| |||||||||
|
1. #21183 2. #18804 Asking for Usernames and Passwords on the Web The Web has moved beyond purely open content available to all. We now want to use it to collect and provide information that we want to restrict in some way – to members, or to staff, or because it is sensitive or personal data. One common method of restricting access is to ask users to enter username and password. Even this simple combination can be a source of annoyance and frustration to users but it does not have to be. This paper compares options for setting up and maintaining usernames and passwords, and also shows how to design a screen so that users are guided easily to the correct choices. Miller, Sarah and Caroline Jarrett. STC Proceedings (2002). Design>Web Design>Security 3. #26745 "Backing Up" Doesn't Mean Retreating Recently, several friends and colleagues have lost important files as a result of viruses, power failures, computer crashes, and miscellaneous other disasters that accompany working with computers. Each person could have minimized the consequences if they had developed and rigorously followed a simple backup strategy for their data. The fact that this happened to experienced computer users in each case leads me to believe that data loss is symptomatic of a broader problem: As technical communicators, our tight focus on documenting how to use a product sometimes makes us forget to document the consequences of using the product. Hart, Geoffrey J.S. TECHWR-L (2006). Articles>Technology>Security 4. #27550 Community Creators, Secure Your Code! Don’t be like MySpace. Protect your community site from malicious cross-site scripting attacks. Bivald, Niklas. List Apart, A (2006). Design>Web Design>Security>Ajax 5. #27676 Community Creators, Secure Your Code! Part II In part one of this two-part series, we discussed the threat of cross-site scripting in general terms and introduced a number of important security concepts. In part two, we’ll take a more in-depth, hands-on approach: How does an attacker actually exploit the weaknesses found? How can you protect yourself? For reasons of length, we’ll limit our discussion to two specific, representative examples. Bivald, Niklas. List Apart, A (2006). Design>Web Design>Security>Ajax 6. #25323 Bloggers who recklessly gush all types of personal details in their blogs may regret it. Stalkers, child predators, identity theft criminals, fanatics, and others are seeking photos and names of children, home addresses, home phone numbers, etc. Learn about the Dark Side of blogging and be smart. Streight, Steven. Blogger.com (2005). Articles>Writing>Security>Blogging 7. #21442 Datensicherung und Archivierung Many computer users ignore the risk of data loss - until it is th late: Imporant Data have vanished. Who then desperately seeks advice in any of my mailing lists might get my try answer: "Simply restore from your last backup." OK, I do confess: This might contribute to a nervous break down. So better be prepared! von Obert, Alexander. Techwriter.de (2003). (German) Articles>Computing>Workflow>Security 8. #20005 Most people sending e-mail nowadays take no steps to prevent their messages from being intercepted. That's fine for many types of messages, but just as there are written messages that you wouldn't want to put on a postcard and would prefer to have protected by an envelope, there's a need for encryption in electronic communication. Besides, encryption can do more than keep things secret. The concepts on which encryption is based can be difficult, and most of the complication is handled behind the scenes by software. Nevertheless, it's useful to have a general understanding of how encryption works. Encryption software (often part of a Web browser or server, e-mail client, or other program) is built around the use of a special number, called a key, to convert information into a form that can be read only by someone who has the key needed to decrypt it. Ivey, Keith C. Editorial Eye, The (1997). Articles>Writing>Email>Security 9. #22820 Dishes up the why and how of real-life data encryption, covering PGP and GnuPG, and using PHP and the mcrypt and mhash libraries. Meloni, Julie. Webmonkey (2000). Design>Web Design>Security>PHP 10. #29424 The first 'macro viruses' attached to Microsoft Word documents emerged within weeks after Office 97 was released, and sounded the warning that a new era was upon us. Hart, Geoffrey J.S. Geoff-Hart.com (1999). Articles>Computing>Security>Viruses 11. #25256 In this article, I’ll discuss how to create a strong password, and how to keep track of all your strong passwords, if you have a definite need to keep more than a couple. Don't bother creating and remembering strong passwords for low value systems, and certainly don’t use the same passwords for low value systems that you use in high value systems. Locke, John. Free Software Magazine (2005). Articles>Software>Security 12. #30317 How Safe is the Data on Your Hard Disk? As a technical writer with above average organizational skill, you likely already keep your files in nice little subdirectories in logical little groups -- User's Guide illustrations here, research notes there, stuff for the service manual over yonder. But what if, in an instant, your files were all taken out of their subdirectories and put in one big directory? Could you distinguish one file from the other without opening them up? You can only assume that files with identical names disappeared. Varney, Gord. Boston Broadside (1991). Articles>Technology>Security 13. #31576 httplib2: HTTP Persistence and Authentication In this latest Restful Web column, Joe Gregorio explains HTTP persistent connections, pipelining, and the sad state of HTTP authentication. Gregorio, Joe. XML.com (2006). Articles>Web Design>XML>Security 14. #28741 The Inaccessibility of CAPTCHA: Alternatives to Visual Turing Tests on the Web A common method of limiting access to services made available over the Web is visual verification of a bitmapped image. This presents a major problem to users who are blind, have low vision, or have a learning disability such as dyslexia. This document examines a number of potential solutions that allow systems to test for human users while preserving access by users with disabilities. W3C (2005). Design>Web Design>Accessibility>Security 15. #23606 Put simply, cookies are 'caller ID for the 'Net.' They store small pieces of text in your browser and can only be retrieved by the site that stored them in the first place. Although many sites use cookies only for user identification, others developing CD or standalone help and courseware recognize the cookie's ability to imitate server behavior by generating dynamic HTML content. Nelson, Mark. STC Proceedings (2003). Design>Web Design>Security 16. #21988 Computer security is a give and take situation. You can never be safe so long as you offer services. However, without offering services you may as well not have the computer in the first place. Thus, security becomes more about acceptable risk and emergency recovery than impregnability. It is your job to make sure that the cons of a break have far less impact than the pros of having a web site. 17. #28077 iScribe - Information Security Documentation A blog on documentation requirements of the InfoSec domain, security implications of documentation technologies, tools and practices, and the information security perspective on information standards with occassional blurbs of the writer's views and lessons in technical communication. Jithra, Khushbu. iScribe (2006). Resources>Documentation>Security>Blogs 18. #26333 Mask Your Web Server for Enhanced Security Masking or anonymizing a Web server involves removing identifying details that intruders could use to detect your OS and Web server vendor and version. Lima, Joe and Thomas Powell. evolt (2005). Articles>Web Design>Security 19. #28107 Minimal-Feedback Hints for Remembering Passwords Passwords are a widely used mechanism for user authentication and are thus critical to the security of many systems. Strong passwords (e.g., b5j#Kv!8N) are less vulnerable to attack but at the same time more difficult to remember. Minimal-feedback hints are introduced to support users in remembering their passwords and thereby enabling them to choose stronger passwords. Hertzum, Morten. uiGarden (2006). Design>Web Design>User Interface>Security 20. #26032 Five years ago, having access to the Internet and a healthy computer required quite a low level of knowledge. Now, you need a veritable technology armory to stand any hope of staying safe. Usability by Design (2005). Articles>Usability>Security 21. #26334 Password Encryption: Rationale and Java Example Most of the web sites today have some sort of a registration module where a user is asked to choose a username/password combination. This data gets stored in the database. You might wonder if the password you provide will be kept well-protected (read encrypted). In case you are the person designing such backend registration component, why not give your users peace of mind by encrypting their passwords? Shvarts, James. evolt (2005). Articles>Web Design>Security 22. #27536 Password Security: What Users Know and What They Actually Do This study investigated the common password generation practices of online users. Three hundred and fifteen undergraduate and graduate students completed a survey querying (1) the types and number of different password protected accounts maintained; (2) actual practices used in generating, storing and using passwords; (3) practices believed they should use in generating and storing passwords; and (4) general demographic information. Results indicate that, in general, users do not vary the complexity of passwords depending on the nature of the site (bank account vs. instant messenger) or change their passwords on any regular basis if it is not required by the site. Users report using lower case letters, numbers or digits, personally meaningful numbers and personally meaningful words when creating passwords, despite the fact that they realize that these methods may not be the most secure. Riley, Shannon. Usability News (2006). Articles>Usability>Security 23. #21100 Poor password usability can ruin your web registration process. While passwords are a painful fact of life, there are ways to minimize the problems that users face. This article contains suggestions on how to best collect passwords during the registration process, and it will help you determine if you should allow users to save their passwords. Ledwell, Joshua. WebWord (2001). Design>Web Design>Usability>Security 24. #26328 PHP Login System with Admin Features I have written and am presenting here a complete Login System that can be easily integrated into any website. evolt (2005). Articles>Web Design>Security 25. #15176 Protecting Yourself Against Viruses and Hackers Discusses how business owners can protect themselves from computer viruses and hackers. The article includes a sidebar listing anti-virus resources. Fugate, Alice E. Intercom (2002). Articles>Technology>Security>Viruses
| |||||||||
| |||||||||
Click here to learn how to embed the RSS feed of this category in your website.