This is Part I of a new series on basic security for the average web user. While most of us recognize that the web is an unsafe place, many people engage in practices and habits that put their personal information at risk, often without even knowing it. This series will highlight a few of these areas and provide some easy solutions.

None of these are catch-all solutions - internet security is more a combination of measures than a single solution. Think of each step as way to increase the height of your fence that prevents would-be internet assailants from invading your privacy and finances.

Email Accounts Are a Crucial Security Barrier

Your email account is usually the gateway to your online accounts, and control over it is crucial to keeping your information safe. Many sites - including Ebay, Paypal, banks, and trading sites - will let you reset your password if you have access to the email registered with your account. Therefore, your email account is one of the most important pieces of your internet security. Someone with access to your email can gain control of almost every online account you have by resetting your passwords one by one.

A Real Story

A friend of mine was victimized in this way. Her Gmail password was stolen, and the hacker immeadiatley changed the password on her account. She was completely locked out of her email, and the hacker started to change the passwords on her other online accounts - Ebay, PayPal, and others.

This, as you can imagine, was a horrifying experience for her. She was fortunate to get out of this without any significant damage (more on how in a minute), but most of us will not be so lucky.

The Problem With Yahoo, Gmail, and Hotmail

You might wonder why the title of this post singles out Yahoo, Google, and Hotmail. These are good companies with solid products, I am not suggesting that there is a problem with them or their services. There are, however, two fundamental problems with using their email addresses for sensitive online information and financial data:

1. Most people know how to login to these types of accounts. All you have to do is go to yahoo.com, hotmail.com or google.com.
2. If someone gains access to your account and changes your password, it will be very hard to get one of them to change it back for you.

The first problem is somewhat elementary - having an email account from a popular provider means most people will know how to login if they do get your password. Getting an email account where the login page is more obscure (or better yet, is under your control) is much better choice.

The second problem is the major one. Have you ever tried to contact customer support for Yahoo or Google? Do you think they even have such a department for their email subscribers? My friend tried to call Google for help with her problem and was told to press 7 for customer support. After doing so, she heard a message that Google, at this time, does not offer customer support. Essentially, there is little or no recourse available through these companies for a stolen account. You get what you pay for.

In fairness to these companies, the support may improve in the future. But as of right now, I consider this problem a serious security risk for critical internet accounts and information.

Solutions and Best Practices

My friend was fortunate to know someone who worked for Google and who was nice enough to BEG the right people there to reset her password. But most of us will not be so lucky, and need to utilize the following two solutions:

1. Take control of your email hosting.
2. Protect your password.

Taking control of your email account is not as hard or expensive as you might think. A good option is to get your own domain (i.e. "www.yourname.com") and manage your email account yourself. Otherwise, you can pay for better email hosting through a variety of web hosts. These solutions have two important effects that can curb the problems above:

1. Logging into your email account from a web browser will be harder. A hacker would have to guess your mail sub domain or application path - "webmail.yoursite.com" for example. Depending on your needs and host, you might even be able to disable such access.
2. If someone gains access to your email account, you can handle the problem yourself. This is far more important than #1 and could mean the difference between quickly stopping a hacker in his tracks and being paralyzed while he slowly changes the passwords on all your online accounts. If you are paying a company for email hosting, they will be much more responsive and helpful than the companies that give accounts away for free.

Getting your own hosting is pretty easy - GoDaddy, Yahoo, and other web hosts all have plans where you manage your own accounts. Your ISP (Verizon, Time Warner, CableVision, etc.) may have them too. And it's not that expensive - most of these plans, even with your own domain, cost around $50-$70 a year, and accounts through your ISP are probably included in your monthly fee. Alternatively, another option is to find a friend who has his or her own domain/hosting (even if it's for their business).

Protecting your password is the subject of my next post. To give a quick summary, make sure your email account has a unique password and that you never give it out to anyone you don't trust. Also, don't ever send a password via email - there are a lot of people between you and the recipient that can read the message.

More to Come

Taking control of your email is a good first step, but there are some other easy ways to increase the security of your online world. Stay tuned for Step 2 on passwords.

There is lot of fuss made in website development meetings about the "Average Website User". I often hear statements like "Studies show that the average web user doesn't like drop-down menus.", or "The average web user ignores most sponsor ads if they are placed in a sidebar." Or there was the marketing exec who looked me in the eye and said, "The average web user uses Internet Explorer, not Firefox."

I'm going to let you in on a secret: there is no average web user.

Yes, There Are Average Behaviors

Now I have a bit of social science training, so I should add that I do not mean that average/median behaviors do not exist. I'm sure that a certain percentage of us hate or misuse drop-down menus, and Internet Explorer had an 85% market share when my marketing friend made his comment. These numbers exist, and studying them as general web trends is worthwhile to some degree.

The point is that the designing your website towards these median behaviors is a poor strategy. Instead of worrying about these statistics, you should instead focus on your actual audience and the context of your website.

The Average User is Not Using Your Website

Every website, even the big ones, have specific markets and audiences they serve. Each of these audiences is unique and uses the internet differently. Therefore, your website should be designed for YOUR users instead of a theoretical profile of median behaviors - it is unlikely that your audience consists of too many people that match the "Average User" profile.

For example, drop-down menus might be a poor choice if your site offers information about retirement benefits for senior citizens. In general, older users probably have a harder time with them than younger users. But if your site is a directory for finding BitTorrent videos and concerts, drop-downs might provide a nice look and functionality your audience will enjoy.

I'm not trying to generalize based on age or site content, that would be impossible. I'm merely trying to show that your audience is most likely different than any "Average User" statistics might tell you. 55% of people might misuse drop-down menus, but 95% of the users of your site might find them helpful and pleasing.

Context is More Important Than Median Behaviors

Besides analyzing your audience, it's also crucial to remember that every site is unique and has its own experience and context. Is there any proof that the websites used to profile "Average Users" were anything like your website? Keeping with my example, drop-down menus might be great in a certain situation, but horrible in others. Instead of asking what the "Average User" likes, you should instead ask "What will THIS user do with THIS element on THIS page of THIS site?".

This idea of context leads to an important lesson in web design: there is no "right" way to design a website. Websites are much more unique and varied than this idea allows, and there are rarely any ideas that are 100% correct across all situations. There are best practices in most situations and things that are correct in 95% of circumstances, but there are few, if any, universal truths to web design.

Apply This To Your Website: Usability Testing

Instead of worrying about the "Average User", let's worry about the actual ones. Discovering the behaviors and trends of your users takes solid usability testing, which should be done during development. I'll save a complete explanation for another post, but the basic idea is to test your potential designs on real people who are in your general audience. Then, instead of saying "55% of web users like XYZ", you can say "95% of REAL USERS of our website liked XYZ and used it appropriately."

And the next time someone asks about the "Average Web User", please respond that he/she/it has not be heard from in a long time.

Welcome to our new blog. I thought I'd start by talking about our web design process. There are too many design companies do things backwards, and your website can be seriously affected by such practices.

Why This is Important

A lot of web design companies start by asking clients about urls, site colors, and hosting platforms. They ask some questions, get a quick idea of what the website needs to do, and shortly thereafter start producing potential site designs.

While that might sounds OK, here's the problem: The best coders and designers in the world cannot make up for shoddy planning.. The above approach will almost always lead to revisions, architectural problems, and missed opportunities for your website. Instead, a web design company should initially focus on the content, functionality, and overall purpose of the website.

Web Design by Pixalt

We start with more fundamental questions. If you went to a contractor and asked for a building they would ask you questions like "What kind of building do you want?" before they asked "Do you want blue or green siding?" We use a similar approach, and it yields websites that are cohesive, powerful, clear. Here's how:

Step #1: Hold On While We Find a Pen

The first thing we do is help our clients establish the purpose, uses, and goals of their website. We ask questions like these:

1. What is the purpose or goal of the website?
2. What will your clients and users want from the site? What will draw them in?
3. What will you and your staff want from the site?

You should know your website's purpose, even if it's as simple as "to give potential customers information about my business." Are you trying to sell a product? Are you trying to attract users and then charge for advertising? A clearly defined purpose is the key to good site design.

Once we've established these, we'll help you think of everything the different groups of people might want to do on your site. What features might attract your target audience and help you build a customer base? Is there a part of your current administrative work that the website could handle? We'll also help you consider the future - what might the site need to do in 5 years?

We can't stress how important it is to spend time on this step, it will be more responsible for the success of your website than any other.

Step #2: Research Your Competition

Every website and business has competition. We will ALWAYS research your competition, and we'll encourage you to do so as well. Researching websites similar to yours will give you ideas for your site, a sense of the experience of one of your users, and a better idea of how you want your information to be organized and presented. You should look at everything from design to functionality. If you like something, bookmark the site or write it down. And if you hate something then write that down too. The more information you can gather at this stage the better.

Step #3: Diagram the Website Site as Best as Possible

By now we will have an emerging vision for your site. But before we start designing and coding, we need a bluperint. Our designers will process all of the information we've gathered and diagram your entire site. Once we have the information, layout, and functionality in place, we'll solicit your feedback. Often this will take a couple rounds of edits. The goal here is to put the best vision of your site together that we can, before anyone writes any code.

Step #4: Visual Design

Now it's time to design the website. Our designers will incorporate your company's logo and branding into potential designs. We typically provide clients with several designs to chose from, and allow for editing and fine tuning as well.

Step #5: Programming

Once you've settled on a design template, our programmers will create your site. We usually set up a temporary location for the site so you can check on the progress. We will also test the site as we go along to ensure that the links, functionality, and design are in perfect working order.

Step #6: Testing

When your site is nearly ready, we put it through rigorous testing. Every link, feature, and page is tested repeatedly to ensute there are no problems. For sites with a lot of features, usability testing is recommended.

Step #7: Launching

After you give the final approval, we'll launch your site. Some sites are launched in stages, depending on their nature and marketing tactics.

Step #8: Maintenance

All websites need to be maintained and edited - very few websites are ever "finished". As time goes on you will likley want to add new sections, update information, add features, and more. We usually build sites with content management system so that clients can do as much of this on their own as possible. Or, we also offer maintenance contracts to do the work for you as needed.

Conclusion: Website Design From The Inside Out

The best websites come when we help our clients think about their website's purpose and goals before worrying about technology and color schemes. Designing a website is like building a house, both are far better with the right planning, blueprints, and foundation.

Also notice that this guide makes little mention of technology. A common mistake is to fixate on a certain technolgy before finishing Steps 1-3 above. Information, functionality and purpose are more crucial, and they often dictate technological decisions. We want our clients focused on goals and substance, not whether their site should be coded with PHP or ASP.NET.