Financial advisory firm, Deloitte, recently published an article detailing the ever expanding need for two-factor authentication. They predict that, “a number of technology and telecommunication companies will likely implement some form of multifactor authentication with their services, software and/or devices in 2013.” I see this less as a prediction and more of an advanced report of the facts, since we had the same notion back in 2010 when we announced two-factor authentication for Blesta.

Deloitte’s predictions go even further, stating that passwords that were previously considered secure (8-characters of mixed case, numbers, letters, and symbols) are now vulnerable to hackers, primarily due to password reuse and the use of graphics cards (GPUs) to perform dictionary attacks. Personally, I’ve never found those types of passwords to be very secure. After all, we know that password security is derived from entropy (randomness) and entropy increases with length. So rather than trying to remember 8 to 10 character passwords with letters, numbers, and symbols that have no meaning, why not simply use a long natural password? Bonus points if your language of choice is not typical of the application’s audience. Extra bonus points if it’s a dead/non-existent language. Anata no o pasuwado wa nan desu ka?

Comic by xkcd / CC BY 2.5

Of course, what’s more secure than a secure password? How about a password that changes every time you use it? “How could I possibly keep track of that,” you might ask? That’s where two-factor authentication takes over.

Time-Based One-Time Passwords (TOTP) are generated using an algorithm that produces a pseudo-random value based on any given moment in time (remember, randomness = good). The benefit of using two-factor authentication is that you need not put all your trust into the security of your password. Random token generators (or apps for your smart phone) can produce a one-time password that’s used in combination with your standard password, and as the name suggests are used only once. That means that even an attacker that knows your password and knows the token you just used to login to your account still can’t use the information to login as you.

Quick links are basically bookmarks. In the grand scheme of things, they may not be the most powerful of features, but don’t write them off so easily. Quick links are simple, unobtrusive, and very useful for getting back to where you need to be.

If there’s a client you frequently access, or a package, setting, or email template you aren’t quite happy with, just quick link it! Quick links appear on the dashboard and are staff member unique.. that means you are the only one that will see your quick links.

Add and remove quick links with a simple click directly from the page you’re on. Get back to where you need to be quickly and easily. Just another way you can customize your dashboard.

The video is below, as usual you can make the video full screen and be sure to turn on your sound.

We like to do everything in house, and we work best together as a team. From idea, to design, to implementation we’re all involved to one degree or another in every part of development. Granted, we each have our strong points, but the unique ideas of every member of our team can be found in every stage of development.

I was feeling a little nostalgic and thought I’d share a bit of the evolution of the v3 design. The video below shows how the design for v3 came along, from the first hour as a static image in Photoshop to how it looks and works today.

It’s incredibly satisfying to create.. and to see something static come alive.

The video is below, as usual you can make the video full screen. (No sound this time)

It’s incredible how quickly this year has gone by. It’s been productive, but I’m looking forward to what 2013 has in store. I think it’s going to be an amazing year for Blesta!

The v3 alpha is in its third release and is going great, the feedback we’re getting from developers is incredibly valuable and reassuring. We’re working towards the beta release now, resolving issues, and finishing up some critical features while pushing out regular alpha updates.

This week I wanted to show you custom client fields. Not an incredibly exciting feature, but it’s a really useful one.

1. Custom Client Fields are Client Group specific, create different fields for different groups.
2. Field labels can be language defines, so that they are available in many languages.
3. Text box, check box, drop down, and text area fields are supported.
4. Fields can be hidden from clients, or displayed as read-only to clients.
5. Fields can be required, and custom regular expressions can be used for validation.
6. Fields can optionally be encrypted in the database with 256-bit AES cipher.
7. And of course, custom client fields can be created and fetched through the API.

The video is below, as usual you can make the video full screen, and be sure to turn on your sound!

Whoa, it has been a busy week! If you didn’t hear, we released v3 alpha on Wednesday, which is a huge milestone. We’re excited and gearing up for the next phase, which I think will be a lot of fun.

Part of prepping for the alpha was building an installer and handling licensing. We opted to do a CLI installer for now, but you’ll have the option of installing via CLI or your browser at release. Once installed, the rest is handled in the browser — entering your license key and creating your first staff member.

The video is below, as usual you can make the video full screen, and be sure to turn on your sound!