Creating A Strong Password & Avoiding Weak Ones

Just like a metal vault is the only thing protecting a banks on site financial reserves, the only thing between you and cyber criminals on the internet is a strong password. You want a drawbridge, moat and a preferably few dozen hungry crocodiles to keep your site safe. But all too often people choose weak passwords because they are easy for them to remember. The problem with this is, they are also easy for someone with malicious intent to guess or crack with password programs.

What is a weak password? In the Mel Brooks Film “Spaceballs”, President Skroob had the combination of his luggage as 1,2,3,4 and they joked that only an idiot would use such. This qualifies as a bad example as even a chimpanzee could crack this combination.

Have a strong password and change passwords regularly
A strong password is long, not predictable, and has numbers and symbols included in it.

How do I create a strong password?
Have it be at least 8 characters in length or longer
Use a combination of upper and lower case letter
Use numbers and punctuation marks
Use one or more of special characters:
! @ # $ % * ( ) – + = , < > : : “ ‘ .
Try to think of something you can remember but would be impossible for a hacker to guess.

Hackers can find information about you especially in the era of social media where people voluntarily openly share information about themselves like on Facebook.

Avoiding Weak Passwords
DO NOT use any personal information in your password: Name, address, phone number, birth date, social security number, names of friends, relatives or pets. Including any of these constitutes a weak password. Just like the 3 little pigs, the hacker wolves will blow your house down if it isn’t made of brick.

You do not want your personal and financial information getting into the wrong hands!!

Using Password Management Software
This is software that helps generate strong passwords. By using this, you would simply need to remember the password for this software. A word of caution however: Avoid accessing password management software on public networks as your data can still be captured at any time. Having your passwords written down in a secure location is another way of maintaining “real world” distance between you and cyber criminals. They’d have to break into your home or apartment and find the password written down then later hack you online. You can see how this is highly unlikely since this is too much work and too risky. Hackers would get caught more easily if they did so which is why they prefer trying to crack passwords from the distance the internet provides.

Remember, when it comes to passwords for your email and website, lock the gate and throw away the key. Then don’t forget to repeat these steps by changing the lock periodically, in case a hacker finds one of your former keys.

The 2by2host Team

The infographics presented is related to the Google Favors HTTPS article on our blog

The Google Tiger Changes It’s Stripes Yet Again

Google has announced they will now favor HTTPS sites higher in their search engine rankings.

What’s the S stand for? Secure. That’s Hypertext Transfer Protocol SECURE. Here sensitive data is encrypted over a Secure Socket Layer (SSL) where it cannot be seen by anyone but the recipient. This is a common practice in personal banking online and customer purchasing information with web based retail shopping carts. Incidentally, you should NEVER type in any personal information like your name, age, address, phone, credit card & social security number on a web page that doesn’t start with https. Otherwise your information is not secure and can be seen by others thus increasing the risk of being a victim of identity theft.

Search engines function like a skilled cyber librarian. You type in the information you’re looking for at the “reception desk”, the search engine keyword bar, and they retrieve a relevant list of information from their library which is the entire World Wide Web. Websites, and web pages here being analogous to books and specific pages in books.

Anyhow, back to Google’s announcement. The giant search engine sauropod that it is: Googlesaurus. It’s latin species nomenclature being Searchenginus Algorithmus Morpheus. It’s the modern day Holy Grail of internet commerce as pertaining to website and page rankings. It’s simple: if you come up on the first page (or better yet, on the TOP half of the first page) of an internet keyword search, you’ll get more hits, views, sales and so on. Search Engine Optimization (SEO) consultants, companies and specialists study this very thing to do the online equivalent of “Stacking the Deck” in your website’s favor.

Why does this blue and white tech tiger change it’s stripes like this? Is it because they’re great like Tony the Tiger? Are they becoming the HAL for our times?

“Sorry Dave, your website isn’t ranked high enough anymore and I can’t tell you our formula for improving that. Have a nice day.”

Google does this because they can. They’re the proverbial 800 pound gorilla that can sit wherever it wants. They’re also a moving target, and you know it’s more difficult to hit a moving target than a stationary one–or in this case, understand them for that matter, their classified magical algorithm for web site rankings performed during a Google search for results you type in from keywords.

The Google tiger has also been seen flashing the gang sign colors of Milton Bradley’s Twister and true to form, Google does play Twister. Their own variation being search engine Twister, and when they spin “right foot green”, it’s a good idea to get your web site planted on that spot or moving in that direction ASAP. Normally they just spin and don’t announce where the needle lands giving secret hand signals only to their inner circle. This time they have announced “right foot green” and everybody who isn’t there soon won’t make it to the next round–disqualified in some way via their search engine rankings.

What’s interesting about this recent announcement is that they made a change known publicly when they aren’t obligated to do so. They could have kept it a secret like other aspects of their search engine algorithm. One may hypothesize here that they made this public because they want more websites to adopt the https protocol. The 800 pound gorilla is telling you where to sit now.

We go deeper down the Google rabbit hole when we realize that not only do you have to hit this moving target, THEY are the target that determines the hits. Put another way, they just threw another curve ball at the all the SEO companies, teams and experts. In the ballpark of the internet, Google is always the home team as well as the Coach that determines the web site lineup and the strategic formula for the batting order. Everyone else can just try to get a crack at that algorithm just so much before it changes once again–and hope their best “at bat” strategy can get a decent hit high enough to “knock it out of the park” in their search engine rankings.

Way back in 1919, if you said the word “Google” to somebody, people would chuckle or smile thinking you were referring to the American comic strip “Barney Google and Snuffy Smith.” A few years later in 1923, there was a hit pop song about Barney where the lyrics went “Barney Google with the Goo-Goo Googly Eyes. The word Google has gone from a old pop song lyric to now one of the most widely recognized words and companies on the planet. It’s been a last name, adjective, and with the Google juggernaut continuing its momentum into the new millenium, it’s now even a verb: Google it.

Not surprisingly, Barney Google made a reappearance into his own comic strip in 2012. Snuffy Smith “took over” for years as the main character and focus while Barney was an infrequent sideline character. Since the word Google itself has major pull and high keyword currency value these days, that may have had something to do with Barney’s decision to come out of seclusion. His last name is now online royalty, like being knighted by the Queen of Search Engines.

The why Google has done this is simple enough to understand. Websites with additional security protocols will be ranked higher in their search engine algorithm. What this means for your website is another matter. What can you do improve your rankings now? We’ll save you a trip to the Oracle of Delphi or a call to 1-900 NOSTRADAMUS to figure this out. The starting point is we know Google now chooses to see sites that have the additional https security measure as more important in their search engine rankings: this criteria alone now has increased search engine currency value according to the International Bank of Google. It’s currency rate has just been changed, the “stock” value on this feature has just gone up. You’re either going to cash in on it now to some degree or have to buy that stock for your web site portfolio if needed in the near future.

Web sites can acquire the their https status by getting a dedicated IP (Internet Protocol) address and a SSL (Secure Socket Layer) Certificate. We provide both of these options: A dedicated IP address at $2 a month and the SSL Certificate at $50 a month. What the “s” does besides encryption is it validates the site and the company. The SSL Certificate can be viewed by clicking on the lock icon and it will display some information about the site. However, adding SSL to make a site more secure, it does slow down the site loading time.

Google is working on phasing out support for all SSL certificates that were issued using SHA-1 hashing algorithm. It will do so by displaying a warning in the new Chrome(TM) browser. These changes are expected to take place in November 2014.  Here’s more information directly from Google’s blog.

To help you identify if your site needs a certificate reissued used this tool.

Please keep in mind that SHA-1 root certificates will not be affected by this.

For cPanel/WHM users. There’s currently no way to generate a SHA-2 request unless done from shell. Here’s how to do it from SSH:

openssl req -new -newkey rsa:2048 -nodes -sha256 -out www.mydomain.com.sha256.csr -keyout www.mydomain.key -subj “/C=US/ST=TX/L=USA/O=SOMETHING/CN=www.moydomain.com”

Be sure to replace the values in that with the correct ones.

C = 2 character country code
ST = State/Province
L = City/Locality
O = Organization
CN = Common Name (domain name)

Google, stock photos, chrome, internet, various, computers, stock photos

FrontPage Server Extensions allow applications like Microsoft FrontPage, Microsoft Expression Web or Microsoft Office SharePoint Designer to communicate with your hosting account. These programs are HTML editors and allow you to create a site locally on your computer and then upload them to your web hosting account.  They also allow you to make changes to you live site directly but this is not a good practice as it will create errors on your live site.

All this sounds interesting until the stuff behind the scenes is revealed.

• They use HTTP protocol for communications which is open text and is not secure at all
• Microsoft stopped supporting them in 2006

These two reasons should be good enough to not use them, especially that there are very good alternatives like WebDAV (Web Distributed Authoring and Versioning) which is an extension of HTTP or FTP (File Transfer Protocol). Although, these are still insecure but they are much more stable alternatives to FronPage Extensions. We recommend using FTP as it’s fast, reliable and should be available with any hosting account.

Here’s what one of our customers had to say after switching to FTP.

“This is great, Expressions Web is just as good as FrontPage if not better, ftp is just as good as http if not better, and I can now retire the old computer.”

Using HTML editors is still an old way of doing things. If you want to have an easy and secure secure way to manage your site, there are online site manager applications like WordPress that are much more powerful and have a lot of different features.

It’s a matter of a few clicks to create a database in hosting cpanel. (This article only applies if your hosting provider is using cPanel).

Follow these simple steps:

• Log in to cPanel for your web site (Normally located at yoursite.com/cpanel)
• Locate the “MySQL Databases” icon and click on it
• Under Create New Database type in the name for your database (it can be something simple like db or more concrete like wpdblive)
• Click the “Create Database” button
• All done!

This will add an empty database to your account which you can now populate with data which is normally done while installing software or importing particular records.

This is how a database feels when no user has been assigned to it!

SquareSpace can be a good solution for a personal website. Their platform has a lot of options for building your site, weather it’s for blogging or just a regular site.  Those tools however come at a high price: and that’s not being able to have complete control over your environment and being stuck with their hosting. If their system doesn’t have something you need to have, chances are you will never get it. For example, if you need a widget that does certain things, there’s no way to get it on SquareSpace. You are also stuck with their analytics and other similar tools. Oh, did I mention? “You have to learn how to use their tools”. People constantly look for developers who can assist with building their SquareSpace site. This makes you wonder how it can be different from any other website builder. Some people however do like website builders a lot and are willing to suck up the limitations they impose. In either case SquareSpace is not a perfect solution and should be considered very carefully.

PHOTOS: Squarespace Office Tour