Game of two (login) halves

Game of two (login) halves

While the government of the day has recently pushed cyber-security to the fore, it’s nothing new and is likely more ‘politics’ than ‘large-scale attack’. The motivations for anything politicians do rarely prioritise the community above self-interest.

All the same, in the wake of this scare campaign, it is a good time to have a think about your own cyber-security. To quote the PM;

I’m here today to advise you that, based on advice provided to me by our cyber-experts, Australian organisations are currently being targeted by a sophisticated state-based cyber-actor. This activity is targeting Australian organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure.

Does this affect you? Probably not directly. If your medical records are inaccessible, if your tax office dealings are blocked, your bill payments fail, your internet service is offline, you can’t pay for groceries at the supermarket – it’s going to be inconvenient to say the least. But there’s not much you can do about it all.

However, your personal cyber-security is still important. Really important. There is only a small chance that you’re going to be “hacked” (broken into). It’s much more about Identity Theft.

If I have enough information and in particular access to your email account, I can pretty much ‘be’ you. I can take out loans, I can buy expensive items, I can cash in your superannuation, I can retrieve passwords and logins to your online accounts.

You MUST protect your email account. Nobody cares who you write to or what you write about – it’s being able to use your email account to pretend to be you that matters. Your email account is often a weak link in the chain.

Can you make it the strongest link? Absolutely. A good password is a great start, of course (no “123456” here!) but there’s a huge improvement that is quite easy to make. It’s called “Two factor authentication” or 2FA for short.

2FA is about adding a third element to your login;

  • who you are (eg. email address or UserID)
  • something you know (eg. password)
  • something you have (a gadget)

Our local Winchelsea & Anglesea Community Bendigo Bank introduced 2FA for their bank accounts years ago. A small device with a button and a display, each time the button is pressed it shows a 6-digit number. When logging in to do internet banking, I must enter my UserID, my banking password and a 6-digit number. Nobody can get in unless they have that device.

The same thing can be done with email accounts. Instead of a device, though, you use your smartphone with an app to generate the number. So likewise, nobody can login to my email account unless they know my email address, my email password AND get a number off my phone.

Note that the numbers generated change every few seconds. It is almost impossible to guess or predict the number, they are generated using some clever randomising maths.

This means anyone trying to break into my bank or email accounts will fail EVEN IF they know my password and UserID somehow.

Have a think about the online logins that you use which would cause you pain if someone knew your password. Especially your email. Find out if you can enable 2FA, and work through the procedure to make it happen. It is so worth it.

Coronavirus & Technology

Coronavirus & Technology

This amazing situation that we find ourselves in has many parallels with the Spanish Flu pandemic back in the early 1900’s. Spreading via worldwide people transportation. Quarantining. Overloaded hospitals. Business and social shutdowns.

This time round, we are far more aware and informed thanks to our communication technologies. (We’re also more misinformed, but more on that later). We are much more able to continue many businesses and services thanks to the internet.

This article covers some ideas that you might find helpful while you are expected to be at home as much as possible.


Nearly everyone has email now – if you don’t, you really should get it or you risk being left out and disadvantaged for many commercial and government services. Free email accounts are available from Google (go to and look for “create account”. Want an intro to email? See

Email is great for communication that lets sender and receiver work to their own schedule. You send when convenient, and the recipient reads (and responds) when convenient to them too.


The world is moving to mobile phone numbers. Landlines are locked to a particular place, where mobiles can go anywhere. Either way, be aware you are able to do things with phone calls such as automatically redirect incoming calls over to a different number (someone calls your landline, for example, and that call comes through on your mobile phone). There is a cost for things like redirection, but it can be handy. There’s also voicemail which pretty much every phone services provides – it’s worth finding out how to set it up with your own personal message when you can’t answer. It’s much better for callers to leave you a message rather than have to ring back later.

additionally, there are now services available that can give you sophisticated control over your phone service. For example, my business phone number goes straight to voicemail at weekends, on Public Holidays, and outside business hours. It’s all managed online via a website, and there are all sorts of options – such as auto-forwarding a call to someone else if I don’t answer. See


If you’re at a loose end, there are a thousand and one things you could learn via the internet. Professional development, work skills, lifestyle interests… it’s all there. All sorts of businesses are even offering free or cheap courses because of Coronavirus. Learn to play guitar, crochet, touch-type, create an effective CV, all about spreadsheets, photo editing, Facebook advertising… the list is endless. Look for reviews and recommendations and be careful with your payment details.


Many businesses are switching their activities to the internet. Examples include exercise, yoga, physiotherapy, cooking, orchestras, schools – anything where a camera can be put where you normally would be. This is called “live-streaming” or just streaming, or a webinar. The camera simply sends out what it sees directly to the web, and you watch it. There’s usually audio too, so you can hear what’s going on. You may be able to communicate back too, through a ‘chat’ window (where you type what you want to say or ask). The requirements at your end vary, but are usually easy enough – click on a link in a webpage or in an email, and then just follow instructions.


A big thing now is to continue trying to do activities online instead of face-to-face. Videoconferencing aims to simulate a face-to-face meeting – each person has their own camera and microphone, so everyone can see and hear everyone else. Of course, it’s nowhere near as good as an actual meeting, but it is great to be able to see who you are talking to.

It will be interesting to see if our new-fangled NBN will cope with thousands of simultaneous 2-way video streams all of a sudden. It should do, but there’s theory and there’s reality…

However, assuming the internet infrastructure can cope, videoconferencing is effective. There can multiple participants, and you can be at home or in your office with the other people being wherever they need to be. There’s often a bit of settling-in required (“can you heard me?” and “can you see me?”) but once it’s in place it’s good. You’ll need a videoconferencing service provider – is the big player, but there’s also Facetime (if everyone is using an Apple device) or Google Hangouts (if everyone has a Google account). You can use Facebook’s Messenger app to video-chat too.


Delivery services may be reduced or impacted, but hopefully will continue to operate well enough. You can buy a great deal of stuff online, saving you having to mingle with people in shops.

Groceries are a bit limited but will probably get back to normal soon. Our local IGA will make local deliveries, Coles & Woolworths are ramping up home delivery. Aside from groceries, many businesses are making their products available for online purchase.

Now be a bit careful here. Scammers are likewise ramping up. So be sure you are on the website you think you are, try to go straight to a website rather than click on links (eg. type in “” up there in the white bar right at the top of your screen). Only make payment if you are confident that it’s a genuine business and genuine product/service.

Aside from avoiding being ripped off, online shopping is a huge convenience by getting almost anything dropped at your door. There will be a lot of people turning to online shopping, so leave plenty of time for deliveries


If you haven’t already got a subscription to an online video service, perhaps now is the time. Most TVs from the last couple of years have built-in capability to show video from the likes of Netflix, Stan, Amazon Prime and/or Disney. You pay a modest monthly fee ($10-20) and you can pick from hundreds of movies and series, to watch whenever you like. If your TV isn’t up to it, you can buy a small box such as AppleTV or Fetch (the online video service is not included though). Plug the box into your TV, subscribe to the video service, and you’ve got hundreds of hours of entertainment lined up.

Social Media

And finally. Social media is probably more important when shut inside than ever before. Connecting with other people is incredibly important for mental health. Facebook is the biggie in this space, and while they’re very clever at manipulating what you see and who you hear from (and deliberately making Facebook addictive), it’s a valuable way to keep in touch with family, friends, colleagues, business groups and more. Watch out for Fake News though – it spreads fast, easily and far. Try to develop a mindset of checking with yourself whether what you read is likely to be right. Facebook includes the Messenger app, which lets you chat with the people you know via keyboard, voice and/or video.

All in all we are in a much better situation when compared to Spanish Flu days. Mind you, we’re almost certainly headed for a global recession – technology is there to help us get through this, so be sure to make the most of it. And don’t forget your community – we’re better together than apart. Help out where you can. Keep in touch. Ask for ideas or suggestions when you’re struggling with something. Human beings are amazing in times of need.

When a password isn’t enough…

When a password isn’t enough…

We live in an age where passwords and PIN-codes are everywhere. Phones, computers, email accounts, government services, bills and utilities, apps, bank accounts and dozens more. All need and expect some form of password. Here’s a cautionary tale for what might happen if you forget one.

Since the year dot, many many aeons ago (back in the 1980’s, I mean), passwords were invented for electronic ‘stuff’ to keep out people who shouldn’t get in. Keeping private things private. Keeping national secrets secret. Keeping unique technologies unique.

We'll never guess her password cartoon

There are a few password strategies around on how to create and manage strong (ie. unguessable) passwords. Very often, you will find that these strategies can be challenged or even come unstuck in the face of Password Rules. Every system, every organisation, can create their own Password Rule and it’s highly likely you’ve encountered them – for example, your password must contain at least 8 characters, and in those 8 there must be both letters and numbers and at least one capital letter. Some password rules require one or more “special characters” such as $, & or %.

So we end up with a grab-bag of different passwords whether we like it or not.

What happens when we forget one? A classic example is the password to a GMail account. You created an email account using Google’s free GMail service years ago, put in a password that matched their Password Rule at the time. You added that email into your smartphone and tablet, using their quick-and-easy tools to do so. Then you happily started using the email account.

Of course, you never had to put in that password again. Your computer, your phone, your tablet all remember it for you. Or better yet, if you’re like me you have a password manager app that remembers on your behalf, so you can have a ridiculous password that you don’t even know anyway (and couldn’t reveal even under torture or hypnosis!).

Then you get a new gadget, or more likely try to sign in to your email account on someone else’s computer (let’s say while you are travelling). You are asked what your password is. You simply don’t know or can’t recall.

Now you enter Verification Twilight Zone. You need to prove you are who you say you are, that you should be allowed in even though you don’t know the password. GMail do this verification thing sometimes when you DO know the correct password, but are signing in on some device you haven’t signed in on before. They might even do it on your normal device, for some reason.

How do you verify yourself? Well. It all depends…. but it depends on what you did when you created the account.

  • Were you asked a few special questions to which you had to give your own answers? For example, “Where were you born?” or “Mother’s maiden name”. You’ll need to remember the exact answer you initially gave.
  • Did you have to provide your mobile phone number? You’ll be sent a one-off code to your phone which you’ll need to copy back into the sign-in.
  • Did you provide an alternative email address, belonging to yourself or someone else you can trust? A one-off code will be sent to that email address which you’ll need to copy back into the sign-in. You’ll be shown only part of that alternative email address to jog your memory eg. joe***@big****.com, so you’ll need to remember which one you initially gave.

Here’s the thing. If you can’t successfully navigate through the Verification Twilight Zone, you can find yourself going round and round in circles trying to guess the correct answers. If you are unable to provide what is requested – you simply cannot get in. Short and sweet, you have lost access.

For some services (such as online banking), there may be someone you can call so you can prove to them that you are the right person, and they can maybe reset your account password. But don’t count on it in these days of identity theft, fraud, and privacy laws.

As for GMail? It’s too bad. You need to register a brand new email address and tell everyone you’ve had to change. A real pain. You’ve lost access to everything that was in that email account unless you can work through the Verification Twilight Zone somehow.

So the moral of the story is to make sure you have an excellent memory, or more practically to make a secure note of not only your password, but also your verification answers. And keep them updated (once a year or so should do it). Dead alternative email addresses and expired phone numbers are of no use at all.

Beware the Verification Twilight Zone!

How low are YOUR barriers to entry?

How low are YOUR barriers to entry?

Let’s focus on my business for a bit. Usually, I’m all about my client’s business (the “if they do well, I do well” perspective), but we’ll flip it around for a change.

The websites/web-marketing industry is undergoing huge changes. Has been for years, of course, along with technology in general. Ask a website designer/builder to go back 5 years and recall how websites were built, and compare to today’s tools and techniques. It’s chalk and cheese.

  • faster
  • easier
  • slicker
  • more effective.

And cheaper. Like most technology (except iPhones, it seems…!).

In the last couple of years, there have been 2 major developments that have led to a massive surge in the number of people who say they are available to build you a fabulous website. “Page builders” which greatly reduce or even eliminate the technical knowledge needed. And “Software as a Service” which lets you subscribe to functions & tools & facilities that you need, when you need them, without having any hassles with installation, maintenance, upgrades or backups.

You may have seen the Wix ads, or Squarespace, or GoDaddy. Yes, you can DIY – build a website right now, and it will indeed look good, at low cost (to start with). Get up and running in an hour or two. They don’t lie.

So we have a huge number of ‘experts’ out there now. The web industry has such low barriers to entry that it has become an enticing side-gig, a part-time activity that fits in with the full-time job or study. All you need is a reasonable internet connection.

The result is apparently a reverse hourglass effect. Squeeze at the bottom of the market (lots and lots of competition for low-priced projects), squeeze at the top of the market (high-ticket projects attracting increased attention from mid-range players who can easily access more advanced capabilities).

In the middle, though, there seems to be a more positive effect for business such as Winch Websites. A project can now include functions and facilities that would have been financially out of reach to small and micro businesses or non-profits. It’s here that clients typically already have experience with owning a website, and recognise the skills, expertise and benefits that a professional brings to play. Websites are no longer about the technology – it’s about what they are there to achieve for the organisation. More sales? More signups? More donations? More enquiries or leads? The focus is on the outcome, not the tool. Find out what the outcome is first, then find the best tool to make that happen. Then fine-tune and optimise, forever. Something worth investing in, in other words.

Anyway, what I’m getting at is that although the website and web-marketing industries have very low barriers to entry (and therefore many, many participants), it doesn’t mean that getting something good is easy and cheap as chips. A decent investment really should pay dividends.

However, riding shotgun with the low barriers to entry is the lack of regulation and control. If you haven’t come across outrageous claims already, you won’t have to go far to find some. Think “website in a day”, “Google page 1”, “10x your sales”.

How about your own industry? How easy is it for a newcomer to come along and think “Hmm, that looks like an easy way to earn money. I’ll say I can do it and then work it out from there!”?

If you too have low barriers to entry, you’ll be familiar with all of the above. And like as not, you too will have had customers who’ve tried the cheap and the quick, been burned, and are now looking for experience and knowledge.

When you go looking for website and web-marketing services, please bear in mind that there’s little to stop people saying what they like in internet-land. Take claims with a small pinch of cynicism and maybe do a bit of due diligence. Ask or look for evidence that your chosen service provider has done this sort of thing, and that it’s worked. Be ever-so-slightly distrustful of reviews and testimonials unless there’s evidence to back them up as genuine customers.

At Winch Websites, I’m well aware that the competition for your web-marketing dollars is global, huge, and a minefield of options, technicalities, capabilities and playing with the truth. I aim to provide honest and accurate advice, and if we aren’t a good fit for each other in terms of outcomes and objectives, I’ll happily refer you to services or businesses that are.

I want to take care of your website so that you can take care of your business – over the long term, ongoing. That’s not going to happen unless you get great value from Winch Websites. So next time you’re looking for website design & build, website care or email automation services, please get in touch. At the very least, you’ll get something to compare against. And I’d love to hear what you think when you do compare, business feedback is so hard to come by!

Good luck in your business, and may low barriers to entry be no barriers to your success!!

Interested in working with us?

The 2nd Most Important Thing On Your Website

The 2nd Most Important Thing On Your Website

Your website has to be about your business – the products/services that you provide. That comes first. When visitors land on your website (however you drive them there), they’ll be looking to check they’ve come to the right place. So Step 1 is to provide whatever it is that lets the visitors know that you are a potential match for whatever they are looking for.

But then what? We have someone who’s confirmed that you are potentially able to provide the solution required. S/he has seen enough to think it’s worth pursuing.

Here is the 2nd Most Important Thing your website should have. The fabled “Call To Action“. In other words, don’t leave the interested visitors hanging – guessing what the next step should be. Do they phone you? Email you? Fill in an online enquiry? Can they buy it there and then? It’s up to YOU to tell them – and the easier you make it, the more likely it is to happen.

Don’t ask for a long form to be filled in with lots of deep-thought answers, unless it’s important to you that they do. On this website, I have a quick and easy Contact form (see that “Contact” link up in the menu). But I also have a much more involved form for potential clients that may want to work with Winch Websites, in the Project Enquiry form – this is an essential pre-qualification to see if the business owner knows enough and cares enough to be able to clearly set what the project is to achieve. It saves time on both sides if we both know what we’re doing, why, who for, and for what objectives.

So look through the home page on the Winch Websites site – you’ll regularly see a big orange button asking for the visitor to get in touch. These lead to a short and easy form – and the less a form asks for, the better (less ‘friction’ = more submissions).

Make sure ALL your webpages include a Call To Action (or CTA, in marketing-speak). Each page, at the top, the middle, the bottom, tell your potential clients exactly what you prefer they do next to go to the next step. Then make that action as easy and simple as possible (and make sure it runs on both desktop and mobiles!).

Is your website working for or against you? If you’re missing CTAs and you think it’s time to get a website that is effective and pays for itself, get in touch. (See what I did there? CTA again!)

Interested in working with us?

Interested in working with us?

Just quickly send us your contact info and what you’re looking for – eg. why you want a website (starting from scratch, remaking an existing one, etc) and any particular features or questions you have in mind.