 |
Accessible Information Websites – Foundation and Security |
Websites are treasure ships laden with gold crossing the Internet seas. Web pirates or state sponsored privateers lurk, eager to board, rummage through the information on the hard drive, add malicious code, steal data, etc.
Example, I was trying to set up an account with another website for a client. I could not get it to work. I called customer support. Their reply as to the cause of the failure. You are using Linux. We cannot read your hard drive. We can read Windows, but not Linux. Be vigilant!
- Foundation and Maintenance
-
Websites are virtual buildings. Just like a physical building, a website depends on a strong foundation. There seems to be a prevalent fantasy that once a website is public, it requires no further work. Like any building, websites need constant attention and maintenance, cleaning, updating the code, checking for errors, etc.
- Navigation
-
Navigation is the heart of a website's usability. The navigation system allows users to explore a website, find information, and start all over again from any page in the website. Are the links up to date or broken?
- Do not forget there may be multiple website entry pages
- Your users may enter the site from the index page.
- They may enter from an internal page.
- Visitors can find pages of interest, no matter where they enter.
- Back Button
-
Users may want to return to the earlier page, but clicking on the back button will not work. Not only is this is a hostile takeover of the user by the website, it denies accessibility. Why do some sites trap users on the present page? A good reason to use the browser script blocking feature.
- Navigation Graphics and Mouseovers
-
Do not forget to offer a low-bandwidth, low-graphic alternative, if you want to use Flash, HTML5 or Java, JavaScript, python, etc for navigation.
Be aware your hard work choosing a color scheme may fail, (See Accessible Information Websites – Colors and Graphics).
- Internal Page Navigation
-
This is where a page contains a legend with navigation links to the contents of the page. The user can click on a link to go from topic to topic on the page. The latest CSS casualty seems to be a page filled with information but no navigation menu. The user needs to scroll and scroll through the page in search of the pot of gold.
- Scripts
-
Scripts such as: Java applets, Flash, and JavaScript, python, etc, pose dangerous threats to many systems. Does this site depend on fancy scripts for drop down menus, mouseovers, popups, etc? Have you tested the site using different platforms? What happens, if the visitor has enabled the browser script blocking option?
- Passwords
-
Strong passwords are a necessity. Some methods
- As most crack libs are based on US English, do not start your password with a capital letter.
- Create a password using a foreign language, but written in English. For example, hau0(zero)l1(one)LahaNau (Happy Birthday in Hawaiian - Hauʻoli Lā Hānau).
- An aspirational phrase, iwr1(one)t3(three)acceS$ibleweBsites (I write accessible websites).
- Avoid passwords and phrases based on any personal interest. Examples, My son Billy is the best. I love gardens.
- Choosing an authentication method
- Public Pictures
-
Identity theft is on the rise. Internet published data never dies. The convention of adding personal pictures to a website’s about us page, I think is creepy and dangerous. Those pictures can be copied and reused, anywhere for any purpose. Do you want to be photoshopped onto a porn image? Maybe at one time this convention was useful; but think twice before putting your picture (especially children) up on a webpage.
- Log Files
-
The article Accessible Information Websites – Overview mentions a design team failure, because of never consulting the website’s log files. A few pieces of knowledge that can be gleaned from log files - Are older machines visiting your site? What pages are of particular interest? What TLDs are visiting? What hacks are being used to attack your site? Do you have broken links? Log files contain significant information.
- Defend The Database
-
Hackers regard databases that contain possible valuable information as the strike it rich gold rush. Picture a castle (the database), the drawbridge (the password) and a moat (security policies). Always have a strong password. Use extra authentication. Pay close attention to the database. Explore different methods of extending the defense of the database. For instance, keep the database sever separate from the web server, encrypt the files, backup, backup, etc. Over and over in the news, personal information is stolen because a database is breached.
When cancersupportivecare.com needed user input for medical publications, we created small questionnaires. We used L(linux)A(apache)M(Mysql)P(php). I invented code with a unix feature twist to provide additional security. Within an hour of putting these pages up on the server, the site was under attack. I was amazed and entertained, when looking at the log files by the myriad break in attempts - Those hackers!
- Email Security
-
- Using email to compromise your personal information, and websites is common. Beware of e-mail scams and fraud attempts using phishing(emails demanding personal information – credit card numbers, passwords, etc.) or spoofing(masquerade as a trusted entity).
- Email pharming (links to fake websites). No, the fairy prince does not dream of making you rich.
- There are sites/emails that use white text on white background to create hidden links.
I recommend using the plain text format option for your email. Do you need bouncing bunny rabbits in your email message? Using the plain text option will uncover lurking links.
- Email Bombs
-
When denying access to the database, we experienced the hacker revenge of an email bomb(sending a massive volume of emails/attachments to overwhelm the email server). I chose the option of sending the affected email address to dev/null.
Consider creating multiple email addresses. For example,
- A specific business/public email
- A specific private/personal email
If you think your email address has been compromised, I recommend abandoning it. A new fresh email may be needed.
- Authentication Codes
-
There are several methods of Multi-factor(code/questions in addition to passwords.) For example:
- Two-step - where an alphanumeric code is sent via SMS to your phone
- Questions – You need to answer your personal security questions.
- Apps – There are several apps available for authentication.
Do you think it is too much trouble to use authentication? Consider the disaster, if your data is stolen from your device.
- Backups
-
Backups are vital. Computer catastrophes occur - hard drive failure, ransomware, fires, floods, etc. Be prepared!
Set a schedule to do backups of your computer information. Do these faithfully according to your needs on a daily, weekly, monthly basis. It is always a good idea to keep copies of your emails both sent and received. Save the backups to another device/media such as: tapes, discs, external hard drives, memory sticks, etc. Place the backed up data in a secure off site location, for instance, a bank safety deposit box.
In a disaster, such as fire, flood, earthquake are you going say -- Wait! I need to unplug and pack up my computer.
- EU GDPR Cookies and Privacy Notice
-
In May 2018, the EU General Data Protection Regulation (GDPR) came into force. [1] Websites are required to make public their privacy and cookie policy. Example, this generic cookie text - We use cookies to ensure you get the best user experience on our website. By continuing to use this site, you agree to the use of these cookies.
- Why Accessibility?
-
There are those who ask. Why should I bother with writing accessible websites? It is too much work and trouble. Why should I be concerned about lawsuits, because I ignored the Americans with Disabilities Act (ADA)? [2]
As you were about to enter an office, you read this posted sign
- No one with physical limitations or disabled allowed.
- No one with visually or hearing limitations allowed.
- No one with older computer equipment or slow connections allowed.
Would you enter?
The Internet has become the way of modern life, to receive and share information. The Internet embodies the egalitarian ideal. It does not discriminate on the basis of color, age, sex, religion, education or disability. No matter how tiny a town or how isolated an area, the Internet is there. The smallest library can connect to the rest of the world.
Follow the K(eep) I(t) S(imple) S(tupid) principal. A thoughtfully designed web site should be accessible and usable to all. Fonts that can be enlarged to suit the viewer. A way to print the information. (See Accessible Information Websites – Fonts and Text).
Let me again recommend viewing the site using the Lynx text browser. [3] Check how your pages display. Will the page text scale up and down? Is it backwards comparable? Can it be read with any browser? With common sense, building accessible, usable websites is easy.
-
Links Of Interest
1. EU General Data Protection Regulation Information Portal - https://eugdpr.org
- 2. Americans with Disabilities Act (ADA)
- https://www.ada.gov/
- 3. Lynx is the text web browser
-
http://lynx.invisible-island.net
|
|
You are welcome to share this © article with friends, but do not forget to include the author name and web address. Permission needed to use articles on commercial and non commercial websites. Thank you. Search CancerLynx |
|
