Test Question No. 2: I use a family member's (or my own) birthday for my password
It's easy to remember, but so common it's among the first things hackers will try. If someone has sent you an electroninc birthday card to the email address you use for your logins, they've unwittingly sent valuable clues to your login out into the universe.
Remember: the more valuable the information you are logging into, the more valuable your password becomes to a would-be cyber-thief.
Use common sense, and remember:
Don't send a username and password in the body of an email message! Email is not private; remember how I compared it to a postcard, readable by anybody with the knowledge? Please keep this in mind. It's one of the most common ways for passwords to be compromised.
Create strong passwords--more and more websites let you know if your password is weak. Keep a document or notebook in a safe place, and write down your creative unique logins; use a Macintosh computer and Firefox browser, which will allow you to save all your logins behind a single master password, which you set. Then you have just one whammy of a password to remember, and Firefox does the rest. No one can access those passwords without your master password.
There are several pieces of software that will save all your passwords in one place.
Sunday, March 1, 2009
Saturday, February 28, 2009
Secure your business on the web
This is the title of a seminar I give to small businesses to demystify the web and clarify what web security really is.
Security covers a broad range of topics, which can all be gathered under the heading: protection against loss.
Loss of what? Anything of value to your business, and that means loss of revenue and/or profit.
Let's look at passwords.
My business, Autograff, develops websites and web applications for individuals and businesses. We administer some of our own servers, and have a good idea what the level of skill of hackers and malicious programmers is: world-class top-shelf, creative, intuitive, and motivated by the possibility of relatively large amounts of income.
One of our webservers recently survived a ten-hour password-guessing attack originating in China. Ten hours of really smart programmers trying to guess our passwords!
That's probably not your usual experience, but the more successful your business is on the web, the more it gets noticed, and the more likely it will come under fire.
No need to run screaming to the door-- just learn how to create and maintain good passwords. It's not rocket science, it's not even bookkeeping. It's just a little thought based on a little knowledge and some record keeping policies.
Many people, maybe most, use short, convenient passwords so they can remember them.
Take this little test. See how many of these apply to you:
1. I use the same password for everything
This is convenient. Why wouldn't you? The reason is that many, many websites that require a login will email you your username and password after you sign up, or if you forget your password. What's wrong with that? Emails aren't private! They're like postcards-anyone who knows how can read them. There are programs hanging around in cyberspace called "sniffers" that read passing emails and scan them for the words "username" and "password." Autograff makes it a policy never to send passwords in an email, and we recommend this strongly to all our clients. If you use the same password for your email address and for your Google account, and for your church's online membership site, you have left a trail of crumbs for a hacker to follow to get your email password. Email is the heart of identity on the web. Every email address is unique. If you forget your password to a site, it's your email address they use as your guarantee of identity.
If your email password is weak, it's less secure. If someone gets your email password, they can log in to all your sites--your domain registration with GoDaddy, your blog, even your stock management site. They just use the "forgot password" feature, and the site emails you (and them) your password, or a password reset link.
Play hard to get.
Use different passwords for different purposes. Here's how to decide: The more valuable the content of the site is, the more valuable your password is. The challenge is to make it easy for you to remember and hard for others to guess.
Here's one way to create a secure password.
Write it down and put it in a safe place: not taped to your computer!
Oh, and remember, don't actually use B6h6m6Sushi! Make your own!
Next time: policies in the workplace.
Security covers a broad range of topics, which can all be gathered under the heading: protection against loss.
Loss of what? Anything of value to your business, and that means loss of revenue and/or profit.
Let's look at passwords.
My business, Autograff, develops websites and web applications for individuals and businesses. We administer some of our own servers, and have a good idea what the level of skill of hackers and malicious programmers is: world-class top-shelf, creative, intuitive, and motivated by the possibility of relatively large amounts of income.
One of our webservers recently survived a ten-hour password-guessing attack originating in China. Ten hours of really smart programmers trying to guess our passwords!
That's probably not your usual experience, but the more successful your business is on the web, the more it gets noticed, and the more likely it will come under fire.
No need to run screaming to the door-- just learn how to create and maintain good passwords. It's not rocket science, it's not even bookkeeping. It's just a little thought based on a little knowledge and some record keeping policies.
Many people, maybe most, use short, convenient passwords so they can remember them.
Take this little test. See how many of these apply to you:
- I use the same password for everything
- I use a family member's birthday as my password
- I use my pet's name
- I use my boat's name
- I use the password they emailed to me.
1. I use the same password for everything
This is convenient. Why wouldn't you? The reason is that many, many websites that require a login will email you your username and password after you sign up, or if you forget your password. What's wrong with that? Emails aren't private! They're like postcards-anyone who knows how can read them. There are programs hanging around in cyberspace called "sniffers" that read passing emails and scan them for the words "username" and "password." Autograff makes it a policy never to send passwords in an email, and we recommend this strongly to all our clients. If you use the same password for your email address and for your Google account, and for your church's online membership site, you have left a trail of crumbs for a hacker to follow to get your email password. Email is the heart of identity on the web. Every email address is unique. If you forget your password to a site, it's your email address they use as your guarantee of identity.
If your email password is weak, it's less secure. If someone gets your email password, they can log in to all your sites--your domain registration with GoDaddy, your blog, even your stock management site. They just use the "forgot password" feature, and the site emails you (and them) your password, or a password reset link.
Play hard to get.
Use different passwords for different purposes. Here's how to decide: The more valuable the content of the site is, the more valuable your password is. The challenge is to make it easy for you to remember and hard for others to guess.
Here's one way to create a secure password.
- Free-associate on your hobbies or a vacation or your favorite music, and pick two words that flow through your mind.
- Let's say you've chosen Bahamas and Sushi
- Start by putting them together: BahamaSushi
- That alone is easy to remember, once you've said it a couple of times.
- Choose a couple of numbers. Is your favorite number 8?
- Throw it in there: Bahama8Sushi8
- You notice those three a's? What number do they remind you of? I see a backwards 6. (OK, I'm a designer--I see things). Let's try those:
- B6h6m68Sushi8
- You've got a good one. Those 6's work well--you could scrap the 8's and add something else. Some sites require you to add punctuation to make it harder to guess.
- B6h6m6Sushi!
Write it down and put it in a safe place: not taped to your computer!
Oh, and remember, don't actually use B6h6m6Sushi! Make your own!
Next time: policies in the workplace.
Monday, December 25, 2006
Entering the Fray
Musings on Christmas morning, waiting for our daughter to come down and open her stocking.
Autograff's experience developing websites for microbusinesses in Maine has given us a perspective on the character of microbusiness-people and how they see their businesses. Their approaches to strategy varying wildly, but have some common threads.
Maine, our home state, is in some ways (this is going to get me in big trouble) the India of the United States. Technically savvy Mainers abound, the state government and university system support small businesses in a big way, and agencies providing free business advice and access to low cost loans exist in every area of the state. Yet the economy as a whole is sluggish, wages are low, and the business climate is sketchy, especially in rural areas (90% of the state). Urban companies can have technology work done in Maine for less than it costs in their local areas. See? Maine is the India of the US.
The Plus Side
Maine has the highest ratio of entrepreneurs to population of any state in the Union (I will provide my source for this as soon as I remember where I saw this statistic). Jobs in Maine are mostly not highly-paid professional jobs (though lobstering is still a very good living for many), and every lobsterman and woodsworker also plows snow in the winter, their family members make wreaths in the late fall, rake blueberries in August, or harvest potatoes if they live up north. What others call "odd jobs" are an industry in Maine. This gives Mainers a sense of independence, an entrepreneurial spirit of great energy, and a distrust of "nine-to-five" jobs, even though they are coveted and cherished.
The Con Side
Mainers are quintessential Yankees, thrifty and conservative. This makes every sale a challenge. You work harder for a sale in Maine than any other place I know. No one's getting rich selling to Mainers, except oil companies, because you have to drive everywhere in Maine.
Our experience developing websites is that 75% of our customers are local. Folks from New Jersey are used to spending $1000. In Maine that's a small fortune. Mainers are looking for bargains to eke out a life for themselves and their families. Competition is fierce in the web business, which is our business, as you might have guessed. Especially with the proliferation of Web 2.0, with tools like this blogger, building custom websites requires active selling. In a climate like this, the natural state of things is that we tend to overproduce and undercharge.
Solutions
As we struggle to make it in Maine as a microbusiness ourselves, we have wanted tools to help us gauge the waters and analyze our business. Many of these simply don't exist, so we're creating them.
We have created a very basic form builder called Form:Gen for building web forms of various kinds. It's free, and we use it ourselves to build forms. Even if you can't do everything you want in the form builder, it's a good start on the code, and it creates a mailer script that is more compact, secure, and functional than the generic form mailing scripts. A major feature is that the recipient's email address is nowhere to be seen on the web, so spammers can't hack the form to get your email address.
One tool that does exist, but which we created for ourselves, is a content management system. There are hundreds or thousands out there, of varying complexity. Ours is designed for microbusiness. It's called SiteNow CMS. More information on it is on our website, autograff.com. Business owners don't want to design their sites with a content management system. They're not web developers. They like point and click, but they want features too. Our CMS uses a simple template, vastly customizable and very flexible, with a few function calls in the html code. We design and look and feel of navigation, the graphics and the styles, and our clients update their sites through a web form, adding pages and page elements, uploading pictures, documents and sound files, and creating email and web links. No code needed, and both the web page and the web editor are XHTML-based, and accessible to non-visual users. Launch of SiteNow(tm) CMS is planned for January 2006.
We have more tools in the pipeline. We're excited to share them as soon as they're available.
Autograff's experience developing websites for microbusinesses in Maine has given us a perspective on the character of microbusiness-people and how they see their businesses. Their approaches to strategy varying wildly, but have some common threads.
Maine, our home state, is in some ways (this is going to get me in big trouble) the India of the United States. Technically savvy Mainers abound, the state government and university system support small businesses in a big way, and agencies providing free business advice and access to low cost loans exist in every area of the state. Yet the economy as a whole is sluggish, wages are low, and the business climate is sketchy, especially in rural areas (90% of the state). Urban companies can have technology work done in Maine for less than it costs in their local areas. See? Maine is the India of the US.
The Plus Side
Maine has the highest ratio of entrepreneurs to population of any state in the Union (I will provide my source for this as soon as I remember where I saw this statistic). Jobs in Maine are mostly not highly-paid professional jobs (though lobstering is still a very good living for many), and every lobsterman and woodsworker also plows snow in the winter, their family members make wreaths in the late fall, rake blueberries in August, or harvest potatoes if they live up north. What others call "odd jobs" are an industry in Maine. This gives Mainers a sense of independence, an entrepreneurial spirit of great energy, and a distrust of "nine-to-five" jobs, even though they are coveted and cherished.
The Con Side
Mainers are quintessential Yankees, thrifty and conservative. This makes every sale a challenge. You work harder for a sale in Maine than any other place I know. No one's getting rich selling to Mainers, except oil companies, because you have to drive everywhere in Maine.
Our experience developing websites is that 75% of our customers are local. Folks from New Jersey are used to spending $1000. In Maine that's a small fortune. Mainers are looking for bargains to eke out a life for themselves and their families. Competition is fierce in the web business, which is our business, as you might have guessed. Especially with the proliferation of Web 2.0, with tools like this blogger, building custom websites requires active selling. In a climate like this, the natural state of things is that we tend to overproduce and undercharge.
Solutions
As we struggle to make it in Maine as a microbusiness ourselves, we have wanted tools to help us gauge the waters and analyze our business. Many of these simply don't exist, so we're creating them.
We have created a very basic form builder called Form:Gen for building web forms of various kinds. It's free, and we use it ourselves to build forms. Even if you can't do everything you want in the form builder, it's a good start on the code, and it creates a mailer script that is more compact, secure, and functional than the generic form mailing scripts. A major feature is that the recipient's email address is nowhere to be seen on the web, so spammers can't hack the form to get your email address.
One tool that does exist, but which we created for ourselves, is a content management system. There are hundreds or thousands out there, of varying complexity. Ours is designed for microbusiness. It's called SiteNow CMS. More information on it is on our website, autograff.com. Business owners don't want to design their sites with a content management system. They're not web developers. They like point and click, but they want features too. Our CMS uses a simple template, vastly customizable and very flexible, with a few function calls in the html code. We design and look and feel of navigation, the graphics and the styles, and our clients update their sites through a web form, adding pages and page elements, uploading pictures, documents and sound files, and creating email and web links. No code needed, and both the web page and the web editor are XHTML-based, and accessible to non-visual users. Launch of SiteNow(tm) CMS is planned for January 2006.
We have more tools in the pipeline. We're excited to share them as soon as they're available.
Subscribe to:
Posts (Atom)
