The Lowdown

17th January '18

cybersecurity passwords security

Effective Password Management – How Should It Be Done?

If there’s one thing that I’m sure most people would say is a necessary inconvenience, it would be password management.

Since the dawn of computing, people have been using passwords to restrict access to their important systems. But as time passes by this basic security mechanism has become increasingly long in the tooth, and several recent high-profile exposés of its weaknesses have done it no favours. They’re so entrenched in everything that we do on our computers, they’re unlikely to go away.

So, what can be done?

Before we can go into that, we need to understand what’s wrong with them – or, more accurately, what is wrong with the way that passwords are used by most people:

Password re-use

We’d be willing to wager that anyone reading this article is, or has been, guilty of re-using the same password. We’ve certainly been guilty of this in the past. Many people have a “system” whereby they use a different password based on the perceived “value” of the resource to them. They may use a good, strong password for their banking services, but a weaker, easier to remember password for social media.

However, the truth is, that re-using the same password even once means that you may as well be handing out access to all of the accounts to a determined hacker. That password may have already been compromised, even if you’ve not been hacked. If any website with that password combination has been breached, those credentials are available to anyone who knows where to look. Sophisticated “botnets” continually crawl other websites attempting to login with stolen details, which is a worrying thought.

You can check if your email address or login username has been compromised in any public data breaches at Troy Hunt’s excellent website.Most people will almost certainly be listed in this database at least once!

Weak passwords

There are a lot of misconceptions surrounding password strength. Often you’ll see advice saying that you should use uppercase letters, lowercase letters, symbols and numbers all in the same password. There is some truth to this, but the key element to a strong password is simple – length.

The longer a password is, the harder it is for computers to crack them. Even using a simple phrase made up of a few unrelated words can be a strong password (the classic example used everywhere for this is “correct horse battery staple”). If you are going to use a passphrase like this, it is best to change things up a little bit with uppercase letters, symbols and numbers as this can help prevent “dictionary attacks”. This is where hackers try millions of combinations of dictionary words to try and find a match.

We always recommend to our clients that a password should be at least 12 characters long. We use 16 characters as a base. That said, if your chosen password appears on this list of the top 1,000 passwords (and, according to that page, 91% of passwords found in data breaches do!) then you definitely need to pick another one.

I’m sure you’re now asking, “how am I supposed to remember a 16 character password?” – well, read on…

Poor password management

One of the reasons people re-use passwords so often is because no-one wants to have to remember a million different passwords for each of their accounts and services – and nor should you. Having to remember that many passwords is difficult for the vast majority, and leads to situations like that seen in the Operations Room at Hawaii’s Emergency Management Agency just yesterday. Hot off the heels of them mistakenly sending an emergency broadcast to millions of Hawaii residents warning them of an impending nuclear strike, they were interviewed on TV. You can clearly see they write their passwords on post-it notes and attach them to monitors in their office. Something that any IT professional is likely familiar with, and something that should absolutely not be allowed under any circumstances!

The answer to password management is to take the hassle away from you and use a dedicated password management tool.

Proper Password Management

The principle behind password managers is that you have one single password (called your Master Password) that you can remember. This should be very strong, as it is basically the key to your electronic front door. Gareth’s master password for his password management tool is nearly 30 characters long.

You then store all of your other passwords in the password manager. You use the tools it provides to automatically fill in login prompts on websites with the password that it has saved.

In an ideal scenario, all of the passwords in your password manager would then be completely random strings of characters. All password managers give you tools to generate secure passwords like this. It is a great way to ensure that none of your passwords are re-used. So, if one of them gets compromised, the damage is limited to just that account.

There are many different password managers available – 1Password, LastPass and Dashlane are three popular online password managers, while KeePass is an open-source tool that lets you store your passwords on your own storage, e.g. in Dropbox.

What else can you do?

There are a number of other elements to account security that can help you keep your accounts safe. Probably the most commonly known is two-step authentication. This is where you are sent a link via email to verify your login. A text could be sent to your phone containing a code that you must enter in order to login.

Enabling two-step authentication on your accounts is a great option. It doesn’t protect against that service being breached. But should someone manage to login to your account with the correct password, they can go no further. That is unless they have access to your email or phone. We always recommend enabling two-step authentication wherever possible.

What does the future hold?

Passwords have been around for a long time. As much as we’d like to see them go the way of the dinosaurs, it seems unlikely it’ll happen soon. In an ideal world, passwordless authentication would be the default method. For example, you would login with an email address and the service provider would send an email to you. Technically speaking, this is arguably less secure than using passwords. But until the vast majority of users stop using (and re-using!) weak passwords, it’s a better option.

Biometric security systems such as fingerprint scanners, face scanners and retinal scans are becoming popular. These have their own drawbacks. Apple’s FaceID system (found on the new iPhone X) has come under intense scrutiny since its release, with a number of shortcomings already being found. But, it is a good place to start when looking at alternatives to passwords.

Need any advice?

If you have any questions about effective password management, feel free to drop us a line.

< read more >

New Year, New Me!

As the first days of January roll into view, we take a look at what to expect from the coming year. These are the trends and changes that we think you should consider in 2018.

The Rise Of Augmented Reality

The introduction of the iPhone X was dominated by facial recognition and the £1,000 price tag. But, the iPhone’s capabilities when it comes to augmented reality are very exciting. Perhaps even revolutionary. Pokémon Go pioneered the push towards real-time immersion in 2016, but that was just the beginning. As the technology in our phones continues to improve, businesses will begin to use AR in more creative ways. This will lead even more exciting and interactive opportunities in 2018. Already, Ikea Place is changing how we shop at the famous flat-pack retailer, and Google Translate is managing to break down the language barrier.

Heat Mapping Has Arrived

We can all agree that UX is a vital aspect of design. Customers ultimately want the very best experience from start to finish. And now more than ever, the customer journey is a multi-layered process. Heat mapping allows you to see how users interact with your website, instead of only displaying stats. By tracking the physical movements of a user it is easy to see which areas that are causing friction. We’ve discussed heat mapping before, but as websites continue to evolve, it is becoming fundamental to their functionality that you understand what people are doing on them.

Social Media Is The Next BIG Thing…

Businesses are becoming dependant on social media in order to reach their audience. It is no longer something to consider in your marketing strategy. It is a necessity. In 2017, “Social Media advertising spend increased over 60% year-on-year” according to ADWEEK. So, with continued investment and an ever-increasing number of users across several different channels, what new opportunities are available?

Clever Chatbots – Chatbots are getting smarter, easier to use and much faster at dealing with enquires. They are becoming an excellent and reliable way of streamlining customer service.

Ephemeral Content – That’s when the things you post disappear after a period of time. Snapchat was founded on it, and it is a key feature on Facebook and Instagram. Ephemeral content is an engaging way of creating a sense of FOMO (fear of missing out). Could your brand benefit from it?

Live Video – YouTube has over a billion users and is the second biggest search engine in the world. That means there is a huge potential to engage with your audience. Live video will continue to grow throughout 2018. We will no doubt start to see brands creating their own live channels, meaning there are potentially millions of users able to watch your content for free. It’s an exciting opportunity ready for the taking.

Generation Z – An age-old question; How does your business appeal to the next generation? What do you do to engage with them? Well, firstly, you need to know who they are? Generation Z are obsessed with their phones and yearn for authentic experiences. They will respond to less text and more images. They have a shorter attention span and use multiple screens at the same time. And in regards to social media, they love it! It has always been there for them. However, they don’t want to use the same ones as their parents. Do you still think you are appealing to them?

General Data Protection Regulation (GDPR)

New EU regulations are coming into play in 2018 called the General Data Protection Regulation. If you are not aware of them, then this is a good place to start. In a nutshell, the information you have about an individual needs to be available when requested. As a business, you need to be transparent on the data you have on your customers and how you use that information. The terms surrounding consent are being overhauled. Make sure you are clear on these new laws that will go live from 25th May 2018. Keep an eye out for our full update in the coming months.

Voice Search

There has been a sharp rise in people buying and using voice-activated products such as the Amazon Echo and Google Home. With the increase of users comes the exciting, albeit unexplored opportunity of voice search results. Over the next couple of years, Google and Apple will be investing heavily in improving Siri and Google Assistant, and businesses will need to consider how they can appear in the search results (another factor to consider in SEO). It will no doubt take a bit of time to get to a position where we are relying solely on voice commands to deliver accurate search results, but it cannot be ignored. Amazon has already started to see the benefits in this area with, “Echo owners spending $400 per year more than Prime subscribers”.

< read more >

27th November '17

christmas competition source

25 Days Of Christmas Charity Game

Every day in the countdown to Christmas Source will be giving you the chance to win one of our daily star prizes kindly donated by our awesome clients in our 25 Days of Chrismas Charity Game. Help us to celebrate the festive season and join in the fun. For every person that plays, Source will make a donation to Severn Hospice....

< read more >

12th October '17

careers source team

Kit celebrates 10 years at Source

When Kit joined Source back in 2007 as a part-time Flash Developer, he would never have guessed that it would lead to a career as a web developer. He was fresh-faced and straight out of university, with a keen desire to expand his knowledge and gain experience in the workplace. A Web Developer's Learning Is Never Over Over time, Kit...

< read more >

2nd October '17

advice adwords

It’s Clear; Don’t Design Your AdWords Bidding Around Competitors

When using Google AdWords to promote your business, it’s important to keep an eye out for new ways to refine your campaign. Whether it’s devising compelling ad copy or targeting new, topical keywords, ensuring your ads are relevant to the user’s query is essential. But what should you do when it comes to your competitors? Especially if they’re well-known in...

< read more >

14th August '17

charity shrewsbury source

The Coracle World Championships?! Whatever Floats Your Boat

Yes, that’s right. Just three months after the last event, Source are at it again; banding together and raising money for another worthy cause. This time, the event takes place on the banks of – or should we say “in” (probably!) – the River Severn. Once again, we’re delighted to be taking part in the Macmillan Coracle World Championships. What...

< read more >

1st August '17

internet law security

Digital Economy Act: 2017 Updates

We are half way through 2017, yet this year has already proven a rambunctious time for digital lawmakers! In the UK, discussion has been rife over recent changes in Internet law. The Investigatory Powers Act, which controversially allows our secret services to snoop on and record Internet habits, came into being earlier in the year. Against the advice of… well,...

< read more >

26th July '17

awards event

Source At The Shropshire Business Awards 2017

Suited and booted in our finest clothes, several members of the Source team recently headed over to the Telford International Centre to attend this year’s Shropshire Business Awards. The awards ceremony is a firm favourite of ours and, as usual, a great night was had by all. We enjoyed a fun-filled evening to honour the numerous successful Shropshire-based businesses. Many...

< read more >