From the Armchair

Companies are always keen to look at systems and processes to improve productivity, but often ‘the little things’ relating to personal productivity can be equally important. Here we list our top 5 tips for working more effectively:

1. Learn some shortcuts. Small savings in time and effort can all add up, and learning a few keyboard shortcuts can help make common tasks quicker and easier. In most Windows applications, ‘CTRL-S’ will ‘Save’ work in progress, whilst ‘CTRL-Z’ will ‘Undo’ your last change, even when this option is not visible on the menu. When testing web sites, ‘CTRL-F5′ or ‘CTRL-R’ will perform a ‘hard refresh’, bypassing browser caching and removing the need to delete temporary files. And if you find your desktop becoming cluttered, just hit ‘Windows-D’ to instantly minimise all open windows.

2. Prioritise hard tasks first. Most people find that their concentration is higher in the morning, and can deteriorate after lunch in a mid-afternoon ‘slump’. It therefore makes sense to tackle tricky tasks early in the day when your mind is at its sharpest, and save less demanding tasks for later when attention begins to wane. Completing difficult items first can also provide the extra motivation needed for addressing the smaller bits and pieces on your to-do list.

3. Turn off email. When trying to focus on a task, incoming emails can be a constant source of interruption. At such times, it is often helpful to close down your email for a controlled period of time in order to give full attention to the task in hand. In most circumstances, it’s unusual for an email to require an instant response: if an urgent issue arises, it’s more likely you’ll be contacted by phone or in person.

4. Working with large files. Copying large files from A to B can be a slow process. However, if you simply wish to ‘move’ the file on the same drive, ‘Cut > Paste’ is instant versus ‘Copy > Paste > Delete’, as this essentially ‘renames’ the file rather than rewriting any data. When transferring files over FTP, bear in mind that uploads typically take much longer than downloads: a file that downloads in 5 minutes may take up to an hour to upload onto a remote server.

5. Minimise internet distractions. Social networks, discussion boards, video clips, games, funnies and even ‘serious’ news sites can all be tempting alternatives when faced with difficult or repetitive work, so maintaining self-motivation is key. A recent Google homepage featuring an interactive Pac-Man game is estimated to have cost worldwide businesses 549 years of employee time and $120m in lost productivity during the course of just one day, illustrating how small distractions can accumulate to impact the bottom line.

Passwords have become a fact of online life: the chances are you’ve entered several and perhaps created (or even forgotten) one or more already today. With such widespread use, it can be easy to view them as a minor annoyance, and overlook the importance of password security. Here we list five best practice tips for both web services and their users:

1. Strength. A secure web service should encourage users to create a ‘strong’ password. A password’s strength corresponds to the predicted length of time that automated attempts would take to guess it by trying all possible combinations of characters and/or words in the dictionary, often known as a ‘brute force’ or ‘dictionary’ attack. Importantly, just small changes in length (e.g. from 6 to 8 characters) and the introduction of numbers, upper case letters, and punctuation can increase this time from a matter of minutes to centuries, making a strong password very difficult to ‘crack’. When choosing a password, users should also avoid terms that could be easily guessable by humans, such as the names of family members or pets, dates of birth, and the frequently used ‘password1′.

2. Re-use. With the sheer number of logins required every day, from simple tasks such as checking your email or updating your status on a social network to completing financial transactions, it’s tempting to re-use the same password across many different websites. Despite the apparent convenience, this should be avoided as it reduces the security of each login to that of the least secure service. Whilst it’s probable that your online bank will have water-tight security in place, this is less likely at your local sports club’s site, where a leak of a shared username and password could compromise both accounts.

3. Storage. Strong and varied passwords are no good if they are open to easy discovery by being stored insecurely. Applications should never store passwords in ‘plain text’, but instead use an encrypted format which cannot be reversed, often referred to as ‘one-way hashing’. This means that access to a list of usernames and passwords via a successful hacking attempt or even accidental publication would not in itself grant unauthorised access to user accounts. Users themselves should avoid writing passwords on notepads left on desks or post-its stuck to monitors: a safe way to remember many different logins is to store them in a file which is itself securely encrypted via a single ‘master’ password.

4. Transfer. It’s equally important to ensure that passwords are never transferred insecurely, in particular by email, which can be intercepted and read by any third-party who is monitoring (or ‘sniffing’) network traffic. For this reason, websites should take particular care when handling forgotten/reset password functionality, which is a common source of security holes. For users wishing to communicate login details to a colleague, a better alternative is to send the username by email, and the password separately via phone call or text message: although each in itself is an insecure channel, the use of different methods makes discovery of the complete login less likely.

5. Locking. There are two senses in which ‘locking’ can be used to further increase password security. The first is for a user’s login to be ‘locked’ to a specific IP address or range. In contrast to referrer-based restrictions, it is not possible to effectively ‘spoof’ an IP address, meaning that even with access to the correct username and password a remote hacker would be unable to gain access. Secondly, an application can ‘lock’ a user’s account following a given number of failed login attempts, short-circuiting any attempt to guess passwords via ‘brute force’ techniques. Used in combination, these can provide a useful extra level of password security.

In this month’s feature, we list our pick of the topics tipped to dominate online technology news in 2010. All of these predicted trends point to an interesting and innovative year ahead for web based services.

1. Cloud computing. With the growing trend for remote working, either from home, on the move, or when travelling abroad, the ability to access your documents, data, and applications wherever you are is becoming vital. ‘Cloud computing’ refers to the move towards internet based services which enable users to do everything online, in contrast to traditional desktop applications which may restrict usage to your office PC. This will be further reflected by the launch later this year of Google’s ‘Chrome’ operating system, an alternative to Windows on which the only installed software will be a web browser.

2. Tablets vs smart phones vs netbooks. It is rumoured that Apple will shortly announce a new touch screen ‘tablet’ device, likely to to be named the ‘iTablet’ or ‘iSlate’, with Microsoft and others also planning similar products. Having larger screens than smart phones, but smaller and lighter than netbooks, tablets will aim to offer a new way of portably browsing the internet, and look set to cause a significant shake up in both markets. Apple’s device will also reportedly offer eBook support, making it a potential competitor to existing eBook readers.

3. Location-aware apps. When using the internet on the move, it is possible for your whereabouts to be determined automatically via GPS (Global Positioning System), mobile phone networks, or wireless access points. Location aware applications can make use of this information and respond accordingly, for example by showing your position on a map, or updating your status on a social network. It is predicted that the coming year will see some creative new uses for this technology, offering innovative services for users as well as opportunities for providers of targeted content.

4. Real time web. In the past, users have needed to check their favourite websites for updates, or wait for search engines to index content before it appears on result pages. The ‘real time web’ refers to a move towards immediate retrieval of information as soon as it is published, reflecting today’s demand for instant web content shown by the popularity of Twitter, Facebook and RSS feeds. Recently, Google has begun to integrate real time ‘tweets’, breaking news and other content into its search results, which may now give rise to the advent of real time SEO (Search Engine Optimisation).

5. Web 3.0. References to ‘Web 3.0′ as shorthand for the next phase of the web’s evolution are now beginning to appear more frequently in the media. There is currently no widely accepted definition, and Wikipedia has deleted its page for this reason, although it is often mentioned alongside ‘semantic publishing’ to describe the use of metadata to provide additional context and integration between web documents. This lack of consensus over its meaning is unlikely to prevent its increasing use over the coming year, which could yet see a clearer definition emerge.

Online security has again been in the news recently with reports that thousands of logins for webmail services such as Hotmail, Yahoo, and Gmail have been compromised and details posted online. Here we list some key areas that both web service providers and internet users should always keep in mind to help protect themselves on the web:

1. Security updates. It is essential to keep up-to-date with the latest security updates in order to remain protected against new online threats. Users should accept and install automatic updates when offered (eg. Windows Updates) and ensure that they are running the latest version of their web browser, including any plug-ins it may use (eg. Java, Flash). Similarly, web services should ensure that software installed on their servers is fully patched and updated, as many hacking attempts will seek to exploit known vulnerabilities in older software libraries.

2. Password security. Since passwords commonly provide access to sensitive data and otherwise restricted functionality, they should be handled with utmost care by both applications and their users. A secure web service should encourage users to choose a ‘strong’ password (eg. containing a mixture of uppercase/lowercase letters and numbers), and can limit automated guessing attempts by temporarily locking accounts which have too many recent failed logins. In addition, applications should always store passwords in an encrypted format, so that unauthorised access to them would not in itself compromise user accounts. Users themselves must also play their part: even the most secure application cannot guard against usernames and passwords being written on post-it notes stuck to monitors. Similarly, the same credentials should never be used to access different websites, as this reduces the security of each login to that of the least secure service.

3. Insecure channels. Logins to a secure web service should occur over HTTPS (Hypertext Transfer Protocol Secure), which is indicated to users by the presence of a padlock icon in their browser. Where HTTP is used (ie. no padlock visible), usernames and passwords are sent over the internet in plain text, meaning they are visible to anyone monitoring (or ‘sniffing’) network traffic. Email is an equally insecure channel, and should never be used to share confidential data or send usernames and passwords together. As a result, forgotten password functionality that prompts an e-mail message containing reset details always needs to be implemented carefully. For any web application, it is key to note that information not readily visible to users is not necessarily secure: both hidden form fields and cookies may easily be accessed by a canny user, making them an unadvisable place to store passwords or other sensitive information.

4. Security holes. Web services should seek to protect themselves against a range of common security holes that may be used to gain unpermitted access to data or user accounts. A skilled user can often find ways of compromising security by tampering with the URL in the browser’s address bar, or by entering special values into forms, causing the application to output unauthorised information or deliver malicious content to other users. A secure web service will guard against this by correctly handling and sanitising all user submitted values.

5. Regular checking. With the next new threat always on the horizon, online security should be seen as an ongoing area of focus for both users and applications, rather than an issue that can be reviewed once and then forgotten about. For users, we’d recommend weekly system scans to ensure that desktops and laptops remain free of viruses etc, always ensuring first that the relevant anti-virus software is fully up-to-date. For applications that are constantly evolving and incorporating new technologies, regular checking and reviews can help to prevent vulnerabilities from being introduced, and ensure that their users can continue to use them with confidence.