The Great Security Question Hoax

Much of our identities are locked away in the ether. Kept safe in vapor pockets by banks and wireless providers with paper thin questions like, “What is your mother’s maiden name?”  We’ve all answered them, developing password fatigue as we try to remember our favorite sports team or if we used our grandfather’s given name or “Gampy.”

Some things are not that hard to figure out.  That Sarah Palin and her husband Todd met in high school was ferreted out by one such hacker just before her Yahoo mail became public knowledge.  Same with the name of Paris Hilton’s dog. Yep. Hacked.

A paper in Technology Review states, “researchers from Microsoft and Carnegie Mellon University plan [showed] that the secret questions…are woefully insecure.” Participants in a study were able to guess 30 percent and 57 percent of the correct answers of security questions asked in the top-five list of guesses. Of people that participants would not trust with their password, 45 percent could still answer a question about where they were born, and 40 percent could correctly give their pet’s name.

With all the insecurity, security questions are still used as an authenticator by key institutions as an extra security layer. Yet it’s an old-school (circa 1906) solution to a new-school problem in an age where Gampy’s name is one blog post away from a hacker’s cheeseburger in paradise.

Good security questions are hard to design as they need to be definitive, applicable, memorable and safe. If the question is too hard, it might be easily forgotten by the person who is being protected. In the study mentioned earlier, participants forgot 16 percent of the answers within three to six months.

— If the question is too easy, the world of hurt can be indescribably huge.

As a user, you could increase your own security by giving false random answers, calling the bank for a reset whenever you forget them. Still, it is a work-around for a system employed way too liberally by banks that know better.

Perhaps they do it to make customers feel like they are participating in their own security. And better systems, like sending new passwords by email, require hiring an extra person on the phone bank as customers need tech-support when they forget how to use these systems or when they lose auto-generated emails in their spam filters.

Password questions are still king as there is no viable alternative.  They reduce customer phone calls, giving companies incentive to keep status quo.  Still, finding the balance between customer convenience and protection from identity theft might be difficult. With much at stake, responsible corporations with our identities in their hands might consider titanium locks over vapor.


Consultant Time Tracking Tips

Time entries can help you gain valuable insight into inefficiencies with how time is allocated. However, it’s only as good as the data you have. It’s import that time entries be logged in a way that is meaningful. A detailed comment, is unfortunately not enough. Your time tracking system needs to have the capability to categorize time entries. Without categorization you can’t know the total costs of things.

Think of what information you would like to see during and after the project is over. For example, if you would like to see the following chart.


Then these are the category options that you should have on your time entry system. Every business is different and is concerned with different things. For company A meetings might be a subset of communications. Or it might be important to separate client communication from internal communication. It is important that there are not too many categories. When data is broken down too granular it has a tendancy to lose its meaning. Categories should be different enough and generic enough to quickly and easily choose from when logging time.

The description of what is done during the time should be a single sentence, but enough to point someone in the right direction if more information is needed. After all, we want to utilize the consultant for more programming rather than becoming a court reporter. If more information is needed the time entry comment should be enough to point a resource towards a tag, branch, or issue # for more detail.

If these metrics are important to you then you will need to audit it tightly. Review this at least weekly to make sure that the entries you need are present. If you get to the end of the project and want to know why you are over budget and then realize your consultants have been logging 10 hour days to “Development” or “On Site Support” then it is too late. You can never reclaim that information and any attempts to would produce fictitious results. Knowing where your inefficiencies lay could give you the ammo to ensure that they are improved on the next go round.

Time is a very large part of the equation when working with consultants.  So be prepared and figure out what knowledge you want to glean from where they spend their time.

Read the first part in our series.  How to get more out of your consultant

Getting the most out of your consultant

Tips for getting value from consultantsHiring one or many consultants for a large block of hours is an expensive proposition. It is important to have a plan in place in order to make sure that you are getting the desired value out of the resource. With a team in place, these concerns are multiplied. One of the biggest leaks we experience in onsite consulting is in the planning department.

The devil is in the details. It’s extremely important to have all of the logins to all of the resources prepared well prior to the consultant arriving onsite. On several occasions we’ve arrived ready to work only to find that we don’t have accounts to join the domain, access the wiki, source control, file share, or any way to get into the issue management software. In a typical organization there are quite a few logins that would be required for a programmer to access. Rarely is the domain account the only thing the programmer would need. Note, the consultant should make you very aware of all the things they are missing as soon as they get onsite and remind you of them if they are not retrieved. A good consultant knows that their time is valuable and is concerned when they are not able to produce due to some barrier. These barriers should be removed as quickly and efficiently as possible when they are presented.

A consultant should always have direction on more than one task. Tasks, by their nature, are completed. A good developer will constantly move on to the next one. If no additional tasks are provided and there is no contact available to provide another one then time and money will be exhausted. A good consultant will make an assumption and do something useful until direction can be given but ultimately efforts will be expended on items that are not the highest priority for the client.  Even on large tasks the programmer may encounter a roadblock or a question that needs to be answered, so it’s always best to have something else lined up in that event.

Communication is one of the biggest leaks in any company. However, we all recognize that it is a very important thing. Large conference calls or redundant meetings can increase the total timeline and bloat the budget needed to accomplish a project. Whomever is acting as the project manager should be instructed to think of calls and meetings in terms of money instead of time. Add up the hourly rate of all the resources that you believe need to attend and then multiple that times the time scheduled for the meeting. Thinking in these terms will ensure that only those consulting resources who add enough value will be added to the invite and otherwise be free to make progress on their tasks. Scheduling a meeting for 15 minutes instead of thirty, or thirty minutes instead of an hour, can make a big difference in the bottom line. It’s important to stick to the agenda and if the call has more than 5 people then it should be high-level and roadblocks only. It’s the project managers responsibility to direct attention back to the agenda items when resources dip below 30 thousand feet.

Read more in the second part in our series regarding Consultant billing and the things you need to know.

For more tips to come, subscribe to our rss feed or email notification


Proactive Online Chat to increase your sales

Proactive chat is a great way to increase website conversions. The majority of internet users have used chat clients, so a proactive chat client will feel familiar to these users. There is no excuse, start a conversation with your customers on your website today.

Are you wondering why you are hearing from such a low percentage your visitors? It may be because of a poor conversion path. Are you using a contact form? Even with the best contact form, customers worry about being added to yet another mailing list. Internet users are wary of giving out their email addresses for good reason.

How likely would you be to interact with a sales clerk in a store if you had to provide him or her with your drivers license?

Your customers are one click away from your competitors. You must engage them while you have their attention! So how do we overcome the understandable reluctance of customers to give out their email addresses?

So what we needed was a solution which allowed us to communicate with customers without having to collect any personal data. Proactive chat solves this problem by offering the visitor a chance to interact with one of our employees. If the customer does not want to chat, he or she does not have to and can simply ignore the chat box.

On our site, after 20 seconds idle on a page, a chat box pops up. If the customer types in the chat box, one of four designated representatives receives the message and is able to personally assist the customer. The chat is configurable. It can be available on any or all pages. You have control.

There are also “passive” benefits to the chat. When planning a marketing strategy, information is priceless.  Who buys what? Where are they buying it? How often are they buying? Chat boxes like the one offered by SnapEngage live chat offer a multitude of analytic options. Reporting features that give you valuable statistics about visitors, as well as chat summaries and records will shape your marketing strategy. These features provide data that can be used to increase conversion.  A.B.C., Always Be Closing – the more information your sales reps have, the easier this becomes. Integration with existing chat applications such as Skype and AIM make getting started easy. Get your web designer to paste a simple script to your site and you are good go.

Contact us and we’ll be happy to help you get started.  In fact you could be chatting with us as you read right now…


Contribute to the 2011 Japan Crisis

Japanese Red Cross Society

The earthquake and tsunami of March 11, 2011 has devastated Japan: more than 11,000 deaths, over 15,000 missing and 125,000 buildings destroyed. Relief contributions have lagged, while help and assistance are still needed. To that end, Whiteboard-IT is compelled to help and encourages you to as well. Even the smallest donation makes a huge impact.

During the month of April, Whiteboard-IT will contribute 5% of its gross sales to the Japan relief effort.

If you would like to contribute, please visit the 2011 Japan Crisis site and make a donation.

Hide “continue reading” from wordpress

There are many articles out there that give you instructions on how to remove or alter the “continue reading” link that is inserted after the excerpt of a post in WordPress. Most of them go about this task using the extremist method which is removing the function from your theme. Why not use a little css to hide it instead…
Continue reading…

SEO Death by 1000 cuts

Growing up as a technology enthusiast, instant gratification was virtually the only gratification that I sought after. Things that require a longer turnaround such as gardening and dieting have never been my strong suit. As of late I’m recognizing this weakness and attempting to make small behavior modifications to make my life better and make my websites better.

Continue reading…

What are RSS feeds and why do I care?

Well let me start off with what I like to call the PUSH vs PULL wars. In the beginning, there was email.

We log onto our email client and hit Send/Receive or we go to our email web client and check to see if we have new messages. (PULL)

Then someone has the great idea to schedule the Send/Receive and a little later, to create a Black Berry. (PUSH) Everybody loves the push until they starting getting over a hundred messages a day and all the sudden the push becomes a little overwhelming because batching is no longer possible and you are no longer effective because you can’t do anything but be interrupted by new mail.

Continue reading…

Website vs Brick and Mortar -Top 10 Benefits

Creating a website can open up opportunities for your business in many different ways. The website can act as an informational portal for both existing and prospective customers. It can function as a billboard designed to bring in and convert new leads. It can be used to produce a community adjacent to your product. The website can be your virtual store, and your marketing tool.  You can use it to analyze trends, identify pricing issues, track and report on your marketing campaigns and coupons. A website can truly be a one size fits all tool for many of the needs of your business.

Continue reading…

API 101 for Businesses

What is an API?

API stands for Application Programming Interface. It is a way for applications, websites, or embedded devices to communicate with each other and share information.

When should you consider providing an API for your website or product?

Would your customers benefit from having your data on their own website or available on their intranet? Do your customers need tight control over which of their employees or their customers have access to the data and/or content that your website provides?

Would your customers benefit from formatting and/or displaying the information that your website offers differently than your website formats and/or displays it?

Do you want to provide your customers with the ability to resell and/or re-brand your content? An API can be a valuable tool for creating affiliate relationships that will help you find others willing to market your content for you.

Continue reading…