying an EV certificate in Firefox

In Apple's Safari Web browser, look to the right of the Web page's URL to see if a site is EV certified. In Firefox, you'll look to the left of the URL.

Since the iPhone is a little limited for screen space compared to desktop and laptop computers, the site's name will appear in green above the URL field.

The iPhone's EV certificate indicator

You can also identify Web sites that are using at least a standard authentication certificate by looking for a closed padlock icon somewhere in your Web browser window. Safari tucks the padlock icon in the upper right corner of your browser window, and Firefox tosses it into the lower right corner.

There isn't any way to completely guarantee that a Web site is always legit, but digital certificates and EV certificates make it easier to avoid potential phishing scams and the headaches that go along with identity theft.