Secured my site with Let’s Encrypt

You might notice if you browse this blog now, that it’s served over HTTPS. I’ve even added an Apache configuration to redirect plain HTTP requests to secure HTTPS and I’ve spent the last few days checking the pages for URLs including non-secure content and rewriting them to use HTTPS where possible, or otherwise removing them. You’ll also notice in the left-hand corner of the browser’s address bar, there’s a (hopefully familiar) little green lock which indicates:

  • your communication with the site is encrypted well
  • the authenticity of the site is verified by a trusted authority

Of those, the latter usually involves paying a trusted certificate authority a lot of money to verify and sign your site’s certificate so that browsers will mark it trusted. Security is important but this high cost often creates a barrier for small companies wanting to use https. Continue reading

Safe and Easy Passwords

I was reading something by a friend of mine about an easy way to remember a large number of passwords. I had some comments on it but I was writing a bit too much to fit in a comment box so I’ve moved it here instead.

The basic idea is that because it’s inadvisable to use the same password across multiple networks because, possibly amongst other things, if someone knows one of your passwords then they have access to everything you do online! So it was suggested that you pick something memorable, for instance you might be a proud supporter of Liverpool F.C., so you take the word “liverpool” and prepend the first letter of whatever service the password is for to that. For example:

Twitter: tliverpool
Facebook: fliverpool
Identica: iliverpool
Gmail: gliverpool
Jabber: jliverpool
And so on…

Now, while in principle this might be an easy way to remember passwords, there are some problems with it, so I’d like to add a bit more. Continue reading