iASP Client Login

Blog

How to Crack a Password in 3 Easy Steps

How to Crack a Password in 3 Easy Steps

How to Crack a Password in 3 Easy Steps

With news that 1.6 billion internet username/password combinations have been stolen by a gang in Russia, it goes without saying that updating your passwords and ensuring that you use strong passwords is as important and as urgent as ever!

We often hear about the need for stronger passwords and tips for creating secure passwords, but we don't often hear why.

Cracking a password is as easy as:

  1. Downloading a password cracking application
  2. Enter in the password length, and the combinations to try (numbers, lower-case letters, upper-case letters, symbols/special characters)
  3. Press Go.

Basically, the program will use what is called a Brute Force method to go through every possible combination of letters, numbers and special characters within a defined set until it gets a match.

The stronger the password you use, the longer it will take for this method to match the combination that is your password.

For example: Your password is simply 12345.

Using the Brute Force method, the software will try 0, all the way to 9. Then it will try 00, 01, 02, etc. Then move to 000, 001, 002, etc. Until it finally tries 12345, and BINGO! It's cracked it. A smart program might even start at 1, then try 12, then 123; cracking your 12345 even faster.

Now compare this to a password that is also 5 characters, but has capital letters, lower case letters, numbers and special characters - 1tWo# for example. Now the program has to go through significantly more combinations to find a match. Make the password longer, and the number of possible combinations jumps even higher.

This is why it is highly recommended that you create and use passwords that are at least 8 characters long, and use a combination of numbers, lower-case letters, upper-case letters AND symbols / special characters.

Change your passwords regularly (at least every 6 months), and don't use a password elsewhere if you are using it for something sensitive like on-line banking.

The reason for changing every 6 months is keep your password fresh. If someone does manage to obtain your password, by the time they try to use it, you have already changed it.

HCD Tactic: Use a short, memorable phrase or word combination as your password. Make it something that is difficult for others to guess, swapping some characters for capital letters, and adding some numbers and symbols at the start and at the end (or anywhere in between). For example: $24ILikeCoffee68$.

There are many websites that help you to test the strength of your passwords, and can show you how quickly your password would be cracked by hackers. There are even websites that show how predictable your password is - that is, if you use words to make up your password, software can predict what the next character is more likely to be based on character combinations seen in words.

A list of on-line password strength calculators and testers:

  • How Secure is my Password is a great website to test the strength of a password before using it, and the website will show you how long it would take a normal desktop computer using Brute Force software to crack your password.
  • Telepathwords is also good to test how predictable your password will be for more advanced password cracking software.
  • This password strength tester by rumkin.com also explains the logic behind chosing a strong password a litte better, and is worth reading.
  • And the interactive brute force search space calculator provided by the Gibson Research Corporation explains everything even further.

What are your thoughts? Share on the iASP Central Facebook Page, or Get in Touch.


10 Things YOU Must Do To Improve On-line Security

10 Things YOU Must Do To Improve On-line Security

10 Things YOU Must Do To Improve On-line Security

One the one hand, the Internet is making life easier by providing access to information from just about anywhere, but on the other hand access to private information raises serious security concerns.

We could argue forever about who's responsible for ensuring that private information isn't easily accessible by unauthorised people, but ultimately we must be aware that anything we share / publish / post on the Internet can be seen and shared with everyone else on-line; and nothing is secure on the Internet.

We must all play a part in on-line security. It's is a team game. By personally ensuring that we're doing as much as possible to secure ourselves, together we make it harder for the bad guys.

There are many steps and tools you can use to improve your on-line security. To start you off, we've put together this list of our 10 fundamentals...

Your on-line security must-do list:

  1. Block Third-party Cookies: Cookies store little bits of information about you for websites that you have been too. Disabling the unnecessary cookies will decrease the chances of others exploiting this information.
  2. Use HTTPS: Hypertext Transfer Protocol Secure is the secure communication protocol of the Internet, adding a layer of encryption between your computer and websites that you visit.
  3. Install HTTPS Everywhere: This web-browser plug-in forces the browser to use the HTTPS protocol instead of the regular HTTP protocol so you don't have to remember.
  4. Use Incognito Mode: Also known as Private Browsing, web browsers don't store your browsing history, save files in the browser cache, or save cookies when in this mode. Particularly useful if you are using on-line banking.
  5. Check for SSL: When entering sensitive information into forms (such as your credit card details), make sure the webpage is protected by SSL. Look for a green lock in the address bar.
  6. Email Carefully: Don't send sensitive information by email. This includes usernames, passwords, credit card details, etc.
  7. Encrypt Email: Consider encrypting your email. It may seem like a hassle, but once you and your regular contacts get into the habit it will become second nature.
  8. Use Secure Payment Gateways: Don't purchase from eStores that don't use secure, well-known payment gateways.
  9. Use Strong Passwords: Always. Test how long it would take to hack your password on How Secure Is My Password.
  10. Limit sharing: Don't share or publish information you don't want strangers knowing about you.

Lastly, make sure that your operating system, web-browser and anti-virus software are always up-to-date, and that you are using a firewall.

Join the Conversation - Got another security must-do that you'd like to add to our list? Let us a know on the iASP Central Facebook Page, or Get in Touch.


9 Fantastic On-line Promotional Tips

9 Fantastic On-line Promotional Tips

9 Fantastic On-line Promotional Tips

So you have an awesome shipping policy and a killer returns policy ready to go, now it's time to move to the next area of eStore brilliance - On-line Promotions.

There are countless types of promotions...new stock arrivals, VIP benefits, seasonal clearances...promotions are an age-old tool designed to encourage customers to buy.

Promotions can be used to satisfy one of the fundamentals of great sales and marketing: fear of loss, which is arguably even more powerful and important in the fickle e-commerce world.

Great promotions are not just about discounts. Be creative. Promotions could be in the form of a bonus (free shipping), a "buy this get that" or a free sample. The key is to offer real value and incentive for customers to buy and to buy more and to buy NOW.

So, after much careful consideration, here's the 9 fantastic promotional tips that made the list.

HCD's Top 9 Tips for Fantastic On-line Promotions:

  1. Have at least one promotion running at all times. The only time you shouldn't have a promotion, is when you have nothing to sell
  2. Don't be predictable. Alternate the terms, length and other parameters to keep your customers guessing (and find what works best)
  3. Repeat successful promotions regularly and ditch the less successful ones
  4. Have at least one regular annual "Event", a promotion that customers can expect and anticipate. Make it HUGE
  5. Spread your promotions across your entire product range and target all your customer demographics
  6. Target customers who have purchased products with special promotional incentives on related products
  7. Align your physical store promotions with your on-line promotions
  8. Be aware of your competitors promotional activities and where possible out promote them or meet them head on
  9. Include post-sale promotions within orders shipped to customers. A thank you letter with a unique promotion code is a proven sales champion

Join the Conversation - Do you agree with our top 9? Perhaps you have your own tips for on-line promotions that you would like to share? Leave us a comment on the iASP Central Facebook Page, or Get in Touch.


On-line Resources:

The #1 reason in-store-only shoppers refuse to buy online.

The #1 reason in-store-only shoppers refuse to buy online.

The #1 reason in-store-only shoppers refuse to buy online.

The #1 reason* that in-store-only shoppers refuse to buy online is the Returns Process.

If you think that's a powerful statistic, consider this: 89% of customers say they'll shop again at a store after a positive returns experience*.

We recently looked at how shipping policies can be used to improve online sales performance and customer satisfaction in our article 4 Awesome Shipping Tactics. Here we re-visit the randomly selected websites analysed in that article to look at their returns policies.

All policies we reviewed specify that items must be returned in perfect / as new condition, with tags, and in the original packaging; unless mentioned otherwise.

Target customers can return online purchases in-store, or by post, within 28 days of purchase. Returns by post require a returns form to be downloaded, completed and included with the item in a parcel. Target include an eParcel slip with orders which the customer can take to any Australia Post office. It isn't clear, but it appears Target pay the fee associated with returning the item unless they need to send it back again.

HCD Note: Allowing up to 28 days to return an item, and providing an eParcel slip with their orders to allow for easy returns is great, but their returns policy itself still left us puzzled.

Myer recommends customers use the FREE option of in-store returns. If the customer chooses to return the item by post, they must contact Myer for returns details. The customer must cover the cost of postage, and returns must be made within 30 days of purchase.

HCD Note: Myer, did you know the #1 reason in-store-only shoppers refuse to shop online is the returns process? Now you do!. 

The Iconic allows returns within 100 days of purchase, and customers can print off a shipping label for the package. The Iconic pays for the cost of returning the item, plus, customers can choose to receive a refund, an exchange, or 110%(!!!) store credit(!!!).

HCD Note: If you couldn't tell by the (!!!), again we are impressed with The Iconic eStore. Full marks, plus 10 bonus points for a cleverly structured policy page in the form of an FAQ. If this policy doesn't make a customer happy, they never will be.

That Online Shop allow returns within 14 days of purchase. The customer must contact That Online Shop to receive a returns form and instructions.

HCD Note: A stock standard returns policy. We get the no-capitals style the website is going for, but it does make reading the returns policy difficult. Compare this to The Iconic and think which is more likely to capture that 89% of return business following a "positive" returns experience.

PS: Sad to see the shopping cart layout is still broken on That Online Shop. We did contact them last week in case they weren't aware. No thanks was necessary - or forthcoming!

Oxfam Shop clearly states that return postage is free within Australia, and items can be returned 35 days after purchase. There are some items that cannot be returned however, such as food items.

HCD Note: Perfect! Very clear and simply written policy. More than enough time to receive, try and decide to return an item, and free return postage. Items that can't be returned are clearly listed.

The T2 Tea returns policy is a little unclear. The website allows returns to be made within 30 days of purchase, but it is unclear whether the customer can just send the item back, or if they need to contact the website first.

HCD Note: Probably the worst example we reviewed, not only is the returns policy a small paragraph at the bottom of the Terms page, it provides no information other than they will meet their legal obligations. We recommend doing the opposite of this example.

The Results:  The only common trait in the returns policies of the reviewed websites, is that items must be returned in near-new condition, unused and with the original packaging. Beyond that, the policies are very varied. All meet their state and national legal obligations, and it is about 50-50 in regards to whether the store covers the costs of returning the item, or whether the customer does. Even the time period to return an item varies widely between 14 days and 100 days.

HCD Tactics: Be reasonable, and realistic, with the aim of making the majority of returns a positive, hassle-free experience for the customer. Conversion is the main goal, so if your competitors are offering free returns, then you should too, or reduce the costs as much as possible. Make your returns policy clear and concise, and make the returns process as convenient as possible for the customer. Provide a returns label if possible. Lastly, look for ways to eliminate the need for returns through the store-front, by providing more than enough information about the product that the customer will need, such as sizing charts, extra-large images, product reviews and demonstration videos.

For more information about returns policies, we recommend the following reading:

* Statistics from Entrepreneur's infographic What Consumers Want from Returns and Why it Matters.


[HCD Review]: 4 Awesome Shipping Tactics

[HCD Review]: 4 Awesome Shipping Tactics

[HCD Review]: 4 Awesome Shipping Tactics

With 59%* of shoppers saying they consider shipping costs when purchasing on-line, and 44%* abandoning their cart due to high shipping costs, determining what to charge for delivery just might be the second most important decision that an eStore will ever make (after deciding to launch in the first place).


Here's our 4 awesome shipping tactics:

  1. Keep it Simple: Flat fees are best
  2. Offer Incentives: Offering free or discounted shipping based on minimum order totals is a proven tactic
  3. Be competitive: Know your opposition and respect your customers - they'll know if you're gouging them
  4. Use a disclaimer: Reserve the right to re-negotiate shipping costs post-order if necessary

We all know it ACTUALLY COSTS money to ship orders, but with customers voting with their wallets, what is the Goldilocks amount to charge for delivery?

To help you decide, we reviewed some Australian eStores to see what they are doing... (Note: HCD has no affiliation with any of the businesses reviewed. We have chosen websites randomly. All amounts are in Australian Dollars).

Target charges $9.00 for delivery of small orders under $75.00, or free shipping for small orders over $75.00. Their delivery charge for large items is $15.00, or $30.00 for 3 or more large items. Target also offer a "Click and Collect" option, which allows the customer to pick up their order from selected Target stores depending on the items in the order. This option is free for orders over $40.00 or $5.00 for orders under $40.00. 

HCD Note:A $5.00 administration fee to collect a pre-paid order in-store...really?

Myer offers standard delivery for $9.95 for orders under $100, and free delivery on orders $100 and over, except for Goods that require Special Delivery. There is also the option to pick up the order from selected Myer stores dependant upon the items in the order, which doesn't have an additional fee.

HCD Note: 5 Stars from us Myer - Target take notice!

The Iconic offers a few choices. Customers can pick up their order from a Parcel Point for free, which is useful if you are living in a major city. Otherwise, the cost for shipping by Australia Post is $7.95 anywhere in Australia. Free overnight shipping is available for orders over $50.00. For an extra $2.00, delivery is available within 3 hours to metro areas in Sydney or Melbourne.

HCD Note: We love the express options and with a low $50.00 threshold for free delivery, this is about as good as it gets.

That Online Shop offer free delivery for orders over $100.00, otherwise they charge $7.00 per item for standard delivery or $15.00 flat for express delivery. They also provide free gift wrapping with a gift tag. The terms specify that a surcharge may apply if delivery is to a non metropolitan postcode and the item is bulky or fragile, dependant on the excess charges applied by the courier. Delivery is available to international addresses at the rate of $40.00 to NZ, USA, UK or Asia, unless the items are over 2kg, where shipping costs are negotiated personally with the customer.

HCD Note: Full marks for the free gift wrapping and gift tag, and the incentive to make a minimum $100.00 purchase or select express shipping is commendable. Alas, $40.00 for international shipping for orders less than 2Kg may discourage many overseas customers from purchasing, and, as there are no weights included with any product details, customers have no way of knowing whether or not they have exceeded the 2Kg limit.
Sadly, we experienced technical problems on subsequent visits to this site, which we have pointed out to the website operators. This highlights the importance of technology that works.  

Oxfam Shop has a different approach to delivery fees. They have set shipping fees at 15% of the order total, limited to $7.00 minimum and $17.00 maximum, or $25.00 for express delivery. They also specify that large items may incur a delivery surcharge. Oxfam offer international delivery too, which is 15% of the order total, set between $40.00 and $100.00.

HCD Note: At first glance we weren't sure about this approach, however, the actual delivery costs are reasonable. Our recommendations would be to offer free shipping once the order total exceeded a nominal amount.

The T2 Tea on-line store have set delivery fees to $10.00 flat rate for standard delivery, and $20.00 flat for express delivery. Orders over $60.00 are shipped free within Australia. International orders have a different set of fees which change dependant upon the order total.

HCD Note: Full marks - but remember - this website does not need to factor oversize or bulky orders, in which case, a disclaimer would be strongly recommended.


Summary
While there are variations, the current trend for delivery fees is a flat rate ranging between $10.00 and $20.00 with an offer of free shipping for more expensive orders of around $100.00.

Remember, customers shop around to get the lowest price possible, which includes the delivery fees. Customers will justify buying an item that is a few dollars more than on another website, if the total including shipping still ends up being cheaper. Having a flat fee also makes the process a lot easier. Customers know up front what they can expect the shipping costs to be.

HCD Tactic: Review the cost of sending an average order to each of the major cities in Australia through your preferred courier(s).

Set flat fees that cover most bases while remaining in line with your competitors. Aim for a delivery fee of $10.00 - $20.00 for orders within Australia and encourage customers to spend more by setting a free shipping threshold amount.

HCD Tactic: If you find you simply can't compete with shipping costs offered by your competitors, consider investigating out how they do it...do they have a better deal with a courier or lower cost packaging and warehousing costs?  

HCD Tactic: Where necessary, use a disclaimer to reserve the right to adjust shipping costs (after the original order is placed) for oversize or bulky orders, or orders being shipped to remote or otherwise difficult delivery areas.

HCD delivers enterprise e-commerce and mobile commerce solutions to customers serious about maximising return on investment. Our proprietary technology caters for just about any shipping configuration imaginable. For more information please contact us for a confidential discussion.

* Statistics from VoucherCloud's infographic Consumer Psychology and the E-Commerce Checkout.