Pixel Pattern
Web Design security

Can I have the keys to your shop/office/building/home? No? Well that’s unexpected. Just 24 hours after we met (online) you gave me access to your web site hosting, your website, your Facebook account and don’t forget your Google login so I could set up analytics. I may as well have the keys to your business as well right?

Internet security is no joke. Realistically, if I was allowed to see everything you had about yourself online what would I find? Don’t answer that. Yet every now and again I make a new relationship with a client who seems only too willing to give me the potential for just that.

Now, don’t get me wrong there are a huge majority of honest, hard working web designers and developers out there who take your security and data protection very seriously, but do you?

When you gave me your Facebook login so I could set up a new page for your business, did you give me the ‘normal’ password that you use? Because you use the ‘normal’ password for most things right?

So not only can I now update your friends and family with what you did, chances are I can tell your twitter followers, your instagram friends or maybe I could just send an email direct from your mail account to whoever I want?

Whilst I’m emailing my nearest and dearest with what you’ve done, I could get some financial details from those Amazon receipts sitting in your inbox, in fact I may as well just try and…. oh yep you used that ‘normal’ password with Amazon too. I do need a new TV…

It’s ok though, because you came to me recommended by a friend who had a great time working with me and loves the end product so you know you can trust me right?. That is true… but that was before I left my laptop in Starbucks by accident and when I went back, you guessed it, it was gone.

That’s ok too though right? Because whoever stole it won’t read the email you sent me with your login to Google so I could set up your business address on Google Places will they…

Ok so, this is all hypothetical (I still have my laptop) and maybe a bit cynical but it could be true, it can happen. So how can you stop it? Common sense, caution, and a little bit of ol’ password switcheroo.

Do not give out your password if is not unique. If you use it for more than one service then you risk compromising both services. Usernames are more than often just email addressess and they are easy to find. Just change it temporarily, then change it back when the job is done.

More importantly, do you even need to give the password out?

Most (reputable) services don’t want you to compromise your details and instead provide other ways to grant access to third parties. The example above started because you needed someone to set up a Facebook page for your business, with a fancy logo and cover image of course. Just set them up as a user or get them to create the page themselves and set you up as an admin. They can remove themselves after or you can delete them.

Google analytics has the same thing so again no need to hand over your login details to your friendly neighbourhood Web Designer.

Now, if you don’t hand over anything, chances are we’re not going to get this project off the ground. We might need access to your hosting so we can build the site or access existing files. So just email over your Siteground (amazing web hosting, check them out they’re awesome) username and password please… No, you did it again! With that info I can access your personal details and part of your billing info. Just send me access to the cPanel with different login details, that’s all I need. If you have no idea what a cPanel is or how to get access to just that, ask our host. They’ll be more than happy to help prevent ID theft I’m sure –

Dear hosting company, is there a way I can grant access to my hosting and prevent my personal data being shared?
Love,

A Cautious Customer.

Simple.

Website designers have a duty to you

Don’t be afraid to ask your potential Web Designer to explain how they protect your details and info too, they have a duty to. All my devices are password protected, timer locked, I delete all password related emails once I’m done (so don’t complain that I have to ask for them again 6 months later when you need that new template building).

I have cloud and local backups of your files and data, again password protected.

This article isn’t meant to panic you into a frenzy and start a mass epidemic of emails to people telling them to burn all your correspondence… but hopefully it made you think…

If in doubt – don’t give it out!

Have an opinion? had a bad experience in the past? or just want to say hello? Get in touch.

Scott Eldo

Written by Scott Eldo

Scott 'Eldo' Eldridge is the owner and director of Eldo Web Design Ltd. A web designer and full stack developer, he officially started Eldo Web Design from a spare bedroom back in 2013 and hasn't looked back since.
Awwwards