We’ve been busy making a number of changes to the website which are mostly in the background. We’ve also updated a few articles.
We don’t propose to go into all changes but here are some key changes made:
- added two-factor authentication for login
- introduced an awesome new search facility
- significant back-end security measures introduced
- removal of google analytics
- updated the pre-action protocol template with a new PDF version of an updated standard financial statement
- updated the tenant fees ban article including a link to new government guidance
- updated Universal Credit article with new government guidance
Two Factor Authentication Now Available
It’s super important to be secure online. One of the most important things to do is have different passwords for every site you need to log in with. A password manager such as 1Password is one of the easiest ways to achieve this which we at the Guild use all the time (when I get a new phone or iPad, it’s the very first app to get installed).
A problem that can occur is that a website gets hacked and emails stolen. In some cases, passwords can be stolen too. Any stolen credentials might then be used to try and log in to some other site working on the principle that the username/email and password being used is the same (hence it’s essential to have different passwords for different websites).
To avoid websites being subject to people trying to access using stolen credentials (or just by people using an email and trying random passwords), some websites offer “two-factor authentication” sometimes shown as “2FA”. This adds a second layer of security to the username and password and further asks for a code. The code will be generated at the time of logging in and may only last around 20 or 30 seconds. Sometimes the code can be sent by a text message or perhaps to a mobile app. This significantly reduces the possibility for a hacker gaining access by your email and password because even if they had your stolen credentials, they wouldn’t have the random code which is reset every few seconds.
We are pleased to announce that Guild subscribers can now enable two-factor authentication via their membership page using the very simple to use Authy. Using this app has many advantages including multi-device support and if you use a website that uses Google Authenticator as their two-factor auth, you can use the Authy app instead – pretty cool huh?
First, you need to download the app to your phone, tablet, desktop computer, browser extension or even Apple Watch (it works great on Apple Watch by the way).
Next, register with the Authy app by simply entering your phone number and you will receive a text with a code to enter.
Once that’s done, go to the Guild membership page (make sure you’re logged in) and choose “Two-Factor authentication” under “Useful Links” as shown below.
Select the country code and enter your phone number and our site will be added to your Authy app.
Next time you log in, after entering your email and password, you’ll be asked for the Authy code. You should by now have automatically received a notification (this works on iOS and Mac but not tried on Windows or Android devices) and simply enter the code provided by Authy.
You will then be logged in as normal but now super securely in the knowledge that only you could have logged in!
New Search Facility
Searching the website has been on our to-do list for a while now. As the site becomes larger, search becomes slower and finding relevant results can be very difficult to achieve, especially for a site like ours where a number of simple terms used regularly can result in hundreds of results with no clarity (“section 21” or “tenancy agreement” for example).
Finally, after much trialling of various products, we think we’ve found one that suits.
The indexing is done off our servers as too is the searching itself which makes it blazingly fast. When we say fast, we mean really fast! For example, if we type in “download tenancy agreement”, it takes 4ms (four milliseconds) to find 95 results. But, crucially, the top hit goes to the Tenancy Builder which is what we want for this search term.
When performing a search, you can filter further so, for example, sticking with our example, you can select “products” on the right and that will only show hits from the forms section. You can also see hits from within the knowledge base (KB) for England, Wales or admin/support by selecting on the right.
The new search can be accessed via the magnifying glass on the menu at the top of every page (next to ask a question) where limited instant results are shown. To see more results, hit enter. You can also search directly from this page and a permanent link can be found under “find answers” on the main menu at the top of every page. Finally, it’s also available about halfway down the subscribers page.
There are few things to figure out yet as we’re still trialling including:
- searching for the questions and answers don’t work because that is forum software which produces its pages differently. As it’s secured, it’s difficult to find anything to search properly and the old search never found anything in that section anyway. However, you can still search directly within the Q & A section
- the wording on the right (posts, products, pages etc) need changing to reflect what they mean on our site.
Significant Back-End Security Measures
Hopefully, nobody noticed but over the weekend we did a big change to how website traffic is directed to our website. Now, when accessing our website, all traffic goes through a special firewall which will help prevent attacks.
As the website grows and membership is increasing at an excellent steady rate, we wanted to ensure we constantly do everything we can in respect of security so this is just another step. (To be fair, even before this we were very secure but we always like to empty the latest technologies).
In addition to the new firewall, we have also taken a bit of a risk and forced the entire website to use SSL (the HTTPS you see before the website address (URL) and gives the green padlock symbol).
Our site has always had SSL but it was only forced on certain pages such as payment, forms, contact pages and anywhere data could be entered. The website would generally use https everywhere but it’s possible that if someone was using an old link with only HTTP, the site would previously allow that whereas now it will be forced to use HTTPS.
This is a risk because although we’ve tested, it’s possible for really old posts to have links or images which are still going to non-SSL HTTP addresses which can produce an error in some browsers saying “this page is secure but there are links to external insecure content”. We will see how this goes and if anyone gets an error, please let us know with a link to the page. There are thousands of posts and pages but hopefully, we should find everything over time.
Getting Rid of Google Analytics
For most website owners, one of the first things they do is install Google Analytics and watch how many visits are hitting their website. To not have these analytics is alien to most!
However, in addition to being a bit obsessed about security, we are also a bit obsessed about privacy too.
We are using some new analytics via Matomo which is a paid for service and offers awesome privacy in respect of the data it collects. Soon, we will be implementing an opt-out option so if you don’t want us to see what pages you visit you can say so (not that we would ever know it’s you as all the data is totally anonymous).
It’s useful to have analytics because we can see which are the most popular pages and either improve them, make them even faster or create new content based upon what people want. But, this data needs to be private and what’s good about the new analytics is that the data is under our control, anonymous and totally private.
Update to the Pre-Action Protocol
Since 2017, there’s been a new pre-action protocol that must be used for any debt claim. In our article, we have a template which includes a standard financial statement as required by the protocol. However, this was just an image taken from the protocol itself and when printed wasn’t ideal.
With permission from the producers, we now have a newly updated PDF version (March 2019) which has been added to the page and should be used with the pre-action template.
Updated Tenant Fees Ban Article
MHCLG has just released guidance for the tenant fees ban which is scheduled to start from 1 June 2019.
We have updated our article with a link to this new guidance and also made a few little changes including clarification about using products like tenancy deposit replacement from 1 June.
Universal Credit Guidance for Landlords
The Department for Work and Pensions has published new guidance for landlords in respect of Universal Credit.
Our article covering direct payments to landlords under Universal Credit has been updated with a link to the new guidance.