Throughout the history of the internet, there have been distinct times that mark significant change to the way the technology is used or to the technology itself. Remember when Netscape was the browser of choice? Seemingly overnight, Internet Explorer knocked Netscape off its throne forever. Remember a time before Facebook? Remember Myspace? The internet is constantly evolving with changes to the applications we use as internet consumers as well as the technologies that lie beneath.

We find ourselves at another such time, a time we may look back on  as the time that mobile began to dominate the way we present information on the web. More than 30% off all internet traffic is now considered mobile including smartphones and tablet devices and this is forcing a change to how website owners present their information. The traditional desktop website is no longer adequate in providing a pleasing user experience to all viewers. While these sites do in fact display on smaller screens, they can be difficult to read and navigate.

As luck would have it, there are now several new technologies and design techniques, supported on most current browsers, that allow us to address this proliferation of mobile visitors:

HTML5/CSS3

HTML5 and CSS3 are the latest standards developed by W3C (standards body for web stuff). And while these standards have not been fully ratified, there is enough support among all current browsers for us to start using them. There are many goodies in these new standards for web designers that allow us to develop faster and more vibrant websites. By reducing or eliminating the need for external graphics in many cases, we can create websites that are much faster to load on mobile devices that may have limitations on bandwidth.

Responsive Web Design

This is the big change that will be looked back on as a turning point in the world of website design. Simply put, Responsive Web Design (RWD) allows a website to adapt to whatever viewing platform it is being rendered on. Whether the site is being viewed on a 50 inch HDTV down to an Iphone 3 (I know, what a fossil!), the website will magically transform itself so the information is presented in a user friendly way, eliminating the need for zooming and side scrolling on mobile devices all while taking advantage of the larger screen space on big monitors.

This is made possible only by the support of HTML5 and CSS3. As I mentioned, there are some goodies in these new standards that allow us to do some really cool things to make this possible. While some of the older browsers may not support these things (like older versions of IE, seriously, time to upgrade!), that’s OK. We can design our sites to handle this, while taking advantage of the newer stuff in the more advanced browsers. And guess what? All the mobile browsers support these new cool things! So we know when the site is viewed on a smartphone or tablet, we can take full advantage of these new features.

So we can see that this is an era where many different forces are combining to change the way we design and view websites.  HTML5, CSS3, mobile devices and Responsive Web Design and now teaming up to bring you the next generation of websites!

Recent statistics suggest that more than 30% of all web traffic is from mobile devices including smartphones and tablet computers. As website owners, we must now take a good look at our web properties and decide if they are still achieving our business goals for these mobile users. But first, what are we dealing with here?

The Mobile Browser Problem

The days of the “flip-up” Razr phones with their tiny screens and dismal browser support are all but gone. Today, we’re dealing with smartphones including Iphones, Android based phones and others as well as a variety of tablet devices. All of these have much better browser capabilities, but they still suffer from one common problem – screen size. Most websites designed to be viewed on a traditional monitor are built to fill a large screen with a width anywhere from 800 pixels and up. Today’s mobile browsers scale these pages to fit on the smaller mobile display. The problem is, much of the text, graphics and images are shrunk so much they are almost impossible to read. So you zoom in and out – a lot. From a user’s point of view, this gets quite aggravating and can lead to a poor user experience – something to be avoided.

There is also the question of browser support, but this is becoming less of an issue as mobile browsers are increasingly standardizing on their support levels. Still, it can’t be ignored altogether – Iphones, Ipods and Ipads don’t support Flash for example, so that technology goes the way of the dinosaurs. If you have Flash on you site, it’s probably best to replace it.

Still another challenge for mobile devices is the ability to change orientation between portrait and landscape by simply rotating the device. Websites need to look good both ways.

Mobile Solutions

To deal with these unique mobile browser characteristics, we have a few options to choose from:

1. Do nothing – let users deal with zooming. Not good…
2. Modify the existing website to handle mobile displays as well as desktop platforms.  Good, but very complex and expensive.
3. Develop a separate mobile site. This seems to be the more popular approach…

What Should You Do?

Take a look at you website on a mobile platform. Is it easy to read and navigate the site? If you have to zoom in and out a lot, it may be worth considering a mobile site. Depending on what information and functions you have on your site, it may not be as expensive as you think. Consult with your web developer to see what’s possible – some 30% of your visitors may be happy you did!

We’ve been discussing many aspects of website security over the past few weeks. Some of the issues have been very technical and the responsibility of dealing with these issues often rest in the hands of the developer. Password protection however, is everybody’s responsibility. This week, we discuss passwords as a security issue.

Most of us have accounts on many different sites – everything from online banking, shopping, social media, email and more. Experts tell us that we should not use the same password for all these accounts for if someone gets the password for one account, it may allow access to many more – and they’re right. However, keeping track of dozens of different passwords is not always practical either. Some users take to keeping a list of passwords somewhere safe, whether it be a paper or electronic version. Good – but if you lose that or someone gets a hold of it, you’re in trouble. This article won’t attempt to tell you what you should or shouldn’t do in that regard, but we will discuss the difference between weak and strong passwords, based on how hackers will try to break in to your accounts.

Password Complexity
Any password you create should have a high degree of complexity. Many sites will enforce password complexity when you set up an account. Typical requirements include password length and the use of uppercase and lowercase letters, numbers and special characters (!,#,& etc…). What advantage do these measures give? Let’s consider this from a hacker’s point of view:

Let’s say the hacker has already obtained your user name – not always that hard, often it’s your email address. By using an automated script, he can now automatically try may passwords until he finds one that works. And they do this – a lot. Now let’s say your password consisted of only 2 lowercase letters. With 26 letters in the alphabet, that makes 676 possible combinations. An automated script would blow through that in seconds.

OK – but now let’s say we have 8 lowercase characters. Well that’s 208,827,064,576 combinations – much better. In fact, even at 1000 combinations per second, it would take more than 8 years to crack. Isn’t that good enough? Well no. Most people don’t use a totally random set of characters for their password. They will usually use something they can remember. Sometimes it may be the name of a pet, a child, a place or a birthday – something that only they would remember. Seems like a good idea, but hackers are really good at what they do. This is where “social engineering” comes in. A lot of this “personal” information is readily available on the web – Facebook comes to mind. If you look at a person’s Facebook page, you can usually find all of the information mentioned above. A hacker targeting you (and yes, it happens) can get that sort of information from Facebook, Twitter and many other online sources. So using a pet name for a password for example, can often be cracked quite easily. If your dog is names Lassie and that is your password, well, the hacker is in.

So this is where letter case, numbers and special characters come in. By mixing in these additional characters, the likelihood of a hacker guessing your password drops dramatically. Something like laSsie!122 all of the sudden becomes very hard to guess, yet may be easy enough for the user to remember. By using these additional characters, you make it much more difficult for hackers to guess your password.

Hacker Attacks
One of the most common approaches that hackers use is to have their netbots troll the internet looking for log in pages. When they find one, their automated scripts try a large set of common usernames and passwords. For example, the username “admin” could be found quite often on a website CMS function. Combine that with a set of hundreds of common passwords and maybe they can break in. If not, they simply move on to the next site they find.

The trick is to avoid the common usernames and passwords – instead of “admin”, how about “admin871″, or “admin!24″. Combined with a complex password, these automated attackers will have little chance of breaking in.

Remember, hackers are always out there. There are thousands of the automated attacker scripts constantly trolling the web looking for an opening. It’s a very real threat and if you’ve ever been hacked, you know how unpleasant it can be. Yet the simple act of adding some additional complexity to your passwords may be all it takes to repel the hackers. If your passwords are too simple, change them now before it’s too late!

Many websites make use of one or more applications. Any code written to provide some particular set of functions can be considered an application. Some applications are custom designed, some are open source (free to the public) and some are commercial (cost money). We will discuss some of the security implications associated with each.

Custom Applications
Many websites make use of custom designed applications to provide some function that may be unique to that website. Even the simplest application can present an opportunity for hackers if proper security measures aren’t taken. Database access and system log in functions can be particularly vulnerable. Hackers have automated tools that can try many combinations of username and passwords looking for “weak” credentials. A good log in system will insist on a minimum complexity for passwords that includes letters, numbers and non-alphanumeric characters.

Databases are vulnerable to different types of attacks including “SQL Injection” attacks. When a hacker has access to a legitimate HTML form that accesses a database (a log in function or contact form for example), they can enter data that if not properly guarded against, can provide the hacker with full access to the database. This is fairly easy to guard against – it’s a matter of not allowing certain characters in a database query – if your developer is aware of the risk.

Generally speaking, the security of a custom application is only as good as the developer’s knowledge of security issues. If you have security concerns with your site, you should probably hire and experienced coder for your application development.

Open Source Applications & Commercial Applications
One of the great things on the internet is open source applications. “Open Source” means that anyone can grab the code for an application and customize however they see fit – for free. Open Source software is usually developed by a community of authors and includes varying levels of help and support. These applications can be huge time savers and what is better than free? Open Source applications include Drupal CMS, WordPress (blogging application), Zen Cart (Shopping cart) and more.

The downside to these Open Source apps is that hackers know that they are used on many websites. If they find a vulnerability in one of these applications, they could gain access to any website that uses it.  With the help of netbots (software that automatically surfs the web), they can surf the web looking for the app and exploit the vulnerability.

Most Open Source applications are quite secure, but there are no guarantees. The only defense is to follow proper installation procedures and to keep up with application updates. Most applications are updated on a regular basis, often for security reasons. Also, if your developer makes any sort of modification to the app, the same concerns would apply as that for Custom Applications.

Commercial Applications share the same concern as Open Source except that your developer typically can’t modify the application. Again, stay up to date  with your application versions. More often than not, the update will contain some security patch.

Website Applications are what bring the web to life and are used on many sites. As a website owner, it is important to understand that there are security issues associated with any application and to discuss these with your developer.

Next Week: Password Security