Game of two (login) halves

Game of two (login) halves

While the government of the day has recently pushed cyber-security to the fore, it’s nothing new and is likely more ‘politics’ than ‘large-scale attack’. The motivations for anything politicians do rarely prioritise the community above self-interest.

All the same, in the wake of this scare campaign, it is a good time to have a think about your own cyber-security. To quote the PM;

I’m here today to advise you that, based on advice provided to me by our cyber-experts, Australian organisations are currently being targeted by a sophisticated state-based cyber-actor. This activity is targeting Australian organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure.

Does this affect you? Probably not directly. If your medical records are inaccessible, if your tax office dealings are blocked, your bill payments fail, your internet service is offline, you can’t pay for groceries at the supermarket – it’s going to be inconvenient to say the least. But there’s not much you can do about it all.

However, your personal cyber-security is still important. Really important. There is only a small chance that you’re going to be “hacked” (broken into). It’s much more about Identity Theft.

If I have enough information and in particular access to your email account, I can pretty much ‘be’ you. I can take out loans, I can buy expensive items, I can cash in your superannuation, I can retrieve passwords and logins to your online accounts.

You MUST protect your email account. Nobody cares who you write to or what you write about – it’s being able to use your email account to pretend to be you that matters. Your email account is often a weak link in the chain.

Can you make it the strongest link? Absolutely. A good password is a great start, of course (no “123456” here!) but there’s a huge improvement that is quite easy to make. It’s called “Two factor authentication” or 2FA for short.

2FA is about adding a third element to your login;

  • who you are (eg. email address or UserID)
  • something you know (eg. password)
  • something you have (a gadget)

Our local Winchelsea & Anglesea Community Bendigo Bank introduced 2FA for their bank accounts years ago. A small device with a button and a display, each time the button is pressed it shows a 6-digit number. When logging in to do internet banking, I must enter my UserID, my banking password and a 6-digit number. Nobody can get in unless they have that device.

The same thing can be done with email accounts. Instead of a device, though, you use your smartphone with an app to generate the number. So likewise, nobody can login to my email account unless they know my email address, my email password AND get a number off my phone.

Note that the numbers generated change every few seconds. It is almost impossible to guess or predict the number, they are generated using some clever randomising maths.

This means anyone trying to break into my bank or email accounts will fail EVEN IF they know my password and UserID somehow.

Have a think about the online logins that you use which would cause you pain if someone knew your password. Especially your email. Find out if you can enable 2FA, and work through the procedure to make it happen. It is so worth it.

When a password isn’t enough…

When a password isn’t enough…

We live in an age where passwords and PIN-codes are everywhere. Phones, computers, email accounts, government services, bills and utilities, apps, bank accounts and dozens more. All need and expect some form of password. Here’s a cautionary tale for what might happen if you forget one.

Since the year dot, many many aeons ago (back in the 1980’s, I mean), passwords were invented for electronic ‘stuff’ to keep out people who shouldn’t get in. Keeping private things private. Keeping national secrets secret. Keeping unique technologies unique.

We'll never guess her password cartoon

There are a few password strategies around on how to create and manage strong (ie. unguessable) passwords. Very often, you will find that these strategies can be challenged or even come unstuck in the face of Password Rules. Every system, every organisation, can create their own Password Rule and it’s highly likely you’ve encountered them – for example, your password must contain at least 8 characters, and in those 8 there must be both letters and numbers and at least one capital letter. Some password rules require one or more “special characters” such as $, & or %.

So we end up with a grab-bag of different passwords whether we like it or not.

What happens when we forget one? A classic example is the password to a GMail account. You created an email account using Google’s free GMail service years ago, put in a password that matched their Password Rule at the time. You added that email into your smartphone and tablet, using their quick-and-easy tools to do so. Then you happily started using the email account.

Of course, you never had to put in that password again. Your computer, your phone, your tablet all remember it for you. Or better yet, if you’re like me you have a password manager app that remembers on your behalf, so you can have a ridiculous password that you don’t even know anyway (and couldn’t reveal even under torture or hypnosis!).

Then you get a new gadget, or more likely try to sign in to your email account on someone else’s computer (let’s say while you are travelling). You are asked what your password is. You simply don’t know or can’t recall.

Now you enter Verification Twilight Zone. You need to prove you are who you say you are, that you should be allowed in even though you don’t know the password. GMail do this verification thing sometimes when you DO know the correct password, but are signing in on some device you haven’t signed in on before. They might even do it on your normal device, for some reason.

How do you verify yourself? Well. It all depends…. but it depends on what you did when you created the account.

  • Were you asked a few special questions to which you had to give your own answers? For example, “Where were you born?” or “Mother’s maiden name”. You’ll need to remember the exact answer you initially gave.
  • Did you have to provide your mobile phone number? You’ll be sent a one-off code to your phone which you’ll need to copy back into the sign-in.
  • Did you provide an alternative email address, belonging to yourself or someone else you can trust? A one-off code will be sent to that email address which you’ll need to copy back into the sign-in. You’ll be shown only part of that alternative email address to jog your memory eg. joe***@big****.com, so you’ll need to remember which one you initially gave.

Here’s the thing. If you can’t successfully navigate through the Verification Twilight Zone, you can find yourself going round and round in circles trying to guess the correct answers. If you are unable to provide what is requested – you simply cannot get in. Short and sweet, you have lost access.

For some services (such as online banking), there may be someone you can call so you can prove to them that you are the right person, and they can maybe reset your account password. But don’t count on it in these days of identity theft, fraud, and privacy laws.

As for GMail? It’s too bad. You need to register a brand new email address and tell everyone you’ve had to change. A real pain. You’ve lost access to everything that was in that email account unless you can work through the Verification Twilight Zone somehow.

So the moral of the story is to make sure you have an excellent memory, or more practically to make a secure note of not only your password, but also your verification answers. And keep them updated (once a year or so should do it). Dead alternative email addresses and expired phone numbers are of no use at all.

Beware the Verification Twilight Zone!

How low are YOUR barriers to entry?

How low are YOUR barriers to entry?

Let’s focus on my business for a bit. Usually, I’m all about my client’s business (the “if they do well, I do well” perspective), but we’ll flip it around for a change.

The websites/web-marketing industry is undergoing huge changes. Has been for years, of course, along with technology in general. Ask a website designer/builder to go back 5 years and recall how websites were built, and compare to today’s tools and techniques. It’s chalk and cheese.

  • faster
  • easier
  • slicker
  • more effective.

And cheaper. Like most technology (except iPhones, it seems…!).

In the last couple of years, there have been 2 major developments that have led to a massive surge in the number of people who say they are available to build you a fabulous website. “Page builders” which greatly reduce or even eliminate the technical knowledge needed. And “Software as a Service” which lets you subscribe to functions & tools & facilities that you need, when you need them, without having any hassles with installation, maintenance, upgrades or backups.

You may have seen the Wix ads, or Squarespace, or GoDaddy. Yes, you can DIY – build a website right now, and it will indeed look good, at low cost (to start with). Get up and running in an hour or two. They don’t lie.

So we have a huge number of ‘experts’ out there now. The web industry has such low barriers to entry that it has become an enticing side-gig, a part-time activity that fits in with the full-time job or study. All you need is a reasonable internet connection.

The result is apparently a reverse hourglass effect. Squeeze at the bottom of the market (lots and lots of competition for low-priced projects), squeeze at the top of the market (high-ticket projects attracting increased attention from mid-range players who can easily access more advanced capabilities).

In the middle, though, there seems to be a more positive effect for business such as Winch Websites. A project can now include functions and facilities that would have been financially out of reach to small and micro businesses or non-profits. It’s here that clients typically already have experience with owning a website, and recognise the skills, expertise and benefits that a professional brings to play. Websites are no longer about the technology – it’s about what they are there to achieve for the organisation. More sales? More signups? More donations? More enquiries or leads? The focus is on the outcome, not the tool. Find out what the outcome is first, then find the best tool to make that happen. Then fine-tune and optimise, forever. Something worth investing in, in other words.

Anyway, what I’m getting at is that although the website and web-marketing industries have very low barriers to entry (and therefore many, many participants), it doesn’t mean that getting something good is easy and cheap as chips. A decent investment really should pay dividends.

However, riding shotgun with the low barriers to entry is the lack of regulation and control. If you haven’t come across outrageous claims already, you won’t have to go far to find some. Think “website in a day”, “Google page 1”, “10x your sales”.

How about your own industry? How easy is it for a newcomer to come along and think “Hmm, that looks like an easy way to earn money. I’ll say I can do it and then work it out from there!”?

If you too have low barriers to entry, you’ll be familiar with all of the above. And like as not, you too will have had customers who’ve tried the cheap and the quick, been burned, and are now looking for experience and knowledge.

When you go looking for website and web-marketing services, please bear in mind that there’s little to stop people saying what they like in internet-land. Take claims with a small pinch of cynicism and maybe do a bit of due diligence. Ask or look for evidence that your chosen service provider has done this sort of thing, and that it’s worked. Be ever-so-slightly distrustful of reviews and testimonials unless there’s evidence to back them up as genuine customers.

At Winch Websites, I’m well aware that the competition for your web-marketing dollars is global, huge, and a minefield of options, technicalities, capabilities and playing with the truth. I aim to provide honest and accurate advice, and if we aren’t a good fit for each other in terms of outcomes and objectives, I’ll happily refer you to services or businesses that are.

I want to take care of your website so that you can take care of your business – over the long term, ongoing. That’s not going to happen unless you get great value from Winch Websites. So next time you’re looking for website design & build, website care or email automation services, please get in touch. At the very least, you’ll get something to compare against. And I’d love to hear what you think when you do compare, business feedback is so hard to come by!

Good luck in your business, and may low barriers to entry be no barriers to your success!!

Interested in working with us?

I used to service my

I used to service my

Once upon a time, in the ‘good old days’, I had a Triumph 1500. Cream-coloured saloon, 4 doors, double headlights, manual, leather(ish) seats. Great first car.

(photo: By Charles01 – Own work, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=11341226)

I did all my own servicing on that car. It was like a giant Meccano set (for those not familiar with the brand, you had all sorts of metal shapes full of holes that you could bolt together to make fabulous machines, the big-kid version of Lego). In that Triumph, you could take stuff apart, clean it, replace worn out bits, put it together, and it was better than before.

I do have a mind that likes taking things apart and putting them together, I will admit. All the same, the Triumph 1500 made it quite easy. Generally, access to things was easy enough, spares were easy to find. I was a Mechanic!! (and now I’m regularly on a big red fire-truck, but that’s another story…)

My next car was a much more modern Ford hatchback, I forget the model. It had electronic ignition, was packed into a small engine-bay. First time I tried to tune that Ford, I stuffed it. Because now you need specialist equipment, skills and experience.

So I gave up my car maintenance hobby and let the professionals do it. It costs me to get a car serviced by someone, of course, but a) it’s easy and b) I can be reasonably confident it will be done properly and quickly.

I’m sure I could still do it myself. However, I have other things I could and should be doing – including newer hobbies like family, doing up this house, learning guitar. Servicing my own car would no doubt still give me a sense of achievement, but it would suck up time and need a bit of learning plus some new equipment and gadgets (hmm, there’s a thought…).

This same principle is almost certain to apply to you. What are you doing, where are you spending your time, effort and funds to do something yourself that someone else could do more quickly, more effectively? If you enjoy it, stick with it. But if in a perfect world you could stop doing it, it’s worth considering the benefits of outsourcing.

Weigh up the cost of getting someone else to do it against what you would do with that free time, alongside knowing that it has been done properly (no left over bits!).

An example is book-keeping. Are you catching up on your accounts on a Sunday? Imagine just handing that over to someone else. Checkout Roneta’s services at Enhanced Power for what I mean.

Another example might be your website. When are you managing that? Are you adding new content every now and then? More importantly, how often are you making sure all the components are updated with security and bug fixes? Backups? Again, all of this can be handed over to someone else for around the price of a couple of hours of your time per month.

At Winch Websites, we offer a Website Care plan that looks after all the technical stuff (updates, security, backups, search-engine basics, speed & performance) and also lets you make any changes you like simply by sending an email with what you want done. Your website hums along all tuned-up. Easy and stress free.

Sure you could look after your website yourself. A great many do. This isn’t about whether you CAN though, it’s about whether you SHOULD. You’re running a business, it’s a business judgement you need to make – at what point is your time worth more doing other things? Are you going to build and grow your business more through DIY website maintenance or have you reached a point where it’s more cost-effective to hand it over?

I did really enjoy looking after that old Triumph 1500. The cars I drive now though, I’m not interested in getting under the hood. Aside from a wisp of nostalgia, I can’t say I regret that, with a lot else to do instead!

Interested in working with us?

Scam! Unexpected domain name registrations.

Scam! Unexpected domain name registrations.

A client called the other day, asking about an offer that had been made to him over the phone. A Queensland-based company wanted to see if he was interested in the ".com" version of his domain name (since he already had the ".com.au" version).

Turns out they'd registered this .com version 2 days prior to calling, and were now aiming to sell it to him.

A couple of numbers to put things into perspective. At Winch Websites, I charge $44 per year to register and/or renew a .com domain name. For this, all you are doing is grabbing that particular domain name and making it yours. So additional related services (such as a website, webhosting, business email, etc. etc.) are all extra. We're talking only about the domain name itself.

It's a bit like vehicle rego, when you renew that you don't get a car or driver licence, you just get the rights to put the associated vehicle on public roads. Register and renew a domain name, and you get the right to use it in internet-land however you choose, and nobody else can have it (legal claims to the name aside!).

Now, this Queensland company was offering to sell the .com domain name at $650 plus GST. This is the exact same domain registration service as I provide for $44 inc GST.

There is nothing strictly illegal about this. They have the right to register any .com domain name they choose, unless it is a trademark. And likewise, for a .com, they are free to sell it to whoever they like for whatever price they like. (Note that this practice IS illegal for .com.au domains).

But is it wrong? I firmly say Yes. Is it immoral to pre-register a variation of someone's existing domain name and sell it for over 10 times the going rate? Absolutely.

What can you do about it? Not much. They've already registered the domain, and it will be theirs for at least a year. At bulk-buy discount rates, it costs them $10-$20. Obviously worth the gamble or they wouldn't be doing it. In your marketing activities, you may need to make it clear that only the .com.au version of your domain is yours.

However, because you are reading this, you may actually be able to head off the issue. If you have .com.au domain names, maybe check to see if you could register the .com equivalent too. It's a small price for the peace of mind that someone else couldn't steal it (and possibly abuse it).

Feel free to get in touch if you'd like any assistance with your domain name registrations and renewals, it's a critical part of your internet activities.