news

The Problem With Passwords

Digital security is a huge topic these days. Sony, HomeDepot, Target, Bank of America, NSA, the FBI, the White House... all hacked within the last couple years. Mainstream media will cover such attacks and follow-up with general recommendations to help you ensure that your digital presence is properly secured. However, most of what's written is incomplete, not entirely accurate or down-right wrong. As a digital agency, serving enterprise level clients, the most surprising thing is how frequently this type of information is disseminated as reliable.

Here's a quick example of information presented by a variety of otherwise well trusted and reliable technology sources... 

The presentation centers around password selection and this is one of their examples: 

An Okay password = kitty
A Better password = 1Kitty
An Excellent password = 1Ki77y

The problem here is that none of the above passwords are even slightly good. Why? Because they are short. And brute force attacks (where a computer or array of computers guesses passwords in automation) can crack all of the above in minutes. So even the most amateur of hackers (if incentivized) can and will access your accounts with ease. The common myth presented when choosing a good password is that randomness counts. The shocking truth is... It almost never does. At least not by itself. Yes, 1Ki77y is better than kitty as a password, but only slightly. It would take a standard attack configuration only 0.577 seconds to guess the "excellent" 1Ki77y password. While it'd take the same configuration 0.000124 seconds to guess the "okay" kitty password. Not a huge difference if you're trying to protect your bank accounts. And that difference will continue to diminish as hackers gain access to more powerful cracking arrays and better automation.

What you'll almost never hear is that a password like "ilikestoresandcarrots" is more often than not a great deal more secure than 1Ki77y and if you add a number, a capital letter and a symbol to the mix like "ilikest0Resandcarrots#" then you have an easy to remember password that would take the same cracking array roughly 1.04 hundred billion trillion centuries to guess. That's assuming that no one is targeting you specifically and that you haven't chosen anything that's personal to you. As an example, if you were to choose your social security number, mathematically it's an incredibly strong choice. However, most US citizens have their SSNs available on the dark web for purchase. So if someone targets you, "Jane Doe" then they can crack that in an instant using a dictionary attack with your personal details included.

So what does this mean to the average person with a digital life? Here are a few rules to keep in mind when selecting passwords that protect financial or otherwise sensitive information:

  1. Don't EVER Re-use a Password -- Yes, it's easier to remember, but if someone hacks Home Depot which may have horrible security and you've used the same "This1Smypwassword" password for that, which you did for your 401K account, then guess what... the hackers now have access to both. And even though Chase Bank might have great security, they can't determine that someone (who isn't you) is accessing your account when they have the correct login. Chase may be secure and safe from hacks (doubtful) but Home Depot, Target and your local restaurant with online purchasing are not. Security compromising is about gaining access to the weak-point and expanding from there. Don't let hackers do this to you.
  2. With Passwords, Length Matters -- A random selection of 10 characters is not nearly as secure as a 20 character sentence in all lower-case. Keep in mind that if someone is trying to run a program that guesses your password (brute-force) they have to guess every possible combination. Each character in your password represents a possible 26 letters lowercase, 26 more uppercase, 10 numbers (including 0) and a lot of symbols (depending on your language). So every character in your password means a computer will have to match every combination of all those with every combination of every other character. If your password is 20 characters, you have 26 upper, 26 lower, 10 number and however many symbols times 20 times the number of possible combinations of every possibility. The math grows exponentially and it grows fast. Generally hackers run bots (programs) to find easy guesses. If yours is even slightly difficult it'll be passed over. Make sure it is.
  3. No Personal Information -- Yes, I know it's easy to remember your name followed by your birth year. But hackers pull public data into their attacks. If you're John Smith, born Dec, 6th 1970 then that data can be pulled into an automated attack. And if your password is John61970Smith then it's phenomenally easy for an automated attack to find that. Even without targeting you. And it gets easier all the time with massive database hacks and more powerful programs. Instead of using any information about your family, friends or yourself, find a random book, pick a page and use the first sentence as a starting point for your password. "ItW4sthebestoftimesItwasTheWorstOfTimes" is a phenomenal choice. Well, it would be if it weren't so well known, but you get the gist. 
  4. Security Questions... Lie! -- Sadly, many banks and financial institutions present us with "security questions" -- These are questions that only we are supposed to know, which allow us to reset our passwords and/or access an otherwise locked account. Here's the problem... the answers to most of these questions are relatively easy to find on public record. Remember the celebrity "hacks" of iPhones a couple years ago? Those weren't hacks at all. Each of those public figures answered those questions for their account honestly... What's your pet's name?... Jasmine. When did you graduate high-school?... 1999. What's your mother's maiden name?... Smith. All of this information is easily collectible if someone wants to find it. The solution? Answer these questions, but answer them with bogus information. "What high school did you graduate?... TheMoonLanding" -- and so on. Of course you have to store your incorrect answers and treat them like mini-passwords, but ultimately it means that ONLY YOU know the real answers and not someone who researches you online. 
  5. Two Factor Authentication -- Even with excellent, long, random passwords, a site or service will eventually be hacked. Thus exposing you to attack. Any chance you get, set up 2-factor-authentication. This basically means that any login to the system/service requires that you verify it with a code sent to your cell phone. Unless you're the president of the US, no one is going to go through the trouble of trying to compromise something like that. It's astoundingly difficult. 

There are other tactics and tools I'd recommend for creating a fully secure enclave in protecting your digital life, but for now these are the basics. If you follow everything I've listed above and update your current (and most sensitive) accounts using these recommendations then you'll be more secure than 99.999% of people in the world. There's no guarantee of absolute security, but unless you're specifically targeted, you'll remain protected from the vast (vast) majority of attacks. And that's the ultimate goal.

At Stellar, we want to encourage and foster best practices in security, reliability and efficiency. We hope this post helps guide you towards that goal. Please share this with as many of your friends and family members as you can and if you have any questions or comments on the above, don't hesitate to reach out to our team info@gostellar.co. We're eager to help.

All the best!

Micronova Launches Redesigned Website

Micronova is recognized as a leading manufacturer and supplier of cleaning products for the most demanding applications and environments. From semiconductor wafer fab facilities to sterile hospital environments, Micronova has everything needed to tackle the most demanding cleaning needs.

Stellar is proud to announce the launch of Micronova's new website, digital product catalog and a completely new and updated brand expression and visual design. The Stellar team worked closely with Micronova stakeholders over the last several months to rebuild their digital presence from the ground up. You can view the new site at: http://www.micronova-mfg.com/

L.A. Works Delivers Rewarding Mobile Moments

L.A. Works (www.laworks.com) is a volunteer action center that creates and implements hands-on community service projects throughout the greater Los Angeles area. Stellar partnered with L.A. Works to deliver an entirely new mobile app that rewards volunteers, keeps partners and sponsors top of mind and allows L.A. Works to maintain relationships with its community networks anywhere, any time.

Stellar undertook the project as a pro bono effort and developed the mobile app as part of an on-going, multi-year partnership with L.A. Works. Many of Stellar's team members have also supported L.A. Works as volunteers and our own Martin Pedersen is a long-term member of the L.A. Works Board of Directors.

Help support your community by visiting the L.A. Works website and finding an opportunity to contribute. And while you're at it, download the L.A. Works mobile app at: Google Play Store | iOS App Store

Paychex Launches Redesigned 401(k) Financial Advisor Website

Paychex faced an interesting challenge. While primarily known for their payroll and record-keeping services (where they are the de facto solution for small businesses) they are also a significant player in the 401(k) space. The challenge was that no one really knew this. The market perception was that Paychex dabbled in the 401(k) space but if you needed a big fund solution then you went elsewhere. So, what's a brand to do?

Working closely with internal stakeholders from almost every division of the company, Stellar created an entirely new digital experience designed to bring Paychex's expertise and their comprehensive array of 401(k) products and services to the forefront of the redesigned site experience. The site specifically targets Financial Advisors and rounds out the product information with value-added tools and resources that allow Paychex to build on-going relationships with this mission-critical audience. You can view the new site at: http://www.paychex.com/advisors/

Website Launch: MessageHub by MyLife

MessageHub Site Launch

MyLife CEO Jeff Tinsley and his team had a simple goal – radically change the way people interact with email, social, text and chat by integrating and prioritizing all of those communication streams in a single, comprehensive app called MessageHub. MyLife tapped the Stellar team to design, develop and deploy the marketing website that would convey the MessageHub value proposition to millions of consumers.

Starting with key stakeholder meetings at MyLife, Stellar's project team rapidly developed a deep understanding of the MessageHub business, brand and marketing objectives. Next, Stellar worked closely with the MessageHub product development team to clearly define and prioritize the consumer messaging the marketing site would need to deliver. With the marketing platform defined, Stellar's UX and design teams developed the information architecture and creative execution that brought the MessageHub brand to life online. Finally, Stellar's technology team integrated the front- and back-end solutions to deploy, test and launch the marketing site.

Website Launch: McDonald's New York Tri-State Website

McDonald's Site Launch

In conjunction with IW Group, Stellar is happy to announce the launch of the redesigned website for McDonald's New York Tri-State. The new website provides a fresh digital approach for McDonald's largest region - where the website showcases company news and special offers that are specifically catered to the New York tri-state community. It also allows visitors to easily sign up to become members of the McDonald's Extra Values Club, where members are given access to exclusive promotions and updates that can be seen via the website.

Agency Mission Statements

Agency Mission Statement

Before we launched Stellar, we went through the same exercise that any agency goes through when figuring out what its mission and values are. We looked at all the usual suspects – what did they say and why. In the end, we created what we thought was a great story on who we are and why we were launching Stellar. We weren't necessarily wrong. But we were a little shy on being right.

We are still a young company and brand with 8 months under out belts. We have come a long way in that 8 months and learned some powerful lessons along the way. While we are ahead of our financial target, we feel like we need to update our values and mission to reflect the things we have learned thus far. Our first version used all the right keywords and jargon. But it lacked soul. And authenticity. Like many powerful lessons, this one is common sense. But it's easy to lose sight of those simple things when you are moving at light speed. What is that simple lesson? Know who you are and what unique qualities you bring to the table. Don't try to be like everyone else. Just be yourself.

What we have come to realize is that, luckily, we are different. Very different. And we couldn't be happier about it.

Our message online is still the same, but here is a list of who we really are:

  • Believe - believe in who you are and what you bring to the table
  • Accomplish - understand that your clients needs are ever changing and challenging, but strive to accomplish their requirements
  • Gratitude - have gratitude for what you get to do every day
  • Happiness - find happiness in the above three and that is all we really need
We are grateful for our past experiences at some of the largest agencies, but we truly appreciate who we are today and what we bring to the table for our clients. We are humble and hungry. Not a bad philosophy in today's market.

We are thankful for the clients that got us to today and for the clients of tomorrow!

At Stellar, we are not 100% sure what tomorrow's landscape will look like, but we know that we are smart, nimble and ready to solve any challenge or requirements coming our way!

Website Launch: 2014 LA County Fair

LACF Site Launch

Stellar is thrilled to announce the launch of the first phase a new redesigned website for the 2014 Los Angeles County Fair (LACF). The new responsive website was designed and built to be accessed across a variety of digital devices from smart phones to tablets to laptops. With a five month lead, phase 1 focuses heavily on attracting sponsors, vendors, volunteers and partners to participate at this year's event. In addition to providing business to business information, the website offers pre-established sections for consumer content to follow in the upcoming months.

Unlike previous renditions, this year's website speaks to both new and returning visitors as a destination for discovery. The parallax motion built into the visual elements not only alludes to the notion of discovery but also exudes a fresh and fun experience as one browses.

Visit LACF.com for more

Website Launch: Accelerated Sports Peformance

ASP Site Launch

Stellar is excited to unveil Accelerated Sports Performance's newly redesigned website. This website launch of AccelerateSP.com focuses upon increasing customer awareness by promoting expert athletic training programs customized to each individual. The website features distinct categories of information for ease of use and bold visual design that captures the essence of key training moments. Beyond its marketing purposes, the website also features a blog section that helps educate customers on tips and best practices. Built upon the WordPress platform, AccelerateSP.com was designed to be a website that can continue to evolve via the simplicity of adding and refreshing content.

Stellar Celebrates Office Opening in Redondo Beach, CA

Stellar Office Opening

On February 20, 2014, Stellar and LA Marketing + Media celebrated the opening of our office space in the Riviera Village in South Redondo Beach. With about 80 attendees, the space was buzzing with drinks, food and fun. A big thank you to everyone who was able to come and share this monumental occasion with us! More to come soon. Accelerate Excellence!

Stellar Launches New Website for Coupons.com Incorporated in Support of IPO

Coupons Site Launch

Stellar is pleased to announce the launch of Coupons.com Incorporated's (NYSE: COUP) newly redesigned website. To support Coupons.com's initial public offering announcement, the new website was designed to be fully responsive in order to be viewed across a variety of digital devices from smart phones to tablets to laptops. It features an optimized user experience with concise navigation, a contemporary visual design, and focus upon product and service offerings. From a business perspective, Stellar designed and developed couponsinc.com on the WordPress platform where Coupons.com's internal team members can easily manage and update the website without requiring an extensive technical background.