We're passionate about technology.
As part of our mission to make stunning technology simple, the WGW team occasionally writes about topics that interest us; hopefully they also interest you.
While our business is Web Management and Web Design, we like to discuss broader issues in our blog entries, from security, to interesting web technology, to new gadgets and gizmos.
Two days ago, we talked at some length about password hashing and the danger even a simple “Recover My Password” system can represent. Here’s another, often overlooked user login problem that makes servers unnecessarily vulnerable - telling a user which part of their credentials is wrong.
I’ll admit “Invalid username or password” might by among the most annoying errors I’ve ever gotten from a computer. It is ubiquitous, but I remember the first site I visited that instead said simply “Invalid username” - it was actually nice, but I didn’t realize then that it represents a significant security threat.
It’s happened to all of us. You go to log on to that new site, and used a distinct password like all the security gurus tell you. (You are using distinct passwords, right?) But you can’t remember the darned thing. OK, no problem, “Recover my password”. The site fires back “We’ll send your password to your email address”. So you go and check your email, and there it is, your unique passphrase in all its glory. All is right with the world, right?
One of the essential concepts when designing with mobile in mind is using breakpoints. A breakpoint is the point at which elements of a design change and adapt in order to conform to various screen sizes. In mobile friendly web sites, we use conditional CSS rules to format the display of information, tailoring it to the user’s individual screen.
If you have not already please see part 1, part 2, and part 3 of this white paper series to gain all the benefits and advice. Previously my focus has been on computer devices; however, I will change it up in this post by focusing on the mobile world that has become a standard part of our lives. Although convenient and useful smart phones are ultimately electronic tracking and monitoring devices that have become a necessity in our everyday lives. Unfortunately the best way to prevent tracking is to not use a cell phone or mobile device at all, an unlikely scenario, so some things we will just have to compromise and accept but that does not mean there are not things we can do to protect our privacy.
If you haven’t already please see the introduction and part 2 of this white paper series to catch up. Picking up where I left off and getting serious about personal privacy and information security we turn to protecting the things we value most such as our personal files, documents, and pictures. Our files are often considered to be worth more than the device that holds them, so it is of highest importance to put in measures to protect what is ours. As mentioned in the previous white papers strong passphrases are the first step in securing files and data.
Picking up from the introductory white paper, let’s start with some basics to protect our data and private information. Everyone using a computer or device connected to a Network, the Internet, runs software or applications should ensure they are kept up to date. Not only do theses updates fix bugs and problems, they also keep security risks to a minimum by patching any found security risks in the software and apps. Security holes in Windows, Java, Adobe, Web Browsers, and other programs and apps can be exploited by anyone wanting to steal your data. Use automatic updates when available and checking for updates often can ensure you have the most up to date secure and bug free version of any app, software, or operating system that you are using.
It is becoming common knowledge that personal private information is being collected and used by all sorts of businesses, organizations, criminals, and even government agencies. There have been many recent news stories and data leaks on government agencies collecting, stealing, seizing, searching and storing data on pretty much everyone and everything around the world. More importantly we often see stories on identity theft and online fraud and scams using personal data. Cyber crime such as identity and data theft is on the rise leaving the average person with a growing concern for security. My intentions are to encourage you to become aware of what private information you are giving away or making readily accessible and to inspire you to restore some personal privacy back into your lives. I think it is worthwhile for everyone to consider just how much information we voluntarily give away every day and how little we do to protect our privacy in our present online always connected world.
There is one great misconception that plagues our industry,and it is a symptom of most web teams process. Sites often aren’t developed with an eye towards message or content. Even sites with usability and message statements developed often take a “one and done” approach to their content.
Content on the web is completely different than anything that came before; simply because it is iterative. Authors move through a draft workflow and arrive at final copy. Next editors do their job. It may or may not go back to the author for iterative revisions. Finally, the publisher has their turn and the final product ends up in the hands of customers. I don’t think most people realize how unlike this process the internet is. With the web, content isn’t carved in stone. Messages should evolve as the situation changes.
If you are running a site dedicated to a niche - let’s say a specific motorcycle, and a new model comes out, the niche has changed. Your content must change to reflect the market. If a new aftermarket part comes out, once again, the niche has changed. If you get stuck in a “final copy” mindset, not only will the content lose relevance over time, it may never get published. Approach content authoring as a process rather than a result.
So how do we break that traditional draft, edit, publish workflow mindset?
The answer is process. Even experienced online content authors may struggle to stay innovative and generate fresh content. Here’s the approach we’ve adopted, in 5 simple steps: