|

Tips Tuesday – Login Security, GA4 Course, Creative Burnout

Hello Happy Site Owners and Webmasters!

Tips Tuesday – Login Security, GA4 Course, Creative Burnout

Tips this week include:

  • The new Hub has launched for my DIY site audit clients
  • Progress on the upcoming GA4 course
  • Why the Uber hack matters to you
  • Why and how to rotate and protect your passwords
  • Tips for using LastPass safely
  • Why not to reply to email and text messages
  • A cautionary word about using smart devices and apps
  • Are you suffering from creative burnout?
  • How to track what you’re doing and why to let some of it go

Listen to the Podcast

BlogAid Happenings

Learning Center Theme Update Today

Last week we got the Webmaster Training theme updated. And now it is fully WP and Gute compliant and I am so happy with it.

Today, the BlogAid Learning Center theme will be updated. That’s where most of the courses are, like the DIY SEO course and such.

It was already Gutenberg compliant, but it had all manner of old code and styles and such that were left over from being tweaked on over the years.

The site will be in maintenance mode during the change over and will be available again as soon as possible.

BlogAid Village Happenings

Introducing the New Hub

My DIY site audit clients get extra perks and support in what was called the BB Hub, which was short for a crazy name I made up so no one could easily find our Facebook Group.

And then it went to a paid program which I called the BB Hub Plus.

And now it’s getting a new name because I had to rebuild the membership part of it.

Thank you to Krista for the new name, which I’ve shared with all of the members.

But publicly I’ll be referring to it simply as The Hub, since we have folks in all 3 versions right now, and so I can keep the group part of it hidden.

Making the Switch

If you renewed this month into the BB Hub Plus, look for an email that I sent over the weekend with how to get into the new Hub.

And for anyone in the BB Hub Plus now, I’ll be sending invitations by the month for anyone who is about to renew that month, and a link to make the switch.

For folks still in the free BB Hub, and for new site audit clients, you’ll get a discount link to get into the new Hub straight out.

BlogAid Course Happenings

GA4 Course Progress

The Learning Center and Hub revamp took up most of my time for the latter part of last week. So, I didn’t get as much done with the GA4 course.

But, I did get to dig a little deeper into the reports.

The default reports are worthless.

You will definitely want to create your own custom reports.

And let me tell you, what you can track in GA4 is amazing.

Plus, you can split all those metrics out into individual reports, which makes for less clicking and it’s far easier to see just the metrics you want to drill down into.

Honestly, the reports have me so excited that I think I will be starting the course with them.

Once you see what you can track, you’ll be excited too.

And then we’ll go through the settings that impact that report.

That way you’ll be able to connect the dots with all the various settings in all the various places and the whole thing will make a whale of a lot more sense too.

Plus, it won’t be boring, like all of the Google documentation and every other tutorial or info page I’ve seen about it. They just go through each setting and it’s painfully boring, plus you have no way to really understand what any of them do, or why you need them, or how they coordinate with anything.

I’ll be digging in super deep this week with making all of the report scenarios and that should give me the overall outline for the course.

And then I’ll be digging deep into Google Tag manager, as GA4 is so much more powerful with it.

From there, it’s just a matter of recording the tutorials. And I’m definitely going to break them up into super small chunks to make it easier to take the course and have little milestones along the way.

I’ll keep you posted.

That’s all the happenings around here. Let’s jump into this week’s tips and news.

Security Tips

Why the Uber Hack Matters to You

This past week a single 18 year old was able to hack into every single account held by the Uber company, including their AWS site file storage, their social media, and even all of the super secret company info files.

He came forward and shared how he did it through what’s called Social Engineering one of Uber’s employees.

And I want you to pay close attention to how this happened because you may be just as careless with protecting your logins as that employee was.

First, the hacker got hold of an Uber employee’s login credentials. It contained the employee’s email, username, and password.

When the hacker tried to use it, a 2-Factor Authentication token, or 2FA token, was sent to the employee’s email. 

And of course, the employee ignored it, as he did not try to log in.

After a few of these failed attempts, the hacker simply emailed the employee with a proxied email address that made it look like it was coming from Uber’s IT department, asking for the last 2FA token.

The employee replied to that email with the token.

Okay, that’s the social engineering part of this hack.

Let’s break it down.

Rotate and Protect Your Passwords

First, are you rotating your passwords regularly on every online account you have?

I guarantee that one of your account logins somewhere has been compromised at some point.

And that info is being sold on the hacker black market from now until forever.

They’ve got your email address, user, and password.

You’re not going to change your email address, and will likely never change your username either.

That leaves your entire security hanging on your password.

THIS is why you need to rotate passwords on every online account you have – and do it on a regular basis – at least annually.

THIS is also why you cannot use the same password for multiple accounts.

About LastPass

Get LastPass, or one of the other password vaults and let it create a unique, strong password for each of your accounts.

What do I mean by a “strong” password? Make it 16 characters of gobbilty goop with upper and lower case letters, numbers, and special characters.

And here’s how to protect your LastPass account:

  • Do not store your LastPass login credentials on your computer or device.
  • Log out of LastPass before you close your browser, as it will auto fill in your credentials otherwise.
  • Rotate your LastPass password once a year too, and don’t use any password you have ever used anywhere before.

Here’s why all of this is necessary.

When the Uber hacker got into the system through the employee’s login, he found a back door and went straight to a drive that had a master file that contained all of the admin login credentials to everything in their company.

That file should have been heavily encrypted and isolated from the rest of the system.

Nothing about your computer or phone is encrypted or isolated from itself.

This is why you HAVE protect yourself, and LastPass, with these extra steps.

Don’t Reply to Emails and Messages

Here’s how else to protect yourself.

If you receive an email or SMS text message or Facebook Messenger message, don’t reply to it and don’t click on any links.

On your computer, log in directly to the vendor and see if there are any messages or notifications for you. If you can’t find any, you can also contact them to ask about it.

It’s Not Too Much Trouble

And if you think all of this sounds like a lot of time and trouble, consider how much time, trouble, and expense it would be to get your accounts hacked.

I have well over 100 online accounts and I can’t use LastPass or other password vaults due to the confusion caused by logging into the same vendor accounts for myself and my clients all day.

If I can take the time to manually rotate passwords on all of my accounts, you have zero excuse to not do yours via LastPass or another password vault that makes it easy.

Smart Apps, Crypto, Security Systems

And if you do crypto or such, most definitely get another computer for that and use a totally different email for all of your accounts with it too. 

Do not put that stuff on your phone. 

I don’t put banking stuff on my phone either. 

In fact, I don’t have any “smart” apps on my iPad. And I’m sorry I have to have my wifi router app on my phone now too.

The Internet of Things (IoT) gets hacked all the time. These are your smart devices that are connected to your wifi.

When the thermostat gets hacked, they may be able to take over your router and hack everything else connected to it, especially smart devices that have very little security.

All those IoT devides are used as fodder in DDoS attacks that overwhelm parts of the internet and break it, or help them break into a host server.

I think folks who have a wifi connected home security system are nuts, especially those that have indoor cameras and all of it is connected to an app on their phone.

That phone can be lost, stolen, or hacked.

And to top it off, so many folks use free wifi when their out.

You have no idea if the router you’re using at your favorite cafe has been compromised or not. And now they have your phone compromised too.

Be Safe

I hope you will receive all this info today and do what you need to do to protect yourself online.

Don’t be like Uber and let one kid break into everything you have online and everything you’re connected to through a device.

Bottom line: Don’t trade convenience for security.

Productivity  Tips

Are You Suffering From Creative Burnout?

Creating great content takes time.

Staying in touch with your audience takes time too.

We all know that we need to be consistent with our content, marketing, and nurturing our audience.

But, are you just putting out stuff to keep that hamster wheel in motion?

Is the quality of what you’re putting out suffering because of it?

The nice folks at the Content Marketing Institute have a good article on Creative Burnout.

Have a look and see if what they say about it applies to you.

Let Some of It Go

I know many of you are in high gear right now with trying to get ready for the holiday and end of year push. Me too.

But, I hope you will take a moment to grab a notepad and pen and keep it handy this week. Or maybe your favorite note taker on your phone or such.

Put the date at the top.

Then write down every business-related task just as you start it.

You don’t have to keep up with the time that task takes. Just list the task.

Then the next day, put the date down and start listing your tasks again for that day.

Do this for a week or two.

You’ll get a clear picture on where you’re spending your energy.

And then look at the tasks that don’t return much for the effort.

Seriously consider dropping them.

I’ve been dropping stuff all year.

I dropped two of my courses that were taking a ton of time to keep current and thus barely breaking even on profit.

I also stopped posting to Pinterest and a few other social media accounts that are bringing me nothing in the way of traffic.

And I completely stopped writing for Google and YouTube with BlogAid.

The only posts I put out now are Tips Tuesday and then any tutorials that my DIY site owners or Webmaster members need.

I also dropped 5 Facebook groups where I was spending way too much time answering questions for free only to get mostly ill-fitting clients.

That freed up a whale of a lot of time and more importantly, a whale of a lot of energy.

And I’m putting all of that to use with the new GA4 course that all of us need.

I’m also able to put way more time into the folks who are already paying me, like The Hub members, and the DIY SEO course and Webmaster Training members.

And I’m about to start a Finder’s Fee program for good-fitting site owners they send my way for services and consults.

I’m also outsourcing all I can, like these member site theme revamps and email list segments for new memberships and such too.

What I’m going to make on the GA4 course will more than pay for what I outsourced. 

In other words, I’m spending time and energy on what makes me profitable.

I’m letting go or turning over any tasks that don’t directly contribute to my profit.

What are you spending your time and energy on?

What can you drop or turn over so that you have the time and energy you need to produce what brings you money directly that only you can do?

You’re not a blogger anymore.

You’re a savvy online business owner.

Check how you’re still thinking about what you do and how you earn income.

Shift into a money-making mindset, not a mindset of “I churn and burn and hope I make money” way of doing what you do.

I’ll tell you, all this letting go has done wonders for raising my energy and reducing my stress levels. It’s been such a relief. And I’m excited about my work again.

I hope you’ll find that same relief and get energized soon too.

Wrap Up

That’s a wrap for this week’s Tips Tuesday.

Thanks for sharing this podcast and post with your blogging buddies, and for leaving comments and reviews too.

Subscribe to all BlogAid Posts via email so you never miss anything!

Be sure to visit BlogAid.net for more tips and resources and I’ll see you online.

6 Comments

  1. All good tips for safety! You can use Last Pass, no matter how many accts you have with the same vendor. If you set each one up properly, when you go to login, you can pick which acct to login with. I have multiple accts with same vendor and use LastPass daily.

    1. That’s good to know, Deb. But I don’t retain any client logins as they are coming to me for short-term services. So, it’s just a hassle to deal with any type of login vault.

  2. Yesterday I realized I’ve been using the same password for one account since it was setup about 20 years ago. It’s so easy to remember! Time to change. Thank you for the push.
    I’m glad you’re excited about your work again – I really appreciate what you do!

    1. Yep, a few years ago, before I knew all this about security, I had the same password on several accounts for years. I was floored to see just how many online accounts I have for personal and business use when I started documenting them all!! I have to do updates in batches, but it helps me sleep at night.

  3. I love the way you can pack so much information into a post that just doesn’t take long to read but gives much to think about.

    You and Michelle helped me create a site many years ago that I dearly love but because of different situations in life, I have never been able to take it where it could go. So, in the theme of dropping/letting go of things that are taking too much energy with no reward, would it be possible for you to give (in Tips Tuesday) a quick run down of the difference between sunsetting a site and just letting the domain expire? Or if you could point me in the direction that will help me make the best decisions in letting a site go, I’d greatly appreciate it.

    Thanks for all your hard work you do for everyone!!

    1. Lots of folks have had their lives turned upside down since 2020 and they are giving up their sites, especially those who were trying to run it as side income.

      Sunsetting means removing all of the content from view. But that does not necessarily mean having no online presence. It really depends on your audience and engagement and what the site was connected to. I do consults with folks before helping them sunset their site to talk through those choices and the details of the decision made. It’s different for everyone.

      And the site does need to be taken care of properly to avoid security issues and such.

      But, no matter what decision is made, you would not want to let go of the domain name.

Comments are closed.