Posts Tagged ‘security’

Single-Field Password Set/Reset: Threat or Menace?

April 28, 2014

This post is dedicated to everyone who ever had trouble logging into a website (myself included, way too many times) or whoever had their account hacked because their password was too simple (way too many friends and acquaintances, way too many times).

This is for us.

Dear website designers and programmers:

Every modern website adds new features. Google added Maps, Books, Street View. Yahoo! added its latest e-mail layout. Twitter added hashtags and now is thinking about revoking them, but has added line breaks. And, most importantly, I have the choice whether to use them or not.

Then there’s the We-Have-a-Great-New-Feature-and-You-Must-Use-It Syndrome. Think Facebook Timeline. Well, that doesn’t cost me any time and I got used to it. And it doesn’t slow me down.

(By the way, Yahoo! initially took away Yahoo! classic e-mail, but after not too long a delay, restored it, if I recall correctly. Thank you for listening to your customers, Yahoo!)

Now there’s a new We-Have-a-Great-New-Feature-and-You-Must-Use-It Syndrome feature.

Your wonderful new feature is giving me a negative view of your website. Negative enough to write a 3300-word blog post complaining – occasionally ranting – about it. What would your advertisers think of that?

Day by day your numbers are growing, User Interface (UI) designers following the siren, zombie call of this new feature.

I mean you, force-me-to-use-a-single-field-when-setting-or-resetting-my-password-UI website. Yes, you. You’ve turned simple inconvenience into dread.

Warning: This is a scattered, discursive essay. Much like my experience of dealing with passwords on your website.

My first draft was about 500 words. But, as I thought about the complexities of what you are asking me to do with regard to the care and feeding of my password, the article grew and it grew, much like the burden you’ve placed on me.

Please stick with it. I’ve done my best to make sure it will be worth it. And I’ve actually proofread it.

And, hey, if your response is TLDR (too long, didn’t read), feel free to skip to Here’s the ideal situation and hope your customers – isn’t it time we retired “users”? – aren’t saying Too Hard, Didn’t Log In.

Continue reading Single-Field Password Set/Reset: Threat or Menace?

Advertisements

Has your website been hacked?

September 23, 2012

One thing we webmasters have to worry about is the bad guys looking to install malware on our website. Fortunately, there are sometimes simple things we can do to find out whether we’ve been hacked.

We (the royal we) sometimes say “Google is your friend.” This is true here as well. Suppose your website domain is chasbelov.wordpress.com. Enter the following search:

prescription site:chasbelov.wordpress.com

If you’re lucky, Google will come back with no or one or two hits (unless you’re a pharmacy). But if you’ve been hacked by spammers, you might well come back with 2,000 or more such hits, as a major theatre I Googled yesterday did. No, I wasn’t (initially) looking to see if they were hacked; a drug-related result from their website came up as a result for a search I was doing for some special interest theatre. But once I got that result, I came up with the above search to test how bad their infestation was.

You can set up a notification at http://www.google.com/alerts

This is definitely not the only way hackers can mess with your site, and they can hide it from Google by telling Google not to index the page. But it’s an easy enough check so you might as well do it.

Hope this helps. (And yes, I’ve notified that theatre.)