2014 - Christopher Carfi

October 25, 2014October 25, 2014

You’re doing awesome

Just saw a great lightning talk from Mickey Kay at WordCamp SF 2014. It was only about five minutes long, and was a great reminder of the fact that we are all newbies. Even if you’re an “expert” in a field, there’s always more to learn. More importantly, if you are truly a n00b, there is one thing to remember, first and foremost. That thing is: You’re doing awesome.

You’re trying. You’re doing. You’re actually moving forward, even if it doesn’t feel like it at times.

Mickey then shared his three rules for keeping the forward momentum going.

Make as much as possible.

Make as much as possible. Be a creator. You power through the newbieness by getting your hands dirty.

Share your problems.

Share your problems. As much as you like to think it, you’re not a unique snowflake. Someone else has had this problem before. Maybe they can help you. Or, if someone else is also having the problem now, maybe you can work on solving it together.

It’s okay to not know.

It’s okay to not know. You don’t know everything. Neither does anyone else. In Mickey’s anecdotal survey of a number of “experts” in the WordPress field, he said that over 40% stated that they are often exploring new ground when they’re trying to solve a problem. There are no rote answers. It’s okay to be discovering as you go along.

Good reminders for all of us.

June 8, 2014June 8, 2014

It’s most definitely go time: I’ve joined GoDaddy

It’s official: I’ve joined GoDaddy. I am incredibly stoked.

(Ob disclosure: while I’m now an employee of GoDaddy, these are my personal opinions.)

This is a company that has gone through an incredible maturation process in the past few years, and where the company is now is miles ahead of where it was even 24 months ago, both in brand and in product. The T&A Super Bowl ads are long gone, the products are getting solid reviews, and a lot of attention is being paid to customers: from small businesses to web designers and developers (including WordPress, Drupal and Joomla!) to mobile and local.

In particular, I’ll be working with our customers who are web professionals, ensuring that we’re engaging with communities of designers and developers and delivering the content, community and product that help this very important constituency kick ass.

Tomorrow is my first “official” day.

Let’s go!

godaddyshirt

New job == new swag sweatshirt. Bonus.

April 14, 2014May 21, 2014

How to enable two factor authentication on 50 top websites including Facebook, Twitter and others

Padlock 800px

Two factor authentication (also called 2FA) is the term for a second form of authentication that is required before a web service allows you to log in. Many web users decide to combine that with their own vpn (check out the best vpn for canada for more information) to further increase their online security when making use of web services. Typically, 2FA is enabled by sending a text message with a one-time code to your mobile phone, which you then need to enter in addition to your password. (This is often referred to as needing to have “something you know” such as your password, and pairing it with “something you have” such as your phone.)

Decided to do a little research on a number of common web services, in the wake of the Heartbleed bug from this week. While engaging in a best practice such as using a different password for every site and managing those passwords through a password manager (e.g. LastPass or 1Password) can provide an increased level of security, enabling 2FA is another highly recommended tool in the personal security toolbox. So, without further ado, here are the links to enable 2FA for fifty top websites. If you see any errors, or have other sites to add, please leave them in the comments and I’ll try to update this list.

Site	Comments	How to enable 2FA
Adobe Creative Cloud	Adobe Creative Cloud does not currently support 2FA.	N/a
Amazon.com	Amazon.com and Amazon Prime do not currently support 2FA.	N/a
Amazon Web Services (AWS)	“AWS Multi-Factor Authentication (MFA) is a simple best practice that adds an extra layer of protection on top of your username and password. With MFA enabled, when a user signs in to an AWS website, they will be prompted for their username and password (the first factor – what they know), as well as for an authentication code from their AWS MFA device (the second factor – what they have). Taken together, these multiple factors provide increased security for your AWS account settings and resources.”	http://aws.amazon.com/iam/details/mfa/
Apple iCloud	“Two-step verification is an optional security feature for your Apple ID. It requires you to verify your identity using one of your devices before you can: Sign in to My Apple ID to manage your account. Make an iTunes, App Store, or iBooks Store purchase from a new device. Get Apple ID-related support from Apple. Turning on two-step verification reduces the possibility of someone accessing or making unauthorized changes to your account information at My Apple ID or making purchases using your account.”	https://support.apple.com/kb/HT5570
Apple iTunes	“Two-step verification is an optional security feature for your Apple ID. It requires you to verify your identity using one of your devices before you can: Sign in to My Apple ID to manage your account. Make an iTunes, App Store, or iBooks Store purchase from a new device. Get Apple ID-related support from Apple. Turning on two-step verification reduces the possibility of someone accessing or making unauthorized changes to your account information at My Apple ID or making purchases using your account.”	https://support.apple.com/kb/HT5570
Bank of America	“The SafePass feature is Bank of America’s extra layer of protection against fraud and identity theft as you use Online Banking. The SafePass feature lets you authorize transactions using one-time, 6-digit Passcodes.”	https://www.bankofamerica.com/privacy/online-mobile-banking-privacy/safepass.go
Basecamp	“Add another layer of security to your account by enabling phone verification. Every time you sign in, we’ll send a text message to your mobile phone with a verification code. You can also verify your sign in with a phone call. Phone verification will be applied to all the accounts you access with your ID. You’ll also be prompted for a security code on mobile devices.”	https://basecamp.com/help/guides/you/phone-verification
BitPay	“For added security on your account, you can enable your smartphone as a second authentication method at login. Once two-factor authentication is setup, you will need to use it with your username and password at login.”	https://bitpay.com/two-factor
Bitstamp	“Phone verification will be applied to all the accounts you access with your ID. You’ll also be prompted for a security code on mobile devices.”	https://www.bitstamp.net/article/update-bitstamp-adds-support-two-factor-authentica/
Bluehost	BlueHost does not support 2FA.	N/a
Box.net	“In order to enable 2-step login verifications for your users, navigate to the Security tab within Enterprise Settings. In the Application Management section, check the box next to the “Login verification” label. Please note that if Single Sign On (SSO) is enabled for your account, you will not be able to turn on 2-step login verification.”	https://support.box.com/hc/en-us/articles/200520628-Admin-Console-2-Step-Login-Verification
Buffer	“2-Step Login, adds an extra layer of security for your Buffer account. Whenever you log in to your account, after entering your username and password, you will be asked for a second authentication code that was sent to your mobile phone via text or free mobile app.”	https://bufferapp.com/2step
CapitalOne	CapitalOne does not support 2FA.	N/a
Chase.com	“When you first attempt to log in to Chase Online with using the Chase Mobile browser, we’ll ask you to verify that you own the accounts you want to access. To do this, you’ll need to request an Identification Code, which you can receive by phone, email or text message. When you receive your Identification Code, use it to complete the activation process and log in to the secure site on m.chase.com. This helps protect your accounts from unauthorized access, even if someone has your login credentials.”	https://mobilebanking.chase.com/Public/Docs/Faq?nodeId=1&itemId=2
Cloudflare	“With web performance and security being the core of CloudFlare, we are always looking for ways to improve not just our customers’ website security, but their account security as well. Therefore, we are excited to now offer two-factor authentication for all CloudFlare accounts.”	http://blog.cloudflare.com/2-factor-authentication-now-available
Coinbase	“Two-factor authentication is a great way to make your Coinbase account more secure. What is it? Well, it’s a fancy word that basically means “getting a pin code on your cell phone” when you log in.”	http://blog.coinbase.com/post/25677574019/coinbase-now-offers-two-factor-authentication
Dreamhost	“Multifactor Authentication is a way to increase the security of your account that requires you to enter additional one-time passcodes before you can gain access to your DreamHost account. It’s a smart move that can help to protect you from hackers and website hijackers.”	http://wiki.dreamhost.com/Enabling_Multifactor_Authentication
Dropbox	“Two-step verification is an optional but highly recommended security feature that adds an extra layer of protection to your Dropbox account. Once enabled, Dropbox will require a six-digit security code in addition to your password whenever you sign in to Dropbox or link a new computer, phone, or tablet.”	https://www.dropbox.com/help/363/en
eBay	~~eBay itself does not seem to support 2FA, but purchases completed using eBay’s PayPal do support two factor authentication.~~ Update: @tehdpeh has pointed out that eBay uses the same 2FA system as PayPal	Via PayPal
Etsy	“When you first joined Etsy, you entrusted us with the responsibility to protect the personal information necessary to set up an account, make a purchase, or open a shop. In turn, we ensure that each new feature we launch on Etsy lives up to our high standards of security and Internet privacy. We are happy to share that today we’re launching three new optional security settings that offer Etsy members further control and visibility into their accounts. Additionally, as our platform has evolved in the last year, we’ve revisited our policies and are making several changes to our Privacy Policy. I’ll walk you through both below.”	https://blog.etsy.com/news/2012/safety-and-privacy-first/
Evernote	“We take the security of your data very seriously. Several months ago, we introduced two-step verification along with several other security features. Today, we’re opening two-step verification up to everyone.”	http://blog.evernote.com/blog/2013/10/04/two-step-verification-available-to-all-users/
Facebook	“Facebook has always been committed to both protecting our users’ account and information, as well as giving them more control over their Facebook experience. From our User Operations team, who work to re-secure compromised accounts, to the Engineering team that designs and implements new security features like login notifications, one-time passwords, and remote session management, everyone at Facebook is working to ensure users have a safe, enjoyable experience.”	https://www.facebook.com/note.php?note_id=10150172618258920
Github	“Two-factor authentication, or 2FA, is a way of logging into websites that requires more than just a password. Using a password to log into a website is susceptible to security threats, because it represents a single piece of information a malicious person needs to acquire. The added security that 2FA provides is requiring additional information to sign in. In GitHub’s case, this additional information is a code delivered to your cell phone, either as a text message (SMS) or generated by an application on your smartphone. After 2FA is enabled, GitHub generates a security code that is sent to your phone any time someone attempts to sign into your GitHub account. The only way someone can sign into your account is if they know both your password and have access to the security code on your phone.”	https://help.github.com/articles/about-two-factor-authentication
Gmail	“2-Step Verification adds an extra layer of security to your Google Account, drastically reducing the chances of having the personal information in your account stolen. To break into an account with 2-Step Verification, bad guys would not only have to know your username and password, they’d also have to get a hold of your phone.”	https://support.google.com/accounts/answer/185839?hl=en&topic=1056283&ctx=topic
GoDaddy	“Two-Step Authentication adds another layer of security to your account by texting you a validation code to enter whenever you log in or make important account changes.”	http://support.godaddy.com/help/article/7502/enabling-twostep-authentication?pc_split_value=4
Google Apps	“2-Step Verification adds an extra layer of security to your Google Account, drastically reducing the chances of having the personal information in your account stolen. To break into an account with 2-Step Verification, bad guys would not only have to know your username and password, they’d also have to get a hold of your phone.”	https://support.google.com/a/answer/184711?hl=en
Google+	“2-Step Verification adds an extra layer of security to your Google Account, drastically reducing the chances of having the personal information in your account stolen. To break into an account with 2-Step Verification, bad guys would not only have to know your username and password, they’d also have to get a hold of your phone.”	https://support.google.com/accounts/answer/185839?hl=en&topic=1056283&ctx=topic
Hootsuite	“HootSuite’s 2-Step Verification security feature uses Google Authenticator (powered by Google) to enhance the protection of your HootSuite account. Google Authentication uses something your know (your password) and something you have (your mobile device). You will receive a short numeric code on your mobile device to enter in addition to your username and password. Each code has a one-time use, and a new code will regenerate every 30 seconds. Paired with HootSuite’s Location Verification System, your HootSuite account has added protection no matter where you are.”	https://help.hootsuite.com/entries/22527304-Managing-Google-Authenticator
HostGator	HostGator does not support 2FA.	N/a
Instagram	Instagram does not support 2FA.	N/a
Intuit TurboTax	Intuit TurboTax does not support 2FA.	N/a
Joomla	“Two Factor Authentication (TFA) is a 100% Open Source, free to use security system for your Joomla site’s backend. Two Factor Authentication works in collaboration with the Google’s famous Authenticator App.”	http://extensions.joomla.org/extensions/access-a-security/site-security/login-protection/24822
LinkedIn	“At LinkedIn, we are constantly looking for ways to improve the security of our members’ accounts. All LinkedIn accounts are already protected by a series of automatic checks that are designed to thwart unauthorized sign-in attempts. Now, we are introducing a new optional feature that adds another layer of security to your LinkedIn sign-in: two-step verification.”	http://blog.linkedin.com/2013/05/31/protecting-your-linkedin-account-with-two-step-verification/
Mailchimp	“AlterEgo is a MailChimp app designed to add two-factor authentication to your account. Integrating AlterEgo with MailChimp helps keep your data safe by providing an additional layer of security that must be breached before an attacker can access your account. Because we feel so strongly about security, we also offer a 10% discount for MailChimp accounts integrated with AlterEgo.”	https://blog.mailchimp.com/alterego-now-works-with-google-authenticator-and-yubi-key/
PayPal	“The PayPal Security Key creates random temporary security codes that help safeguard your PayPal account when you log in. It comes in 2 types, each with different advantages: Security key: You carry this small credit-card sized device with you. It creates a unique security code on the go. Mobile phone security key: You can sign up to get security codes sent by text message to your mobile phone.”	https://www.paypal.com/us/cgi-bin/webscr?cmd=_security-key
Pinterest	Pinterest does not support 2FA.	N/a
Salesforce.com	“Two Factor Authentications – is a system wherein two different methods are used to authenticate. Using two factors as opposed to one delivers a higher level of authentication assurance.”	https://help.salesforce.com/HTViewSolution?id=000005464&language=en_US
Secret	Secret does not support 2FA.	N/a
Snapchat	Snapchat does not support 2FA.	N/a
Soundcloud	Soundcloud does not support 2FA.	N/a
StackOverflow	StackOverflow does not support 2FA.	N/a
Steam	“Steam Guard is an additional level of security that can be applied to your Steam account. The first level of security on your account is your login credentials: your Steam account name and password. With Steam Guard, a second level of security is applied to your account, making it harder for your Steam account to fall into the wrong hands.”	https://support.steampowered.com/kb_article.php?ref=4020-ALZM-5519
SurveyMonkey	SurveyMonkey does not support 2FA.	N/a
Target	Target does not support 2FA.	N/a
Tumblr	“TFA makes it especially difficult for anyone other than you (e.g., hackers, exes, et al) to access your Tumblr account. How? Well, aside from your regular login info, you’ll need a couple extra things to get to your Dashboard: Your phone (which you’ve password-protected, right?) A unique, single-use code (sent via text or generated by an authenticator app)”	http://www.tumblr.com/docs/en/two_factor_auth
Twitter	“Every day, a growing number of people log in to Twitter. Usually these login attempts come from the genuine account owners, but we occasionally hear from people whose accounts have been compromised by email phishing schemes or a breach of password data elsewhere on the web. Today we’re introducing a new security feature to better protect your Twitter account: login verification. This is a form of two-factor authentication. When you sign in to twitter.com, there’s a second check to make sure it’s really you. You’ll be asked to register a verified phone number and a confirmed email address.”	https://blog.twitter.com/2013/getting-started-with-login-verification
Wells Fargo	WellsFargo does not support 2FA.	N/a
WordPress.com	“The Google Authenticator plugin for WordPress gives you two-factor authentication using the Google Authenticator app for Android/iPhone/Blackberry. If you are security aware, you may already have the Google Authenticator app installed on your smartphone, using it for two-factor authentication on Gmail/Dropbox/Lastpass/Amazon etc. The two-factor authentication requirement can be enabled on a per-user basis. You could enable it for your administrator account, but log in as usual with less privileged accounts.”	http://wordpress.org/plugins/google-authenticator/
Yahoo	“For Yahoo! checks not only the password when somebody-you, hopefully-attempts to log in to your account; it also looks at the location and computer whence the attempt is made. If one looks suspicious (say, a device you’ve never used before), Yahoo! Mail can require more than merely the password-if you have two-step authentication enabled.”	http://email.about.com/od/yahoomailtip1/qt/How-to-Protect-Your-Yahoo-Mail-Account-with-Two-Step-Authentication.htm
YouTube	“2-Step Verification adds an extra layer of security to your Google Account, drastically reducing the chances of having the personal information in your account stolen. To break into an account with 2-Step Verification, bad guys would not only have to know your username and password, they’d also have to get a hold of your phone.”	https://support.google.com/accounts/answer/185839?hl=en&topic=1056283&ctx=topic

April 8, 2014April 8, 2014

How to move a WordPress blog from WPEngine to GoDaddy

Disclosure: As of the time of this writing, I am currently consulting to GoDaddy, and this is my personal opinion.

After watching the Google Hangout with the GoDaddy Managed WordPress team, I wanted to check out the process from start to finish for myself. Here’s what I did, step by step, to move this blog from WPEngine to GoDaddy. I backed up my WPEngine installation (they have a tool to download a .zip file of everything on the site, which worked fine). If somehow you’ve managed to get here but you just want to learn more about hosting as opposed to moving hosts, then you can read these hosting reviews to get an idea of which one would be best for you! Anyway, here we go…

1) Sign up for GoDaddy Managed WordPress (or add it to your existing account)

This was easy. Go to http://www.godaddy.com/hosting/wordpress-hosting.aspx and choose a plan. This blog gets a moderate amount of traffic, with a few big spikes, so I went with the Basic plan.

I already have a domain, so I skipped the “get your free domain” option, but if I was setting up a new blog, that would have been a nice perk.

Okay. Piece of cake. So far, so good.

2) It’s go time!

Screen Shot 2014-02-28 at 4.40.24 PM.png

I clicked the button, and I was taken directly to my hosting homepage.

3) I clicked on “Set Up”

Screen Shot 2014-02-28 at 4.44.52 PM.png

Nice page. I clicked the green button.

4) Migrate my existing site

Ok, first moment of truth. I need to move the site from WPEngine, so I clicked on “Migrate Your Existing Site.”

Screen Shot 2014-02-28 at 4.47.09 PM.png

5) The GoDaddy migration tool migrated everything over from WPEngine for me

I need to put in my credentials so the GoDaddy hosted system could do the automated move for me.

I made sure I had both my WordPress login credentials AND my FTP credentials, since both are needed for the migration.

Here we go…

Screen Shot 2014-02-28 at 4.49.38 PM.png

And success!

Screen Shot 2014-02-28 at 5.31.58 PM.png

Only minor glitch was that I fat-fingered one of the credentials, so I needed to wait 20 minutes for the timeout cycle to complete. With that minor inconvenience, the process worked as expected.

6) Oh noes

I hadn’t received the email that I was supposed to telling me that my migration was done, so I logged into my account and found that for some reason the migration had failed. It ended up that WPEngine uses SFTP for their file transfers, not FTP. I let GoDaddy support know this (I just dropped an email to the support email address, but I could have also called), and they restarted the migration using SFTP instead of FTP.

7) All better!

Success! Going to my dashboard at http://gateway.godaddy.com shows all my sites, and the Social Customer Manifesto blog is there, at a temporary address. I dig the automatic screenshot of all the sites.

Screen Shot 2014-04-08 at 10.37.51 AM.png

Clicking on “Manage” took me to a WordPress dashboard. Everything looks sound.

Screen Shot 2014-03-01 at 10.11.29 AM.png

8) Time to move the domain over from the temporary domain to my permanent one

Screen Shot 2014-04-08 at 10.37.51 AM.png

I went back to the Gateway. Clicking “Settings” took me to a dropdown that let me tie the site to my https://christophercarfi.com domain.

Screen Shot 2014-04-08 at 10.44.19 AM.png

I clicked on “Add Domain.”

Screen Shot 2014-04-08 at 10.44.34 AM.png

I selected “socialcustomer.com” from the dropdown, and then selected the “Make this the primary domain for your account” checkbox.

Now I wait for a few minutes while things propagate.

Screen Shot 2014-04-08 at 10.49.38 AM.png

I waited about five minutes, and then refreshed my Gateway page. And…this looks promising!

Screen Shot 2014-04-08 at 10.51.07 AM.png

9) Success

And, that appears to be it. With the exception of the minor hiccup around the SFTP migration, everything went smoothly. My site is up and running and feels fast on the GoDaddy servers, at a fraction of the cost of WPEngine (about six bucks a month at GoDaddy). Winner!

January 31, 2014

What is bitcoin? And why should I care?

Have you been hearing a lot about Bitcoin, but still not entirely sure what it is? It might be time to learn more. After all, the new cryptocurrency on the block has left a lot of people very confused, and some lucky people a lot richer than they were before. It is essentially a new, digital currency that people can choose to “mine” via their computers, or to buy into. This is, however, a hyper simplification of what occurs on sites like Zipmex’s exchange, where people can buy and sell not only Bitcoin, but other forms of cryptocurrency (like Etherium and Litecoin, to name but two examples). Not only that, but these three are not the only cryptocurrency out there. Technically, there is a countless number of potential options that can be mined and created, bought and sold.

All of this can leave the less tech-savvy of us out there confused and lost. Even purchasing bitcoin can be a confusing first hurdle for many looking to get involved, although you can find out more on that when you visit xCoins. Thankfully, there are resources that break things back down to the simple bullet points. This makes these resources a great tool for those trying to break into these markets, for those looking to make a new investment, or for those who are simply curious and want to learn about it. As one example, this easy-to-read ebook answers the following questions:

What is Bitcoin?
Why should I care about Bitcoin?
How do bitcoins get exchanged?
Are bitcoins money?
Why should a business accept bitcoin?
Why should I personally use bitcoins?
What are the risks?

You can download the ebook at http://coindale.com/bitcoinbook.