Mark, Author at Web Professionals Global

March, 2023 Desktop View

by Mark | Mar 27, 2023 | AI and Machine Learning, CSS3, Web Accessibility, Web Professional Trends

March has been a most interesting month in terms of new advancements in web design and development. Here are just a few articles we found interesting this month. Perhaps a bit of a directed stream of our thoughts supported by articles. Admittedly, some were published prior to March and we just encountered them. We encourage you to review these articles and follow along with the stream as we focus on:

AI (and accessibility) – yes, they go together in many ways,
CSS,
JavaScript, and
Website sustainability.

AI (and accessibility)

First, let’s examine a recent post by Brad Frost concerning “design systems in the time of ai.” As mentioned at the end of the article “…AI makes it crystal-clear we need to be focusing on why we create things vs what/how we create.” In a nutshell, AI can be used to improve efficiency in what is created. We can be leveraging the power of AI to reduce the mundane tasks and focus on what is important.

So, what does AI have to do with accessibility? It can help tremendously. Last year, Accessibility.com published a great overview of “How Artificial Intelligence is Improving Accessibility.” This is a rapidly evolving landscape, and we can think in terms of AI-supported voice assistants helping those with visual impairments, AI driven transcribing can help with those experiencing hearing impairment. Likewise AI tools can help with speech impairments (think in terms of Parkinson’s or brain injuries)as well as mobility impairments. We encourage you to read the linked article to learn more.

Accessibility

Focusing solely on accessibility, we found the Guide to Accessible Form Validation by Sandrina Pereira to be most informative. She correctly asserts that when we build form validations from scratch we often overlook accessibility. Sandrina focuses on both usability and accessibility. We found this article to be a solid introduction and encourage aspiring web professionals to develop such an approach in all their work.

We also encountered this solid article dealing with color contrast. Yes, this is something everyone finds very annoying. We liked the subtitle – “Web Accessibility for Text & UI Design.” Good thesis – always make your UI components easy to identify.

CSS

Getting started with style queries by Una Kravets is a solid read also. The ability to query a parent object’s inline size along with container query unit values has achieved stable support in modern browser engines. Una covers the fundamentals of working with these and provides useful examples (including code snippets). Of course, this technology continues to expand and you should be come familiar with these approaches whether you are a practicing web professional or an aspiring one.

JavaScript

Sandworm audit is a command line tool to identify vulnerabilities, malicious scripts, license, and metadata issues. It is free and open source and works with any JavaScript package manager. Have you tried it out? What are your thoughts?

For those who like a bit of spice with their JavaScript, we encountered Jared White’s “Great gaslighting of the JavaScript Era” article. This article represents a cogent view of many of the internal discussions we have been holding for several years. The web is built on standards and protocols. Your site is based on HTML, but can be served from any operating system on any hardware any place on our planet. You do not need a JavaScript framework to build a simple website. We seem to have forgotten that. Yes, I have personally seen sites relying on large JS libraries to display what could be done in a few lines of HTML (and stuled with a bit of CSS). Good article (and we agree with you Jared). This article is also a great segue to the issue of website sustainability (see below).

Website Sustainability

Alexander Dawson published an interesting article on the carbon impact of web standards in January, 2023 (yes, we just encountered this one and it is worth reading). Given that the Internet is a major source of carbon pollution, it is important to think in terms of sustainable web design. Yes, Greenpeace recently reported that if the Internet were a country, it would be in the top 10 carbon emitters. The BBC published an overview of the extent of the problem a few years ago. Yes, the WWW is highly dependent on electricity (and the source of much of that electricity is not carbon neutral). Alexander focused on HTML and CSS and how much energy was required to render a basic boilerplate. He relied on different browsers, different hosting providers, different equipment and different locations (among other variables).

His test suite consisted of nearly 300 HTML elements and attributes, over 500 CSS rule, selector, and property tests, and over 50 media and other specification tests. He noted that embedding interactive content caused the use of a significant amount of CPU, GPU, RAM, and data usage. Non-standard code triggered rendering issues as well. with respect to CSS, animation (specifically keyframe animation) and the use of custom fonts caused a dramatic impact. For media formats, SVG is the best. We thought his conclusion (below) summarized that major changes are needed.

Existing evidence shows that websites are getting more bloated [54], sites remain largely inaccessible [55], and with JavaScript taking higher importance than basic semantics in tooling practices, the backbone of the web (HTML & CSS) have become clogged with un-performant code. The existing web needs a firm shake-up if it is to meet it’s commitments to become sustainable (and user-friendly).

Your thoughts?

Yes, that was a lot to examine this month. We are keen to learn what you liked and what areas you would like us to examine in greater detail. We look forward to your comments.

2023 State Web Competitions

by Mark | Mar 21, 2023 | Web Competitions

We are working closely with a number of states this year to help them better align their state SkillsUSA web design and development competitions with our national SkillsUSA competition to be held in Atlanta. Although our calendar is rather full, we are still willing to help additional states (if they request). Just contact us as soon as possible.

Contest overview

We provide the overall environment, assets, detailed scoring rubric, and online testing environment. We do ask that each state provide a contest supervisor (physically present the day(s) of the competition and judges who have knowledge of web design and development. We offer this overview of the contest:

You will do all of the coding in an online editor environment.
All teams will be given the same wireframe to implement.
You will decide the colors, fonts, spacing and other aesthetics for the client and implement the aesthetics into the provided layout.
The ‘client’ has provided images and content.
- As is often the case in the real world with assets provided by clients, they may not be completely appropriate for the web.
- You should rename and optimize images. You may adjust and add effects to fit your aesthetic vision.
You are not allowed to use frameworks such as Bootstrap or jQuery or React. You must be able to demonstrate competency with the foundational technologies, HTML, CSS, and JS in this competition.
Judges will use any or all of the latest versions of the following browsers
- Desktop: Chrome, Firefox, Safari, Edge
- Android: Chrome
- iOS: Safari on iPhone and or iPad
- Accessibility: JAWS screen reader or Apple VoiceOver

Coding Environment

We create the virtual coding environments for use by each team. We encourage competitors and judges to familiarize yourself with the coding environment prior to the competition: https://webprofessionals.site/IDEoverview (this link will open in a new browser tab). Obviously, it takes us a bit of time to spin up the individual environments for teams (which is why we ask for as much advance notice as possible).

External Resources

We are often asked if competitors can use external resources. Of course, but there are limits as we want as consistent an environment as possible (so judges can better evaluate similar work).

You will be allowed to use Google Fonts to find a font that is appropriate for the client. (https://fonts.google.com/) (this link will open in a new browser tab).

If you need textures or other design assets, you may find resources from the internet during the competition. They must have appropriate copyright licensing and sources will need to be documented. It is up to the competitor to confirm appropriate copyrights are followed (judges may likely check – disqualifying teams who do not follow copyrights).

You will need to find or create iconography for the client. We recommend https://thenounproject.com/ (this link will open in a new browser tab).

For those who would like to distribute a copy of this information, we provide a PDF version of this document.

February, 2023, desktop view

by Mark | Feb 27, 2023 | CSS3, Industry News, JavaScript, Web Development

Here are some of the articles we have been reviewing during the month We hope you find them as interesting as we did. [Note: these links will all open in a new browser tab.] Don’t forget to let us know what else you would like to see in terms of current professional trends in web design and development. Here are the categories of what we encountered during February:

CSS
JavaScript
Web Development Trends

CSS

Here is an interesting read – 10 modern layouts in one line of CSS. These include sidebar says, the pancake stack, the 12 span grid and much more. Let us know what you think of these.

If you are curious where CSS is going, consider the high definition CSS color guide. With Chrome 111, there is support for CSS Color 4 gamuts ( size of something) and color spaces (this is explained in much ore detail in the linked article). This means there is 50% more colors in supporting browsers.

Native CSS nesting may also be finally arriving (in Chrome 112, for example). Bryce Wray provides a nice overview of recent experiments with this.

JavaScript

Did you get a chance to review the state of JavaScript in 2022 article? In a nutshell, JavaScript is more vibrant than ever. Of course, there are many more details to be found in the linked article.

Web Development Trends

Robin Wieruch published an interesting overview of 10 web development trends in 2023. Among the trends discussed is a movement from client side rendering to server side rendering. It is worth noting that server side rendering is now relying on JavaScript. Serverless functions continue to be a trend this year.Because of this, databases are also experiencing a renaissance. In terms of JavaScript runtimes, Deno is a successor of node. To learn more about these trends (and much more), we recommend reading the entire article.

Horror stories

As professionals, we are always working with clients. We thought it might be helpful to share a horror story or two each month. Obviously, there are lessons to be learned. However, the fact that we have been using web technologies over three decades and still see some problems repeating means we are not fully learning these lessons.

Case in point. I was helping a client with a WordPress site. They had recently purchased a plugin and were experiencing difficulty in using the enhanced features which came with the upgraded plugin (freemium model is still very popular, isn’t it). Specifically, I was asked to investigate why all the added functionality remained greyed out despite having paid for the upgrade. To keep the story short, one had to click on the greyed out item to “load” the enhancement. Took yours truly about an hour to figure that one out. Lesson we should all have learned by now – there are standard design patterns which must be followed. To show something as greyed out means it is not active and not available. Breaking a pattern which has been in use for well over a decade causes unnecessary consternation. A simple explanation that one must click on an item to activate it might have sufficed (instead of wasting the time of multiple individuals).

As if that wasn’t enough, when helping another client, I needed to contact technical support for a WordPress plugin. Believe it or not, the individual who was trying to help me quickly asked for my username and password so they could access the site as an administrator to see what the problem was. Ummm, NO. Ok, they then asked if I could create a separate administrator account for them to use so they could see the site. Ummm. NO again. Think about this from a security perspective – if you allow someone (who you don’t know) administrative access to your site, you have handed over the data and capabilities of the site to a stranger. Would you gladly hand your car key fob to a stranger who asked for a ride to the store while you were waiting for the light to change? Maybe if your car was making a strange noise? Same concept. Never, ever, provide such access no matter how severe you think the problem is with a WordPress plugin. If you need that much help, it is time to find an alternate plugin. Shame on the vendor in this case for even allowing an employee to make such a request.

OK, readers, that is enough on the horror stories for this month. Do you have something you would like to share which tops these horror stories. Please let us know in the comments (or send us an email to our membership email at the top of the page). We are always interested in what you liked and would like to see in future articles. Just let us know that as well.

In case you missed these…

We recently published additional information about the proposed Websites and Software Applications Accessibility Act. We encourage you to review this post to keep up to date with what is happening regarding website accessibility.

Curious about security (especially passwords), please review our passwords and psychology article.

We also announced our 2023 web design and development competitions (including that we are recognized as a SkillsUSA Official Partner.

Your turn

We are always what you find interesting and what you would like to learn more about. Please provide comments below so we can better address what you find most interesting.

Announcing our 2023 web competitions

by Mark | Feb 10, 2023 | Web Design, Web Development, Web Pro Education, WOW News

We are proud to announce our new and streamlined for states to use for their SkillsUSA web design and development competitions in 2023. This model is based on over 20 years of running web design and development competitions (including 2 decades running the SkillsUSA national web design and development competition – which started as a demonstration competition in 2004). With the COVID-19 pandemic, we gained significant insights in running this competition 100% virtually. We have employed this knowledge as we enhanced our model for 2023. We are also proud to announce that we have been recognized as an official partner of SkillsUSA for 2023.

Alignment

We have been working with SkillsUSA for over two decades because of how much we are aligned in our vision of workplace needs. The SkillsUSA framework focuses on technical skills in addition to personal skills and workplace skills. This is the exact mix we strive for in our competitions. It is important to know the technical aspects of your trade, and it is equally important to work well in a team environment and follow ethical standards. This is also why we ask readers of our articles to sign our code of ethics (for members and non-members).

Our Internet based competition

This refreshed competition model is the most accessible it has ever been, enabling students to focus on creating innovative projects and equipping facilitators to run the competition seamlessly. Students only need a PC, Mac or Chromebook and an internet connection to participate in the competitions—giving those in rural, urban and suburban areas equal access.

Competitions can be run entirely online, which levels the playing field for students across the country and can give you flexibility should you need n the age of COVID-19 . This new competition model is future-proof and will be able to be implemented for years to come, no matter what the pandemic looks like in coming years.

Our (Web Professionals Global) competition support is free to state SkillsUSA competitions, and the new model makes the judging process more standardized and easier than ever before. States can run competitions whenever they want in 2023 in anticipation of our national competition in June in Atlanta. Please give us time to get your state setup with our online IDE (Integrated Development Environment), online exam, and online competition materials. Obviously each state will need Internet access during the day of competition for all competitors.

Not only does our new approach make it easier for any state to run their own web design and development competition, but it also ensures that every state is conducting their own competition that models the expectations their competitors will need to meet at our national competition. This gives every state — from small to large — the same turnkey resources to ensure a successful competition. This model is intended to only be used for the current cycle of SkillsUSA competitions.

Highlights

This new model includes:

Competition project with all graphic and textual assets that are similar in scope and style to what the competitors will experience at the national competition.
Easy-to-apply rubrics help both new and veteran judges quickly evaluate team projects for creativity, design and best practices.
Web-based coding editor and folder system allows judges to easily review any state competitor submissions. Judges can review work with just an internet connection, allowing states to have judges join virtually from anywhere.
Web-based editor and site storage means your events committee does not have to worry that any competitor’s work can be lost or misplaced—all of it remains safe on the web.
Judging preparation materials and training videos are included to make it easy for new judges to quickly get up to speed and be able to deliver consistent judging.
Optional competition kickoff and welcome video delivers a consistent message to all competitors as well as some helpful hints about the competition project.
Technical back up and support provided by our Web Professionals Global Organization.
Fast and easy sign-up for state SkillsUSA leadership teams to reserve their free competition kit and web-based tools suite.

Contact us now

Because of these new systems Web Professionals Global is implementing for this year, any state can run a turnkey competition and give students an opportunity to build meaningful projects in an engaging online environment. All of this is provided free of charge to any state wishing to have an organized and impactful state-level web design and development competition to prepare their students well for the national competition.

Let us know as soon as you can. As you can imagine, there will be many states taking advantage of all this support, and we need time to be able to deliver all that you need.

January, 2023 Desktop View

by Mark | Jan 31, 2023 | CSS3, HTML5, JavaScript, Web Security

Hard to believe January is almost behind us. Yes, time flies. As Executive Director, I am now in my 31st year of working with web technologies (yep, started in 1992). Obviously a lot has changed over three decades. And things continue to change at a rapid pace. Since it has been 3 decades, I found it entertaining to review the site focusing on web browser engines from 1990 until today. Nice bit of history for those who want a refresher (and for educators). [Note: these links will all open in a new browser tab.]

OK, now that the past is behind us, let’s see what is happening with the following web technologies (a few articles which caught my attention in these areas).

CSS
HTML
JavaScript
Security

CSS

If you are using CSS animations, you might consider AnimatiSS (a collection of CSS animations for your web project).

I also enjoyed reading more about the :has() pseudo-class including real world examples.

When working with media queries, I like the MediaQuery.style site. It has many of the more commonly employed ones readily available.

Although this is still a work in progress, the CSS fingerprint site demonstrates how one can use CSS (and only CSS) to track visitors. It is not really scalable as it presently requires over 1 MB of CSS downloads. However, it is an interesting concept. It does avoid technologies such as NoScript.

HTML

Yep, there are still changes happening to markup and tags. After much discussion, there has been some consensus on how to best use the dialog element. Actually, how it should handle its initial focus. You can read more at the post titled “Use the dialog element (reasonably)“. Note that this may not be implemented in all browsers, but it should be in subsequent releases of said browsers.

JavaScript

For those teaching JavaScript, you might find the beginners guide to Chrome tracing useful. Sometimes a DevTools trace is not enough.

I also came across this interesting article explaining why using document.write() is not always a good idea. It is fairly in depth and explains why the placement of suck code matter as well.

Security

Microsoft recently published their 2022 Digital Defense Report. You can follow the link to read much more. Here are some of the highlights (scary though they are).

921 password attacks happen every second (up 74% from last year).
they blocked 37 billion email threats last year.
Attackers are leveraging vulnerabilities in IoT device firmware to gain access to corporate networks.
The average cost of a data breach reached $4.35 million.
People are now the primary attack vector. Identity driven attacks account for 61% of breaches. Phishing remains the most common form of cyber attack.

Your thoughts?

These are some of the articles I have encountered and found interesting over the past month. What have you found in addition? We look forward to your comments and insights.

Web Education in the Age of AI

by Mark | Jan 30, 2023 | Education

ChatGPT and GPT Zero

Unless you have been sleeping soundly for the past few months, you have likely encountered many articles and social media posts concerning ChatGPT and related AI/ machine learning technologies as they relate to education. [Note that all links to external sites will open in a new browser tab.] As you probably know, the ChatGPT was first generally available in November, 2022.

Yes, one needs to train the software to get better results. Tools are emerging so one can better identify if a student has used this sort of technology in an essay (for example). GPT Zero is one solution for educators. However, many mundane tasks can be supplanted or replaced with AI. Is it possible that some of the tasks we ask students to perform fall into this category? Perhaps we should give some thought to what is rapidly happening with this technology.

How should we address as educators?

As I recently saw in a post on social media – “Will you be replaced by AI? Probably not. Will you be replaced by someone who knows how to use AI? Probably.” Yes, these technologies are here to stay. After considerable thought on this matter, it is probably best to embrace these technologies and employ them in our classrooms. Remember the “quote” at the beginning of this paragraph. We may well be doing our students a dis-service if we don’t show them how to effectively use these tools to solve business problems.

Perhaps we should consider using these tools to draft essays (with subsequent modifications). Consider an assignment where students are asked to draft an essay on a given topic. They are also then tasked with instructing ChatGPT to develop an alternate draft. Then students can focus on revising their work (perhaps incorporating some of what was machine generated).

Solutions

These tools exist to even create websites. Yep, HTML and CSS and somewhat accessible. Does that mean we should stop teaching HTML and CSS in our web design and development classes? No. Perhaps we should let students experiment with the tools and then apply their knowledge to improve upon the results. After all, they will likely encounter this when they enter the work force. Businesses don’t care how a solution was developed. They only care that their specific problem was solved.

Possible uses

It might be helpful to think in terms of generating visual images of concepts. AI can be employed specifically to accomplish this. Tools like DALL-E-2 can be used to create copyright free images one can employ as part of their work. There are other tools (such as MidJourney). We know many students struggle with creation of images to demonstrate their ideas as part of the websites they are creating. This might be a useful approach. We know there is much controversy in the design community as to the appropriate use of AI. Again, we should recognize that the tools are here to stay. We should figure out how best to employ them in our classes.

A colleague (Dr. Eliot Attridge) has published a series of articles as to how we might consider employing AI as part of our curriculum. A good starting article might be the one describing ChatGPT as an unreliable narrator.

Your insights?

What are your thoughts about using AI as part of teaching and learning? We look forward to your comments below.

Additional resources

Members have access to an environment (Wiki space) where we are collecting thought provoking articles and reference sites concerning AI in the classroom. This is one of many different resources we provide to our members. Yet another reason to join our community. As a member, reach out to us and we will provide you with the access to these resources.

Making a Difference Through Animation

by Mark | Jan 26, 2023 | Education, Profiles Of Success

Today we are highlighting some of our most recent members to have earned our Web Animator certification. Nine students from Pennsbury High School West in Fairless Hills, PA, recently earned the certifications, the first in Pennsylvania to do so. We caught up with a few students, including one in particular who excelled in the course, as well as Cathy C., who teaches the course. Cathy has already seen the impact it has on students in engaging them and helping them to meet the state’s future-ready initiatives. She knows she has opened up some student minds to think about possible creative career pathways.

Uncovering Hidden Talent

Teachers know they make a difference every day. Sometimes the changes they help students achieve are small, and sometimes they are big. One of Cathy’s students, “J,” was pushed to take the class but was not really interested in being there. However, Cathy saw what every educator hopes for–a student discovering his or her passion and realizing the world does need his or her creativity. J. was the quiet student who found out that the way he sees the world, his unique creative sense, is something that should be shared, and that his medium is animation.

Cathy talked about her experience teaching J.: “He just kept saying, ‘I’m not creative. I can’t do this. My mother is making me take it.’ Now he’s one of my top students, and he found out that he really is creative. He comes at problems with such an unusual viewpoint, and the other students can’t wait to see his work because it’s always something completely out of left field. He’s discovering that this thing that he always thought was his biggest limitation is actually an asset, and he loves it. He now has other students going to him for help in working on their animations.”

We caught up with J. to hear in his own words how he had enjoyed working through the Animation course and earning his certification: “At first I didn’t want to take this class. I liked the class AP Comp Sci A because you just had to follow the rules, and the program would work. This class, Advanced Web Programming and App Design (the animation class) didn’t sound like that because I’m not creative, but my mom wouldn’t let me drop the course. When Mrs. Costello put my nest-egg animation on the screen, everybody laughed. At first I thought they were laughing at me to make fun of me, but Mrs. Costello said, ‘No, J., they’re laughing because they think your animation is funny.’ But one of the other students said, ‘Yeah, we LIKE it!’ After that, everybody always wanted to see my animation on the projector first. Everybody laughed because they thought my animations were creative and funny. My classmates even asked me how I did things so I could teach them.

“Mrs. Costello says she doesn’t own the knowledge, and that means we can all have different right answers so mine can be right too! I was really proud of how my music video project came out, and my classmates kept wanting to see it again frame by frame because of how I made the tears fall on the animated kid’s face and the way I matched the animation to the music. That was really hard, but it meant a lot to me to get it right, and I was happy that everybody saw how much work I put into it. In conclusion, I really liked taking this class because I found out I’m creative and funny, and I’m sad this class is ending on Tuesday.”

What J. thought was going to be a class he hated turned into the class where he was a cool kid. He discovered that what makes him different is also a creative gift. Who knows? He may be the next Tim Burton (Director of Charlie and the Chocolate Factory and Frankenweenie) or Dan Harmon (Creator of Rick and Morty).

Reaction From Other Students

Like J., other students in the class thrived as well. Here are a few of the things they had to say about working the course and becoming certified Web Animators:

When asked about the experience of working through the course and earning the certification, one student said, “I liked the course and certification because they were flexible. I could work through tutorials and assignments in a less structured way.” Another said, “The industry certification is very important to me. I’m planning to pursue computer science as a college major, and the Web Professionals Global certification is a valuable way to distinguish myself from every other high school computer science student.” And another student remarked, “I wasn’t thinking of animation as a career option, not because I wasn’t interested in it, but because it didn’t even occur to me as an option. This has opened my eyes to a new possibility that I definitely want to explore further.”

We asked the students what it was like to show the projects they had built on the path to certification. One student said, “My family was impressed, but it was actually more satisfying to watch it with the rest of the class. My parents thought it was cool, but they didn’t understand the work that went into it like my classmates did.” Another remarked, “It was fun to show off my cultural music video, because I put in a lot of inside jokes and things only people from Pakistan would get. But then it was also fun to show it in class, because I could EXPLAIN all the things that only people from Pakistan would get! I liked being able to use a school assignment to show off the things I’m proud of about my culture.” And another student proudly said, “My father was bragging at Christmas that I’m going to graduate high school already having an industry certification in my field, even before I get to college.”

Finally, we asked the students what they would tell other students interested in earning the Web Animator certification. One student stated, “The projects gave us an opportunity to learn in a relevant, fun context. We learned the most by applying our skills and knowledge to a real problem.” Another said, “This is a class and certification that celebrates individuality. Your animation won’t look like the one done by the person next to you, and that’s the most fun part of the course.” Finally, one student talked about the sense of accomplishment: “There’s no satisfaction in answering easy questions, so I like how complex animation is. When you finish a project, you’ve done something you can be proud of.”

Cathy talked about how word is getting around the school about her class: “The Animation class and certifications have created some buzz around school. We’re about to start course selection for next year, and I’ve already had two kids I’ve never taught before come ask me about it.”

Mark DuBois, Executive Director of Web Professionals Global, said, “Reading about J. and the other students in Cathy’s class makes it all worth it here at Web Professionals Global. We are so proud to support these imaginative and innovative students as they immerse themselves in the world of animation. The certifications and knowledge they have earned will stay with them forever, no matter what their futures hold. We welcome these new members into our professional association and look forward to being part of their bright futures.”

Connect With Us Today

If you are a parent, teacher, student or adult learner who is interested in hearing more about how Web Professionals Global can help, contact us today.

Passwords and Psychology

by Mark | Jan 16, 2023 | Web Security

Psychology?

Human behavior is all about psychology, isn’t it? It is the study of our mind and behavior. And why should our use of passwords not fall into this category? The folks at LastPass recently published a report about their findings concerning password behaviors. [Note: link will open in a new browser tab/ window.] They found that 62% are still reusing passwords. Yes, in 2022. Even when people became aware, only 25% started using a password manager/ wallet. Yes, even Web Professionals Global did a recent post encouraging individuals to use a password wallet. To learn more about their findings, please visit the LastPass link above. It is easy reading and has a lot of useful information. Given that many may not be using a password wallet, what can we as professionals suggest?

Option 1 – be consistent

Each site you visit should have a unique password. Period. Of course, if you insist on not using a password wallet, what sort of methodology could you employ? Here is one simple example. Obviously, you may want to try something different but analogous to this approach.

Consider you want to have a unique password at Amazon and Facebook (perhaps you use both frequently). How could you make a unique password for each site and remember it without using a password wallet or writing them down and pasting them under your keyboard (what could be more secure – yes, we are being sardonic).

Consider that the word Amazon has 6 letters and a com top level domain. One could consistently count the letters in a domain and use the first and last letters – for example A6N (in the same way we end up with A11Y for AccessibilitY and I18N for InternationalizatioN. Such a password would be incredibly easy to crack. So, we begin with the top level domain as part of a passphrase. Thus our password for Amazon becomes COM-A6N. Still pretty easy to crack as it is less than 9 characters. We could append our favorite flower to this passphrase followed by a number such as COM-A6N-sunflower42. Now we are getting somewhere. Facebook would become COM-F8K-sunflower42 and so forth. Of course, we could add more consistent words to our phrase. Longer passphrases are more difficult to crack with various tools. Obviously, if someone were to guess our scheme, they would be able to access our accounts easily. By itself, this may not be the best option. However, it still beats reusing the same password over and over, doesn’t it?

Option 2 – Why use your name or email?

While we are working along these lines, one often is asked for a username. Of course, many simply rely on the tried and true first initial last name or some combination of initials and surname. It doesn’t have to be that way. If you are able to specify your own username (and that can be a big if as many sites now ask for your email and simply use that as your username), do so (and be creative).

For example, instead of mdubois or markdubois as a username at a site, I could use favorite fossils as a username. For example, trilobites or trilobites42. There is nothing tying me specifically to that fossil so that should be reasonably safe for a username. No, hackers, don’t bother as I am way ahead of you on this.

Option 3 – Always 2FA

We have mentioned this before, but if you really can’t use a password wallet for some reason, at a minimum, you should always activate 2 factor authentication (2FA). Yes, we addressed this as part of our discussion on web security in 2021 and employee burnout in cybersecurity in 2022. Not only do you need to know your password, you also need to have something (such as a mobile phone with an authentication app). Simply knowing the username and password is not enough. Many sites allow for the use of 2 factor authentication these days. If they don’t you should contact them and ask for it specifically.

Combination?

If you really can’t use a password wallet, consider combining all the above approaches. Set your username to something meaningful to you but not readily obvious to others (in my simple example trilobites42). Set your password to something you can easily figure out by looking at the site and knowing something specific. For example, COM-F8K-sunflower42. And employ 2 factor authentication as well.

But wait, didn’t you tell me to change my passwords periodically in your prior web security article in 2021? Yes, we did. So we could expand upon the passphrase theme and use a password of winter23-COM-A6N-sunflower42 for our Amazon password. then, we could change that to spring23… when the time comes. We would change our passwords every quarter and each would be unique for that site. I know some sites will not let you change a password which is similar to the one you presently use. Just be consistently creative on your sites.

And, you can always reset passwords if all else fails and you forget. Or, you could just use a password wallet? Really, they aren’t that tough to use. Yes, it is important to grow beyond your comfort zone and these tips are meant to serve as a starting point. If you don’t want to use a password wallet, be creative. Use the above ideas as a starting point, not the end result. We know you are creative. Apply your creativity to the creation of your unique passwords on each site.

Editorial sidebar

While we are thinking about passwords and resetting them, what about all those security phrases you are asked to update with your bank and related institutions. Given all the social media “quizzes” which mine information such as your high school mascot (really, why on earth would anyone willingly share that information – oh, yeah – so they can see what they would look like as a dog or whatever – c’mon folks – never fall for those online quizzes – they are just stealing your information). But, wait, I already know what my spirit animal looks like. Oops. How does one deal with this if your personal information is already out there. Make it a point to lie on those security questions. For example, if one of the questions is what was the name of your high school – lie. In part. Perhaps append a noun to everything. Again, you just have to be consistent. For example, I would tell the security answer to the high school question that I went to Washington Grass high school. My father’s middle name was Fred grass (no, it wasn’t even Fred). Now I have a little more security as I must know the actual answer and the word I append to everything. Again, be consistent. Not a perfect solution by any means, but if your information is already out there…

What are your thoughts? As always, we look forward to your comments and insights.

Best always,
Mark DuBois, Executive Director
Web Professionals Global (aka World Organization of Webmasters)

Websites and Software Applications Accessibility Act

by Mark | Dec 15, 2022 | Web Accessibility

Illinois senator Tammy Duckworth sponsored the “Websites and Software Applications Accessibility Act‘ in September. This link will open in a new browser tab and is a synopsis. Although this is proposed legislation and we do not know if it will eventually become law, we (at Web Professionals Global) thought it important to mention this as we near the end of the year.

If enacted

Although the future of this law is presently not known, it is important to note some of the key aspects of this proposed legislation. This would make it unlawful for entities covered by the ADA (Americans with Disabilities Act) “to maintain inaccessible websites and applications that exclude or otherwise discriminate against people with disabilities.” There would be a clear and enforceable accessibility standard with a technical assistance center and an advisory committee. The latter would provide advice on making websites and applications accessible. A study addressing emerging technologies would also be authorized. Quotes are from the above link.

Note the mention of clear and enforceable standards. In many cases, current laws seem vague and significantly lagging behind technology. Clarity will certainly help. Note also the proposed technical assistance center and advisory committee. In our opinion, these two items have been sorely lacking from most legislation. Most businesses simply lack the resources to “figure it out” on their own.

Why now?

Given what we have experienced with the pandemic, we all should understand better what it is to be excluded from a digital environment. Accessibility is experiencing significantly increased interest and awareness these days. We suspect accessibility laws are only going to be strengthened in the near future. As practicing web professionals, we should be helping our clients understand the importance of making websites, apps, and emerging technologies accessible (augmented reality, virtual reality, NFTs and more).

Want to know more?

We recommend this great article by Lainey Feingold which discusses this legislation in much greater depth.

What are your thoughts on accessibility as it relates to emerging technologies? We look forward to reading your comments.

Password Wallets

by Mark | Dec 5, 2022 | Web Security

December is already upon us. WOW. Let’s take a moment and focus on security. After all, passwords are like underwear – they should be changed frequently. Sure, I get that. And I can set all my passwords to either:

be the same across all sites (definitely not a good idea), or
ignore this advice and never update my password (also, definitely not a good idea).

OK, what if I want to change my passwords periodically but suffer from any sort of memory issues. How can I:

use a unique password for each site I use,
keep my passwords (actually passphrases) long and complex, and
remember to change them from time to time?

Short answer – use a password wallet.

What is a Password Wallet?

In the same way you probably keep your folding money in an actual wallet and keep it close to you, a password wallet is a secure spot to store your passwords. It is a bit of software. It can be available only to you (perhaps on a USB drive – you recall those, don’t you) or it can be stored in the cloud (someone else’s computer). Regardless, access to the password wallet is controlled by a password (or preferably, a passphrase). Unless you know the password/ passphrase to access the wallet, the contents are not readily accessible. In a similar manner, the folding money in your wallet is not readily available to the world. Generally, contents in a password wallet are encrypted. This means if the data store is ever stolen, it is not of any use unless one knows the access word or phrase.

Yes, many browsers provide the ability to store your passwords these days. Many operating systems also provide this capability. That is always one alternative. Although we are not recommending/ endorsing any specific technology, it is important to know what options are available beyond your browser or operating system. Some examples of password wallets include:

KeePassXC (you can store your access credentials on a thumb drive). This software is open source and OSI certified.
LastPass (there are free and paid versions).
NordPass (if you use Nord as your VPN, this paid version may be appropriate).

There are many other choices, Search engines are helpful, aren’t they?

Selection Criteria

Once you decide to that it might be useful to store your passwords in a secure wallet, here are some things to consider (this is not a complete list).

How secure is my data? Does the wallet securely encrypt the contents? If you forget your password/ passphrase, you will likely not be able to access the contents. Confirm that no one can decrypt the contents (particularly if the password wallet is online).
Is there a limit to the number of passwords/passphrases I can store? Some free versions limit you to 50 or 100 passwords. Of course, you get what you pay for.
How much does it cost? Yes, many of these services cost. That is how they keep their software up to date (defending against the most current known vulnerabilities). Many services offer a discount if you pay annually.
Password/ passphrase generator? The longer the password/ passphrase, typically the better. You should be able to specify the length. Also, you should be able to copy the information for a short period of time. When you use longer passwords, it is helpful to copy, then paste the contents into your browser. But, you don’t want that information remaining in your clipboard too long.
What other services are included? Many paid options offer additional services (such as multi-factor authentication, or being able to selectively share information with family or co-workers). You decide what is necessary for you.
Reminder to periodically change your password? It is a good idea to periodically change your passwords. Typically, we forget to do this. It is helpful if your software provides you with the ability to set a reminder for a given site.

Should I use one?

Ultimately, that decision is up to you. However, these days, one needs many passwords (and they should be unique for each site). Personally, my memory is simply not capable of remembering passwords for thousands of sites. And you want to make certain you periodically change important passwords. Those item alone likely dictate you should consider such an approach.

All this being said, I strongly recommend using 2 factor authentication in addition to a password/ passphrase on any given site. This means you must provide both your username and password along with a unique code to access a site. Most sites offer this option. Many allow you to use a technology like Google Authenticator or to receive a SMS text message with a unique code. These codes are typically only good for a minute or so.

« Older Entries

Next Entries »