I couldn’t resist this Post – after all, it is a cloud!

Go to Wired for some more weird clouds …

The use of Username and a Passwords for on-line user authentication is ubiquitous, it’s common, and therefore it’s a risk.  Technically it’s known as single-factor authentication, and as this phrase suggests it’s the weakest process used to verify somebodies identity and let them have access to your critical information on the web – other than giving them completely free access.

Salesforce use single-factor authentication to control login, but then potentially compromise even this.  The common error is assuming that you must use your email address as your Username, but this isn’t strictly correct.  The risk of using your actual email address is that leaves just one less thing to hack – a password.  Compound this with a weak password, and your Salesforce data (given any restriction imposed by the users profile) is open to the world.

Consequences of an insecure website

• Loss of business
• Destroy customer confidence and brand
• Legal liability
• Financial loss
• Costs of incident handling
(from a presentation at Barcelona DrupalCon, 2008)

So, firstly don’t use your email address as your Salesforce Username.  It will have to resemble an email address in structure, but not your actual email address.  You still need to enter a valid, and accessible, email address in each users profile – but more on this in a moment!

Secondly, use a good password.  For a good password do consider using, frequently changing, not sharing, and certainly not write down on a Post-it note and sticking it to the side of your monitor, …, a Secure Password.  Take a look, for example, at the on-line generator at the PCTools website, also available as an off-line generator – you should consider a password length of least six, and eight if you have Administrator rights.

If you’re not keen on these totally cryptic passwords then do try the following: use the first characters from each word in a line from a poem, or memorable phrase.  Sprinkle in a couple of digits, changes of case, or punctuation characters and you’ll have a secure password.

So, your Salesforce data is now secure.  Well – consider this: information security is all about identifying, and fixing, the weakest link.  If your Salesforce users have email access, which they must have, and they’ll certainly need in order to access Salesforce off-site, then their password to your email system is the weakest link!  Salesforce, and let’s be fair as do most Blogs and other Social Media sites like LinkedIn, Facebook, … allows users at the login stage to request that their password be emailed to them.  So having a weak, or freely displayed, email password gives access to Salesforce …

I use it so I must recommend it.  But, actually I do think it is the best of breed platform for Blogging, and probably the most popular blogging platform.

Now a Blog is your Real Estate,  your property that is fixed in location, on the web.  Your blog’s content is not like your content in LinkedIn, Facebook, or even Twitter – for it’s accessible by search engines, and not closed like those other forms of social media – you don’t have to login to view the full content.  So to be fully visible on the web you must have a Blog, and your choice of Blogging platform is critical.

So, here once you’ve got WordPress installed, are two links to get you started.  From Lifehacker (tag line:  Tips and downloads for getting things done) is The Beginner’s Guide to Tricking Out Your WordPress Blog, and from Mark Ghosh’s WeblogToolsCollection Schwag is WordPress for Beginners.

Of course, you must then install the All in One SEO Pack (SEO: search engine optimization) for a properly “executed SEO techniques will bring your website increased exposure, recognition, and will generate free traffic“, and Google XML Sitemaps a plugin that generates a XML-Sitemap of your blog that supports “Ask.com, Google, YAHOO and MSN Search.”

Then it’s just a matter of regularly generating interesting content, and “they will come” … easy – in’it.