Blog

Rants, raves, and geeky nonsense!

A Lesson in Password Management

| Posted | Comments | ,

With the recent news of the Heartbleed Bug, I have begun resetting all my passwords for online accounts. In the process of doing so, the thought occurred to me that many folks have no idea how to properly manage their passwords. I’ve seen situations where many of my family members, friends, and clients use the same passwords over and over again for just about every account they have online…even for important accounts like their email, banking, and social media; accounts that, if hacked, would reek holy havoc on their digital life. If this is a problem for you too then hopefully this blog post will point you in the right direction in remedying this issue.

The key to keeping your online accounts secure is having strong passwords. However, even that isn’t always enough because a website can still get hacked if there is a vulnerability in the software. The main problem with the Heartbleed Bug is that you end up being vulnerable regardless of whether you have a secure password or not. The good news is that most of the major sites have already updated their servers with a security patch to fix the Heartbleed Bug (see The Heartbleed Hit List). Even then, there are thousands of other sites that haven’t been fixed yet. If you are unsure whether a website is effected by this bug, your best bet would be to simply notify the site owner and ask them, especially if this is for an online account that is important to you.

Aside from any vulnerabilities, the best way to protect yourself is to do the following:

  1. Use strong passwords
  2. Always use a unique password for each account
  3. Routinely change your passwords at regular frequencies

All of this may seem daunting. After all, what does a strong password look like? If you have to use unique passwords on every account, how are you going to remember them all? Not only that, but changing passwords take a lot of time, especially when you have to come up with all those unique passwords and record them for safekeeping, right? That’s where a good password management tool comes into play.

While there are a number of good password management applications, my favorite is 1Password by AgileBits. One of the reasons I like it is that, along with managing website passwords, it can handle other tasks such as storing credit card information, filling out registration forms, generating strong passwords, and more. And, because it’s cross-platform (Mac, Windows, iPhone, iPad, and Android) you’ll have access to all of your secure information wherever you go. It’s truly the Swiss Army knife of passwords and other secure information. With 1Password, you don’t have to remember all your passwords. The application handles all your secure information by storing it in a highly encrypted database that can’t be accessed unless a person knows the password to the database, thus the reason for the name of the application. You only have to remember the one password required to access your 1Password database.

If you’ve never used a password management program like 1Password, learning how to use it and getting comfortable with it might seem a little hard, which is completely understandable. Fortunately, AgileBits has plenty of online documentation and tutorials on their website. Along with that, ScreenCastOnline recently posted a free tutorial on how to use 1Password.

Because 1Password comes with a password generator, creating strong passwords is easy. Most sites will let you know what the password requirements are, which you can adjust the 1Password password generator to accommodate for. For sites that have little or no restrictions, I tend to crank up the password length all the way to 30 and set it to include at least three number and three special characters. The 1Password generator will give you an idea on how strong the password is with the strength meter.

Remember, the whole point of this application is to help you generate passwords that can’t be hacked easily. Let the program do the work for you and generate as complex of a password as possible that still adheres to the requirements of the site you’re generating it for. When creating a new online account or changing a password, try to use a different password for each account. The reason is that, if a hacker knows one password, they could potentially hack any account you have that uses the exact same password. Better to err on the side of caution and simply generate a different password for each online account.

I personally try and change the passwords for all my important accounts at least once a year. To aid in knowing which accounts to concentrate on, I created a number of folders in 1Password to help organize accounts by importance. I have a folder called ‘Accounts’ for all my important accounts like email, banking, shopping, and other accounts with highly sensitive information. This is the one folder that, when a major security issue occurs, I address first. Along with that, I have other folders separated by business, personal, clients, organizations, and miscellaneous. I always change the important stuff in ‘Accounts’ first followed by personal and business accounts.

I won’t lie, changing all your passwords can take time. However, a tool like 1Password greatly helps in cutting down time spent changing passwords. If you concentrate on the most important ones first then you can change others over time. 1Password does have tools that allow you to target accounts that have really old passwords. Once you get the hang of it, you’ll find managing passwords and other secure information with 1Password a piece of cake.

Got any other useful tips for managing passwords? Leave a comment in the comment section below! :)

UX of the Article Progress Bar on The Daily Beast Website

| Posted | Comments |

My wife showed this one to me today. While viewing and scrolling through the page, pay attention to what is happening in the "READ THIS.list" box on the right. Not only does it show which article you're on using a simple scrollspy indicator but it also tracks how far into the article you are using a gray indicator just behind the list item. This is a very interesting way of handling the navigation of large amounts of related content. It certainly adds to the user experience and is quite clever.

Now, some folks commented Reddit that this sort of feature just adds bloat and, while they might have a point, it's still a very clever and useful feature nonetheless. I think all The Daily Beast would need to do is find ways to optimize their scripts to cut down on the size and number of scripts loaded. I also agree with one commenter that features like this can definitely impact performance. For extremely busy pages with lots of features and scripts being loaded, I'm not sure if adding a feature like this is wise. Granted, this page loads and performs well for me...but what about others who don't have computers as fast as mine? Will they receive the same user experience?

This is a good example of how problems related to large amounts of content can be solved. However, it also reveals issues related to how bloated code can impact performance as well.

The Surprisingly Large Cost of Telling Small Lies

| Posted | Comments |

This New York Time article landed in my news feeds at a very unusual time. I don't think the timing could have been more perfect. Let's just say that some recent business dealing didn't turn out as rosy as I would have liked. I think the problem was exactly what this article talks about: a lack of honesty does nothing but ruin a good business relationship.

I try to always remain honest, transparent, and on the level with everyone I work with. What I didn't know, and what is perhaps the biggest lesson in business, is that not everyone I work with is honest with me. I learned a lot from the experience.

I value the relationships I have with my clients and partners. As such, moving forward, I will do my best to keep things as open and transparent as possible.

Mobile Devices to Boost US Holiday Ecommerce Sales Growth

| Posted | Comments | ,

According to eMarketer, mobile devices are expected to take up a 16% share of the total US retail ecommerce sales this holiday season. Man, that is freakin' huge! Basically boils down to this: If you're selling stuff online and aren't making it easy for customers to buy your stuff through their mobile devices then your sales wil be 16% lower than they could be. This is one of the big reasons why responsive web design is so important. You just don't know when, where, or how people will engage your websites. This is especially true for ecommerce sites...or mcommerce for that matter.

GhostLab: Bringing love back to website testing

| Posted | Comments |

GhostLab

Every now and then a tool gets released that completely blows me away; something so useful that I just had to buy it immediately. Today, that tool is GhostLab. GhostLab is a simple Mac application that makes synchronized testing for websites easy. If you're on a Mac and you're a web developer, this is one of those apps that you have to take a look at.

Any web developer will tell you that one of the biggest pain points in designing and developing a website is cross-browser testing. It's even more painful when you throw mobile browsers in the mix. Third-party services like BrowserStack offer great solutions to help with this but tend to be hindered a bit by a cumbersome workflow. Sometimes you just want to get in and test something quickly prior to any rigorous testing with services like BrowserStack. That's where GhostLab come in handy.

GhostLab blew me away based on three core features:

Any Site. Any Client.

When it comes to the websites you want to test, GhostLab doesn't care where it is. It can be static files sitting in a folder, a local IP or web address, or any external website. As long as you can get to it locally, GhostLab can test it. Just drag in a folder or URL and GhostLab will set it up so that you can test it. It's that easy. GhostLab has it's own built in server so all it's really doing is tunnelling all the traffic from whatever site your testing through it's own server. By doing so, GhostLab is able to bypass any of the complexity surrounding most workflows when it comes to cross-browser testing. It even works with virtual machines and emulators. As long as the browser you're on can access the GhostLab server then you're good to go!

Synchronized Testing

Imagine being able to open a website within multiple browsers and have it detect scrolling, clicks, reloads, and form inputs from no matter which browser instance you're using. Yep! GhostLab does it! I use CodeKit when developing sites and whenever I make changes to my code CodeKit will automatically refresh my browser window for me. What's neat about this is refreshing that window will also refresh any other browser that's running the same GhostLab site. That's a nice little bump in my productivity.

Another useful feature is the Workspace feature. Usually when I'm testing my code for a responsive design, the chrome and buttons in my browser get in the way of viewing how a site might look at a given screen size. With GhostLab, I can fire off an Open Workspace command and the site will open up into three different chromeless windows sized at three different mobile breakpoints. Very, very handy! Only thing I haven't been able to figure out is how to create and/or update a workspace.

Inspection

This is the killer feature for sure! I can't tell you how annoying it is not having proper inspectors in Internet Explorer much less the absence of them in mobile browsers. GhostLab solves this by utilizing weinre, an open-source remote debugger. I looked at weinre in the past and thought about adopting in but getting it to work was a royal pain. With GhostLab, weinre is built right in so no setup or configuration required. This gives you a Webkit-like inspector for any browser. I personally hate the web inspector in Internet Explorer and prefer the Webkit inspector so having this feature available is a huge time saver for me!

I typically test using a few different virtual machines. I have a couple of Windows VM's for testing different versions of Internet Explorer and other Windows-based browsers. I have the iOS Simulator that I use to test iOS devices. And I have the Android SDK for testing Android-based tablets and phones. Usually, I have to test each of these one at a time and, without inspector abilities or synchronize testing, the process of debugging can be tedious at best. With GhostLab in the mix though, the workflow couldn't be any easier! Not only do I have the power or synchronized testing but full inspection and console access to boot! I'll likely still use BrowserStack for more thorough testing but for a basic testing workflow I don't think you can beat GhostLab. Check it out!