Security is the flavour of the month

The celebrity nude photos hack on iCloud and Google's recent algorithm update both highlight the increasing need for good security on the web.  Here are a couple of things you can do right now to help protect yourself and your website.

Passwords

The security built into current web servers and cloud storage systems is actually very good and the weakest point is typically the user's password.  It's no longer good enough to use a password like "1234" or "password" to protect your email or other on-line accounts; these could be cracked almost instantly by any halfway competent hacker using no more than a desk top PC.  In fact any password that is a dictionary word is highly vulnerable and should be avoided.  But very secure passwords using random characters are near impossible to remember so we tend to write them down - I've seen many a monitor festooned with passwords on post-it notes.  Hardly best practice!  

One way is to create a long password consisting of at least two memorable words along with some numbers and punctuation characters.  This will naturally give you a password of perhaps 12-15 characters or more that will be very difficult to crack without a super-computer.  The website www.howsecureismypassword.net estimates that something like Tour.14.France would take a desktop PC about 4 billion years to crack!

Secure websites - https and the padlock symbol

Google has recently announced that it will promote secure websites (those showing the padlock symbol in the address bar and having an address beginning with 'https') above unsecure ones, all other things being equal.  The 'https' prefix means that all the data transfers to and from the website are encrypted; passwords you type in are hidden from prying eyes and you can use secure communication for your email too.  Currently Google says that https will make about a 1% difference to your website's search engine rank but most people in the industry expect this to rise over time.  

Getting the https prefix means your website will need a security certificate which must be renewed every year so you should expect this to cost between £50 and £100 to set up and subsequently to add around £50 to your annual hosting bill.