It can be complicated to obtain and configure even a free certificate, but EFF, Mozilla, and several other organizations are working to eliminate the hassle with a new project called Let‘s Encrypt, which will offer certificates that are both free and easy to set up.

To celebrate the American Library Association‘s Choose Privacy Week, EFF offers five recommendations for libraries:
HTTPS for your whole website

Some libraries use HTTPS on a tiny part of their website: The login form to access records and request books. However, this is not sufficient. Security research has demonstrated that it‘s impossible to secure only a part of a website. Instead, libraries should ensure that every part of their site, from the front page to the catalog, uses HTTPS at all times. In other words, if someone types „www.example-library.org“ into their browser, when the page finishes loading, the browser should display „https://www.example-library.org/“ in the URL bar. Under the hood, the website should be permanently redirecting visitors from insecure HTTP to HTTPS.