In short, a green padlock tells you that communications with the web site that you're on are encrypted. This means that when you type in your personal information, it will be translated into a completely unreadable format until it is changed back (decrypted) once the data reaches its destination.The padlock also signifies that the legal entity that controls the website can be identified. This includes information such as the name, place of business, and jurisdiction of the site's owners.
Now let's get a bit more technical.
A green padlock in your browser is used to signify that a web page has a certificate called an Extended Validation (EV) Certificate. In order to get an EV Certificate for your website, the site must use Transport Layer Security (TLS), which is the successor to the more-commonly known Secure Socket Layer (SSL).
When you type in a URL into the URL bar in your browser window, what you're actually doing is requesting a HyperText Markup Language (.html) file from a server with a specified Internet Protocol (IP) address. For example, if I type in the domain name "http://www.google.com/" into my URL bar in Google Chrome, the Domain Name System (DNS) will find the IP address associated with the "www.google.com" domain name (in this case it's 74.125.226.162) and send back the .html file that everyone is familiar with for Google's homepage.
The process of sending the .html file from Google to my computer is known as Hypertext Transfer Protocol (HTTP). A website using TLS/SSL however, will change the "http" in "http://www.google.com/" to "https". HTTPS stands for HTTP Secure, and is not a protocol in and of itself, but the result of adding the security capabilities of SSL/TLS to standard HTTP communications.
Should I trust any website without a padlock?
Yes and no. It really depends what you mean by trusting the website.
While using TLS/SSL means that communications are secured for data in transit, it doesn't necessarily mean that it will be secured once it is in the website owner's hands. The information that you're sending to a website could be going to the most secure server in the world or just as easily be moving to a publicly accessible database.
This is where we need to use a bit of common sense as end users. If we understand who we're sending our data to, we can make a decision as to whether we trust that person or organization to use our information only for the reasons that we anticipate them to do so.
My website doesn't have one. Do I need it?
If your website doesn't have a green padlock, you don't necessarily need one. For example, as of the date of writing this article, my website doesn't even have a padlock. The reason I don't make the effort to get one is simply because it wouldn't change anything. There isn't any data that is being sent from users to me, so I there's no data to encrypt.
Therefore, if your website doesn't take data, don't worry about getting an EV Certificate. If it does take information such as email addresses, customer logins, or any other information that your users wouldn't want to be turned into public knowledge, definitely look into securing your site! This also goes the other way around. If you're sending information to some users, but not all of them, you may want to consider ensuring that the information is being encrypted while in transit.
