Google’s strongest security, do you need it?

Do you want the reassurance of knowing your Google account is properly secured? Have you had your Google account compromised before and never want to have to go through that mess again?

Previously we have written articles on important steps for all Google users (this means anyone that has a Gmail or GSuite account). Here are the most important ones:

If you don’t have 2FA (two factor authentication) enabled yet, you should probably do that first and then come back and read on. Sadly, only 10% of Google users have enabled 2FA  although it has been available for over 7 years and is dead simple to use. Don’t be in that 10%!

Google has recently released an even stronger form of authentication utilizing a physical device instead of a 2 factor code you receive via SMS or an app on your device. This may not be for everyone, but if you want the strongest protection for your Google account make sure you read all about it on their site here: Google Advanced Protection Program

So in review, if you don’t have 2FA enabled yet, you should that now. If you want even stronger protection, maybe this new Google device is for you.

Don’t wait until it’s too late before securing your online accounts.

Free Joomla updating service now available

XYZulu are pleased to announce a new FREE service available to any of our customers. We are now offering, at no extra charge, to keep your Joomla site as well as any installed components and plugins up to date for you.

This means that when a new Joomla security update is released we will automatically update your site for you. We’re offering this for FREE! Why should you keep your website up to date and secure? See the following post for more details: 3-ways-to-keep-your-website-working

How do I get this free service?

Simply open a ticket with us and we’ll make it happen.

We look forward to serving you even better in 2017.

3 Ways to keep your website working

internet2Imagine you have had a great new website developed. What can you do to ensure it stays up and running, is not compromised/hacked and continues to keep showing up in Google and other search engines?

Here are 3 simple tips:

1. Keep software and components/plugins up to date

Your website most likely runs on some software, perhaps Joomla, WordPress or something similar. This software is only secure if it is kept up to date. You’ll find keeping your website software up to date fairly simple these days. Simply login to the administration section and update any components that are out of date.

This will possibly reduce the likelihood of your website being compromised by 95% or more.

2. Enable SSL/HTTPS

We have written about this before, but some of our valued clients are still not sure how important it is. Unless your website is running via SSL/HTTPS (green padlock in the browser when you visit) you are at risk of being penalised by search engines. Read more about this here: Do you SSL/HTTPS? You should. Find out why

3. Host with XYZulu Web Hosting

At XYZulu Web Hosting we run up to date server software and even allow you to choose, for example, the version of php you want to run. See more on this here: Does your web host offer multiple versions of php?

The server that hosts your website needs to be kept up to date. Failure to do this could be similar to rarely updating your own computer software which will greatly increase the risk of having information stolen, or worse still, your computer being hijacked and used to attack others.

Don’t take the risk

While you may not give internet and website security the highest priority, taking these 3 simple steps will GREATLY reduce the risk of your website being compromised and/or losing credibility with your own customers.

We are here to help and are ready to answer your questions related to website security, please leave your comments below.

3 mobile security tips

Do you have a mobile phone or mobile device? If so, this post is for you.

We often don’t stop to think about the important role our mobile security plays in protecting our digital assets. But just think about what issues you might face if your mobile was stolen and the thief was able to access your apps/data. Would they be able to transfer money out of your bank account? Use your email to reset your email password? Could they have a sms with a verification code sent to your phone so they could reset the password to a number of other services you are subscribed to?

Here are our top 3 simple steps to secure your mobile:
  1. Have a numeric PIN of at least 6 digits set. A PIN of 4 digits is relatively easy to guess. With a day or 2 to spare a thief or hacker could easily guess your PIN, not so with a 6 digit PIN.
  2. Use TouchID or fingerprint access for any apps that support this method of login. If your device comes with a built in fingerprint reader, use it, whenever you can. This can provide an extra layer of security without the hassle of a password or PIN code when you open a banking app.
  3. Enable a “find my phone” option on your mobile device. For example see the options on iOS and Android. You need to enable these options BEFORE your phone is stolen, do it now. Once this is enabled, you can remotely wipe your phone if it is stolen.

Do you have any tips of your own? Any questions regarding the ones mentioned above? We look forward to hearing from you.

Secure messaging, how?

TextSecure_icon.svgSecure messaging on the internet, is this even possible?
Believe it or not, it is. Why should you be interested, and how can you also send/receive secure messages?

Secure messaging is actually possible

What is secure messaging and why should you be interested?

It’s fair to say that despite what you think or have been told, privacy on the internet is almost impossible. When it comes to security however, this is something within your reach. It is something you should be interested in.

Consider how end to end encrypted messaging works. You send a message to me, and only my device(s) can open/read your message. Even if the data was intercepted during the transmission process, it would be impossible for it to be deciphered. This kind of security is possible today.

Read more about end to end encryption here.

While you may not be discussing anything ‘top secret’, surely knowing that your message can only be read by the recipient is reassuring.


One free option is Viber (there are others). To see the details on how this works, see this Viber Support Article.

Basically, once you make a voice call and both parties click the secure padlock icon while on the call, an encryption key will be stored on both devices which ensures that all messages sent between these devices (your device and the other person’s device) cannot be read by anyone else. From that point on, voice and text messages with this person use full end to end encryption.

Do you need it?

It really depends on how securely you want to protect your information. When it comes to business, using secure messaging and data storage is essential to provide your customer with the assurance that you are doing your best to protect them and their data/information.

On a related note, do you offer your customers secure access to your website yet? If not, be sure to read our article on just how easy this is here: Do you SSL/HTTPS? You should. Find out why

Are there other messaging applications that you use and wonder if they are secure and also support end to end encryption? Let us know in the comments below and we’ll dig up the facts for you.

Sign in with your phone instead of a password

Instead of typing your password each time you sign in to your Google Account, you can have a prompt sent to your phone.

Security is important, but constantly having to type your password and enter your 2FA (you know, those codes that change every 30 mins) code can be tedious. You already have 2FA enabled I’m sure, but what about this new feature released by Google today? How does this work? Is it secure? How do you enable it?

GPHow does it work?

You simply tap the notification on your phone from Google to confirm, and you’ll be signed in quickly and securely. If your phone isn’t nearby, you can select “Use your password instead” on the sign-in screen.

Is it secure?

Yes. It’s a second factor authentication. Google knows if you are logged in using your phone, and this only works with phones that have either a passcode or fingerprint lock enabled.

I want it, how do I make it happen?

Simply follow the steps in the Google guide: Sign in with your phone instead of a password You will need to ensure you have the “Google Search” app installed, however most of you will already have that installed on your Android or iPhone.

Another simple guide from Google is here: New settings for 2-Step Verification

It is a secure two factor authentication process

Do it! Let us know how you go or if you have any questions.