security

by

Website encryption changed a lot in 2018, so I’ve updated this post with the current state of website encryption and SSL certificates.

First, a quick explanation. We’re talking about the lock icon that’s displayed next to the URL in your address bar (see note at the end of this article about how this is changing).

The padlock (and the use of “https” instead of simply “http”) announces the presence of a Secure Sockets Layer (SSL), which encrypts the connection between your browser (Firefox, Safari, Chrome, Internet Explorer) and the website you’re visiting.

“SSL allows sensitive information such as credit card numbers, social security numbers, and login credentials to be transmitted securely. Normally, data sent between browsers and web servers is sent in plain text—leaving you vulnerable to eavesdropping. If an attacker is able to intercept all data being sent between a browser and a web server they can see and use that information.” via DigiCert.

To set this up, you would purchase an SSL certificate for your website URL and install it on your server. SSL certificates contain a pair of keys (public and private) used to establish a secure connection between the viewer and the website. If you’d like a rough analogy for how this works, click here.

Do You Need SSL? Yes.

Several years ago, when I originally wrote this post, I recommended purchasing SSL for the following reasons:

  • if you collect personal information through forms
  • if you collect credit card information/sell products
  • if customers log in to your website
  • if you have restricted content
  • if you wanted a potential SEO boost

Part of the reason for this criteria was because the average certificate cost an additional +$99 per year for hosting costs. It was a good practice to have it, but for a small business with nothing more than service options and contact forms it didn’t seem necessary.

However, in February 2018, Google announced that it would begin marking all HTTP sites as “not secure” in Chrome beginning in July 2018. Since Chrome is currently the most popular Internet browser, this is a big deal. It’s not like your site suddenly became less secure, it just looks that way, particularly to someone who might not understand the nuance of browser security warnings.

We include SSL certificates free of charge with every website we build.

No longer a nice option; SSL is now a must have for every small business on the web. This is also a great example of the power an industry behemoth has – if Google even announces they’re thinking about a change, everyone stops and listens. In this case, it’s a good thing, because it’s making the web more secure.

Important Note About the SSL Icon:

Google is changing the style of the padlock icon. “Users should expect that the web is safe by default, and they’ll be warned when there’s an issue. Since we’ll soon start marking all HTTP pages as “not secure”, we’ll step towards removing Chrome’s positive security indicators so that the default unmarked state is secure.”

This means that instead of looking for a padlock, you won’t even have to think about a secure connection unless you get the red “not secure” notice (in Chrome). This is beginning October 2018.

I hope this article was informative, practical, and gives you a decent idea of how SSL certificates work and why they’re now a must for every business. Keep in mind that while this is a best practice, it doesn’t mean that every website will abide by it. Always check for SSL when submitting credit card or personal information online. Thanks for reading and feel free to ask questions in the comments below.

If we built/maintain your website, you already have SSL. If you’d like us to send you an estimate to build a new WordPress site (or redesign an existing website), schedule a discovery call.

by

At this point in our tech-centric lives, it’s a pretty safe bet that anyone reading this post has had to come up with at least a handful of personal passwords at some point. WiFi, bank accounts, social media, Paypal, Amazon, Netflix… the list goes on and on. And if you’re like me, at least a few of those passwords have been embarrassingly bad and easy to figure out (for anyone looking to raise Cain on my childhood AOL Instant Messenger account, for example, I think my password may have been some variation of KISSrocks). For those in any doubt at all, let me assure you that the threat of hacking is very real and can be very costly.

So, is it really all that hard to develop, use, and remember strong passwords? Let’s take a moment to look at a few good options that may surprise you.

you’re doing it wrong: passphrases instead of passwords.

Love him or hate him, Edward Snowden makes a great point. Passwords/phrases don’t have to be random bits of meaningless jargon. Instead, a long, humorous and random phrase could provide you with the double whammy of a memorable phrase that is next to impossible to crack (dibs on margaretthatcheris110%SEXY, by the way). The idea here is that non sequitur (meaningless) phrases are much harder for hackers to figure out than meaningful names or dates. It’s also important to remember that hacking is usually done by computer software running through billions of options a second, not an individual trying to guess your favorite pet’s name (although that can happen).

“The best advice here is to shift your thinking from passwords, to passphrases.

– Edward Snowden

To see this in action, make up a few test passwords (NOT a password you actually use) and run through them through How Secure Is My Password?

is encryption the right prescription?
how to encrypt your passwords:

Don’t be intimidated by how technical it sounds – encryption simply means to take something that makes sense and make it unreadable. There are tons of different ways to encrypt your passwords, from the very advanced to the very simple, but today we’re just going to talk about a couple of the easiest ways to add that extra layer of security.

  • 1Password. If you’re looking for a secure, user-friendly, minimal-effort way to develop and keep strong passwords, you’d be hard-pressed to find a better option than 1Password. Long story short, 1Password is a browser add-on that remembers all of your passwords for you, and it can even develop completely random passwords that are nearly impossible to crack. 1Password is what we use here at cyclone and it’s pretty incredible, not gonna lie. We’ve tried similar services, but nothing is close to as good. Check it out here.
  • The laziest way to encrypt. Ever. Maybe you’d rather not bring another party into your password bookkeeping – no matter how secure. Or maybe you’re just feeling lazy today, who knows? The point is, you can “encrypt” passwords yourself really easily. Let’s say my passphrase is donatellotheninjaturtle4primeministerofmyHEART247. I can encrypt it by making up my own code in which to write out that phrase. Maybe I’ll move my hands up one row of keys before I type it in, disguising it as e9hq53oo05y3h8huq5745o3%-48j3j8h8w5349rj6Y4Q45@$&. Bingo! Easy as that. Feel free to make up your own encryption code.

Whichever way you choose to develop and store your passwords, keep in mind: the longer, the better, and don’t re-use the same password for multiple sites. Make it something easy for you to remember, difficult for anybody else to figure out.

Continue Shopping →
Item added to cart.
0 items - $0.00
Checkout