Ambrosia’s “Tasty Designs” blog kicks off on the day of WordPress 6.6 becoming available, and we also have some notes this week on Accessibility, and why you should care that nearly 10 Billion passwords are now leaked and available to black hats.
WordPress 6.6
The team that brought the newest version of WordPress has brought some really cool features to the table. I was pretty floored when I read the list. Some exciting improvements include:
- Performance improvements
- Over 55 fixes and enhancements to improve accessibility features on your website
- Color Palettes and Font Sets
- Quick Previews for Pages (requires Site Editor Themes)
- Plugin Rollbacks
- A new grid block
- And more (you can read all the details here)
Website Accessibility Liability Risk
A recent Wall Street Journal article highlighted a law firm that is chasing Accessibility Suits and has a strategy to take advantage of small business owners who aren’t aware of what they should be doing to support the needs of people with disabilities. In address accessibility, you have several key issues if you aren’t addressing this:
- You are missing out on potential customers. People with disabilities make up about 13% of the population, and they will not visit your website if you are not accommodating their needs.
- You run a risk of being sued and losing a substantial amount of money.
- Your website designer or hosting company hold no responsibility for this… your business (and that probably means you) is completely responsible for ensuring that your website is accommodating the needs of the disabled.
- Fixing this after building a new website is far more expensive than doing it right when you build the site.
- Easy, quick fixes offered by third-party companies, who are typically offering you what is referred to as “overlay” technology, are not the answer. These products are generally rejected by the Accessibility Community as more cumbersome for site visitors and highly inaccurate.
Your Password is at Risk
We want you to be secure. Many people are using very simple passwords that are easy to break, or even if using a more complex password (you know, the kind your banking website says is “strong”), they are likely using the same password for all of their accounts on the internet. A recent article at Cyber News alerted us to just how big a problem we have, with nearly 10 billion unique passwords gathered for the use of bad actors. That is more passwords than people on the planet!
The absolutely best way to manage your password usage is by using a Password Manager. With a Password Manager, you can go to the Password Manager when you need a password and find the password quickly, copy it, and the paste it in the browser or app you are logging into. The best of these tools will have the following attributes:
- External to other products on your device. This will help ensure that you can use the tool regardless of what app you may be using. Most browsers now have the ability to save your username and password for future use, and I actually recommend using those tools (it saves time), but because you are going to access some services via a separate app, you should not rely on your browser’s password manager.
- It should require you to enter a password to access the Password Manager at least at some point. You will want to use a complex password that you can remember for the Password Manager.
- It should run on all of your devices, including MS Windows, Apple OSX, Google Android, and Apple iOS. If you have devices on other operating systems, such as as Amazon’s Fire OS (which is a version of Android) you might have some options.
- It should use a shared, encrypted copy of your password file. My file lives on a cloud file service and works great that way.
Before you buy a product, check to see if your Antivirus software already has a tool that meets these requirements. Some products we know are good can be found here. I will add that PWSafe is what I use, and it works great!
Additional best practices:
- Let the Password Manager generate your password. Once you start using this tool, you really don’t need to know what any of your passwords are and can on most products setup a default length and maybe other rules to ensure a complex password that cannot be guessed.
- Don’t ever use the same password on multiple websites/services. If any one service is broken into, your password could be used to break into a different service if you’ve used the same password.
- Don’t ever give your password out to someone else. Just don’t do it. If you need someone to do something and they say they need your password to do it, it’s better to just create an account for them.
- If you think your password has been compromised, change it right away.
- If it is an option, use a multi-factor solution on your account. This might be a text message code or email, or a code generating tool (we will talk about those soon).
- Treat your email login and your phone like you do any other account… use a strong password! It is even more critical now that your email and phone are used as multi-factor tools by so many providers.