Password length for my eir

While many online portals are embracing two-factor authentication and other security best practice, our telecoms utility eir seems determined to stop us using good quality passwords.

As you can see from the screenshot below, the self-service portal my.eir.ie doesn’t allow users to set passwords longer than 10 characters.

The error message on screen also notifies anyone (including potential hackers) that all passwords for the system are between 6 and 10 characters – which would be a massive help to anyone attempting a brute-force attack on the site, as it would reduce the number of password combinations they need to try.

This is a shocking example of bad security by design, and is a carryover from the old Meteor self-service portal. Someone at some time in the past chose to limit password length, which forces people to use short insecure passwords.

WordCamp Belfast 2018

I've been going along to some of the Dublin WordPress meetups in the last couple of months, and one of the things they suggested is for people to attend the WordCamp conference in Belfast.

It takes place over the UK bank holiday weekend of 25th-27th May 2018, in the Queen's University, and is for anyone who has a interest in WordPress. There are sessions for developers, designers, bloggers, and business owners.

Myself, I like to tinker with WordPress for my personal sites and blogs, and am keen to understand a bit more of the technical stuff – so I think this conference will be really interesting.

It also gives me the opportunity to get my techie geek on in a environment with like-minded people.

Migrating my WordPress blog to SiteGround

I was looking around for a different web hosting company, and decided to give SiteGround a try, because they seem to have a good quality service at a reasonable price.

I signed up for their GrowBig hosting plan that allows you to host multiple domains/sites on one account, and also fully supports the Let's Encrypt free SSL service

Google are keen for the whole of the web to be encrypted. They announced a few years ago that they started to boost web pages in their search results that are hosted on secure sites, and also that later this year the Chrome browser will highlight "Not Secure" web sites.

I had already played around with installing an SSL certificate for my richardbloomfield.com site, but SSL certs can be expensive to buy and maintain, and my old host would only allow me to install one cert on my shared hosting account – so I could only secure one of my domains.

To perform the migration of my WordPress blog between hosts, I followed the instructions on this page:

How to Move WordPress to a New Host or Server With No Downtime

It uses a plugin called Duplicator that does all the heavy lifting of creating a complete backup of your existing site – including the WordPress database (that stores all your posts, pages, comments, and settings), and all the WordPress files (the WordPress software itself plus any themes and plugins you've installed).

The blog installed without any problems on my new hosting account, and I was left with an exact copy of my old WordPress installation.

Then all that was left was to log into the SiteGround control panel and enable the Let's Encrypt SSL for that domain with a couple of clicks, and I was all set.

I also installed the SG Optimizer plugin that allows me to make use of the SiteGround dynamic web cache (which really speeds up my web site) and allows for a one-click option to force all blog traffic over the HTTPS secure connection.

You might want to whitelist your favourite web sites

Adblock plugins for web browsers are great! They block out all the annoying and distracting adverts on web pages, and make the browsing experience for visitors altogether more pleasant.

They're very popular – so popular that some web site owners are getting hurt from the lack of ad revenue. Publishers are fighting back using pop-up messages to try and persuade you to disable the adblock – and some even block access to their content until you whitelist them.

I'm not a fan of forcing people to turn off their ad blockers, but I have been thinking recently about the impact of using them.

I read an article a few days ago about a popular site that closed down because it wasn't making any money – and they cited the lack of ad revenue as a major contributory factor.

So it got me thinking about some of the websites that I visit every day – the blogs and news sites that I rely on for information and entertainment. I didn't like the idea that they might suddenly disappear because they had become financially unsustainable.

And so, short of actually sending the publishers of these sites money – something that's often not even an option – I realised that the only way I could give them my patronage was to whitelist them in the ad blocker. At least that way, they could earn a little bit of revenue from my visits. And I figured it was a small inconvenience for me to bear in order to support the writers I enjoy. 

New registration rules for .ie domains

From March 2018 the Irish domain name registry are making it easier to register a .ie domain name.

Following a consultation period, new liberalisation policies are coming into force to remove some of the administrative overhead in registering an Irish (.ie) domain.

Previously, if you wanted to register a domain you needed to satisfy the registry about three things:

  1. Your identity – by providing a copy of your ID,
  2. Your association with Ireland – demonstrating that you are Irish, resident in Ireland, an Irish business, or a business trading in Ireland,
  3. Your claim to the domain name – for individuals, this meant you could only register your actual name; and for businesses, your business name or trademark.

The change coming into effect soon is the removal of the 3rd requirement. You no longer have to prove your claim to a name. As long as you can prove your association with Ireland, you will soon be able to register whatever domain name you like.

The change is seen as a liberalisation of the IE registrations, and has been made to encourage Irish businesses and individuals to use IE domains who had previously been put off by the registration rules.

The negative side is that the change also opens the market to an increase in domain name squatting, or speculative registration. And so, businesses in particular are being encouraged to come forward and secure their name now before the changes take effect.