Proper password management

This entry is part 1 of 3 in the series Security

This article was the subject of Fast Talking Podcast episode 163.

UPDATE April 2022: Since this article was published, LastPass has implemented changes and has new ownership. A few years ago, I switched to Bitwarden which offers essentially the same features while being, in my opinion, more trustworthy. If you’re still using LastPass, there’s no need to change — I continue to believe it’s still really good. But if you’re starting from scratch with a new password manager, I now strongly recommend Bitwarden.

Password management can be challenging. Proper password hygiene requires a different, secure password for each service. Let’s take a look at what these two requirements mean and why they’re important.

Secure passwords

A secure password is one with enough entropy and length to resist brute force attacks. Entropy, in this context, is the amount of randomness in the password. A password that comprises words in the dictionary has a very low entropy, while a password made up of random characters has a high degree of entropy. A brute force attack uses a powerful computer to try every possible combination of characters until one works. Modern offline brute force attacks can attempt billions or trillions of combinations per second.

Entropy is important because modern password cracking processes are smarter than just starting with A and then trying AB and then ABC. They use patterns derived from the millions of leaked passwords to determine commonalities likely found in your password, and they try those first before moving on to more random combinations.

Length is important because it’s how we can easily make the brute forcing process take much longer. Each character in the alphabet can be upper and lower case, which means every letter we add forces an additional 52 possibilities. Adding numbers and special characters to the password “alphabet” can increase the character depth to 92. There’s the great Password Haystacks tool at GRC to analyze password strength and length and tell you how long a brute force attack would take on the password you give it. Don’t worry – nothing is sent through the internet…it’s all done with your browser, which is important for reasons we’ll examine later in this post.

Different passwords

We’ve all heard of the myriad password leaks from major internet businesses in the last few years. These leaks seem to be increasing  – Yahoo is usually good for a new breach announcement every few months now. When passwords are leaked from one service, every user who used the same password on a different service is suddenly vulnerable. If every password you use is unique to each service, then a password breach only impacts your account at the service that was breached.

Rotating password

Why do some security experts recommend, or in some cases demand, that we change our passwords every so often? Because if our password is one that we’ve reused on multiple sites, then the longer we use it, the better the chances that it’ll have been involved in a breach of some service somewhere and our password will be floating around in one of the databases-for-sale available to the hacking community. A frequently refreshed password mitigates this danger. But, if we make sure that each website has a different and secure password, then there’s no need to ever change it.

Here’s a bad password.

Auction123

Here’s a good password.

VSSK}5kQeJu>F3*,IIK|CWzUa6<SkPQLbxJnc/k}XlS3,nDrI`{K!b<jyAp8|=5

It’s unrealistic to think any of us can remember a good password for the hundreds of sites that we use on a regular basis. We must use a password management system.

LastPass is the right password manager

While there are many services that compete for each class of service these days, in my experience there are some absolutely right answers. CrashPlan, for example, is the right answer for file backup. TrueCrypt was the right answer for encryption when I wrote about it in 2008, now it’s TrueCrypt’s offspring VeraCrypt. Doggcatcher is the right answer for podcasts. For password management, the right answer is LastPass.

LastPass is the Cadillac of password management systems. There are several out there — 1Password, KeePass, Dashlane — but in my research and experience, none offers the combination of security, simplicity and enormous feature set found in LastPass.

You name it, and LastPass does it. Browser extensions and an excellent mobile app mean you only have to log in to LastPass and LastPass logs you in everywhere else, automatically filling in your username and password across the web and in your local apps and even Wi-Fi networks. Passwords are only the beginning, as you can store notes, SSNs, QR codes, images and credit card information completely securely. Shopping becomes much easier when LastPass populates credit card information and addresses into web forms.

It features two-factor authentication, so you can enter a one-time-use code in addition to your LastPass password for that important second layer of security. The first time you log in to a site, it pops-up an option to automatically store that credential so you never have to worry about it again. When you’re creating accounts, it generates extremely secure passwords so you don’t have the stress of having to come up with something yourself. It can also audit your security, letting you know which sites have weak passwords and offering you the ability to easily change them. For most sites, it can actually change your passwords for you to something much more secure.

You can also share passwords securely with other LastPass users, which lets us share the ability to login with employees without giving those employees the actual passwords. If an employee leaves, we simply turn off the sharing of the login with that user instead of having to actually change passwords to the different sites the employee was using.

The best part about LastPass is that all your content — passwords, SSNs, notes and even images — is encrypted on your computer before it’s transmitted to the LastPass servers. LastPass never has access to the master password since it, too, is encrypted before it leaves your computer. Even if the LastPass servers are compromised, all a hacker would have access to is the encrypted data which, assuming the master password has enough entropy and length, is useless to anyone other than you.

LastPass has  a free tier, which lets you sync any of the same type of device. If you set up your account on a desktop, you can sync with any other computer for free. If you create your account on a phone, you can sync to other mobile devices for free. To sync your phone and computer, you need to upgrade to LastPass Premium, which, at $1 per month, would be a steal at 10 times the price.

If you don’t have a password system in place, get LastPass today. If you currently use one of the other password management systems, take a hard look at LastPass and see if it might make your life even easier. If you look at LastPass and think one of the other solutions works better, I’d love to know why and how — let me know in the comments.

Posted in Security, Apps, services | Tagged , , , |

The LG V20 is Verizon’s best phone of 2016

The LG V10, released in late 2015, was a monster of a phone. It was a big device with dual cameras and screens on the front and geared for content creators. I’ve been eagerly awaiting its successor, the V20, to see how it improved on the V10. My friends at Verizon recently let me use one for a few weeks, and I was able to confirm what I suspected. My LG V20 review found it to be my favorite phone of 2016.

LG V20 hardware

LG V20 and box

The V20 is one of the largest phones available. At 5.7″, it’s the largest phone currently available from Verizon, along with the V10 and Stylo 2 V which also have 5.7″ displays. The V20’s screen is a beautiful IPS display, which I prefer to the AMOLED panels offered by other manufacturers.

The 4 GB of memory and Snapdragon 820 processor mean that the phone is among the fastest ever released. Currently, only the Google Pixel has a better processor, and I personally didn’t notice a difference in performance using them side by side.

In addition to the large primary screen, there’s a second screen that sits just above the main display. This always-on screen can be configured to show time and notifications, media controls, recent apps, quick contacts, app shortcuts or upcoming plans.

Volume rocker on left, headphone jack and USB Type-C port on bottom

The headphone jack, USB Type-C port and speaker are all on the bottom of the phone. Unfortunately, in a departure from last year’s designs of the G4 and V10, LG has moved the volume buttons to the left side of the phone. The power button with a fast and accurate fingerprint sensor is still conveniently on the back, but I found the volume buttons to be inconvenient to use when holding the phone with my right hand.

One of my favorite features of the LG V20 is the removable back that exposes a removable battery and the SD card slot. The phone comes with 64 GB of internal storage, which should be enough for most people. Support for an SD card means there’s not really a way to run out of space.

My favorite part of the V20 is removable battery and SD card slot

The sound quality of the V20 is stunning. Playback is enhanced with what LG calls the Hi-Fi Quad DAC, or digital audio converter, that provides amazing sound quality for wired connections. While I nearly always use Bluetooth, I did enjoy comparing the sound quality of the V20 to the Nexus 6 with a set of Sony MDR-7506 headphones. The V20 was not only louder, but it was cleaner and clearer with improved frequency response all over the spectrum.

In addition to the best audio playback I’ve ever heard from a phone, the V20 boasts improved recording abilities. It ships with the HD Audio Recorder app which is the best audio recording app I’ve ever seen. It can record to 24-bit FLAC at 96 kHz, and allows the user to adjust gain, add a low cut filter and control the limiter.

Software

The phone comes with LG UX 5.0+, which displays all apps on the home screens by default. A tweak to the settings will restore the app drawer to restore sanity, but it’s best to install a third-party launcher like Action Launcher 3 or the Google Now Launcher. The LG default keyboard works, but isn’t as clean as the Google Keyboard.

Always-on second screen

The best use for the second screen is for notifications. Normally, notifications on Android pop up and interfere with whatever app is in use at the time. The V20’s second screen shows these notifications, leaving the primary screen dedicated to the app that’s in use at the time.

Another nice software feature is the ability to scale the content of the screen. The beautiful 2560 x 1440 Quad HD screen can be set to show a lot of small content or a lesser amount of larger content. The default setting didn’t show enough content on the screen for my taste, and I was thankful it was easy to change to take advantage of the large, high resolution screen.

Battery and power management

Back of LG V20 features power button with fingerprint reader

The V20 is one of the only recently released phones that has a removable battery. I was slightly disappointed by the battery life on the V20. I reviewed the V20 immediately after testing the Pixel XL, which I found to have phenomenal battery life considering the size of battery it had. The V20 is okay, and certainly as good as any other Verizon phones released in 2016 with the exception of the Pixel XL, but I wasn’t able to get anywhere near a full day out of it, even when at my desk. It supports Quick Charge, so recharging it with a cable during the day didn’t take too long, but it’s still not as convenient as only having to charge a phone at night.

Disappointingly, unlike the G4 and V10, the V20 doesn’t support wireless charging with the addition of a special back cover. However, it appears ZeroLemon will be selling a battery upgrade for the V20, replacing the 3,200 mAh battery with a 10,000 mAh brick. A battery this big would mean I would only have to plug the V20 in at night, eliminating the need to recharge it to get through the day.

Camera

Saving the best for last, the V20’s cornerstone feature is the camera configuration. The back features a 16 MP camera with laser autofocus and optical image stabilization that I found to be just as good as the camera on the Pixel XL. It also has a wide-angle lens on the back, which is amazingly convenient. This was the deal-making feature on the LG G5 that caused me to immediately order one for my wife, and it’s one of several features that will cause me to pick the V20 over the Pixel XL for my next phone.

Not content with the winning camera configuration on the back, LG also uses a wide-angle camera on the front to make it easier to capture selfies of multiple people or capture more of the background environment. They’ve simply done everything right when it comes to cameras on the V20.

As you can see in the example below, the V20 easily bests the LG Stylo 2 V and the Motorola Nexus 6.

Compared to Google’s Pixel XL, the V20’s camera runs neck and neck, in my opinion.

While the video stabilization isn’t as freakishly good as that which is found on the Pixel XL, it’s still really, really good. Here’s a 4K video I took of a tractor for an auction. Make sure to bump the quality to 4K to see the high quality of the video camera on the V20.

Summary

The LG V20 ticks all the boxes. It’s like a Swiss Army knife – they threw in nearly every feature that I want in a phone.

  • Large 5.7″ IPS screen
  • Removable battery
  • Excellent primary camera
  • Additional wide-angle camera on back
  • Wide-angle front-facing camera
  • Large 64 GB built-in storage
  • SD card for external storage
  • Quick Charge 3.0
  • Power button on the back
  • Headphone jack on the bottom

The even threw in a couple of features I didn’t know that I wanted in a phone, but now that I’ve seen them, I love them.

  • Second screen
  • Hi-Fi Quad DAC audio system

There are a few features missing, though.

  • Wireless charging not supported
  • Volume buttons are on the left side
  • Google Assistant not yet available on phones other than Pixel

I’m really going to miss this phone when I mail it back to Verizon. It’s the best all-around phone I’ve ever used. If you’re a fan of large phones and want the best specs and most features anyone has ever crammed into a smart phone, the LG V20 is the perfect device.

The LG V20 is currently available for $672 from Verizon.

LG V20 picture gallery

As always, here is a selection of example pictures I took over the last couple of weeks while carrying the V20 as my primary phone.

Posted in hardware, Android, reviews | Tagged , , , , |

When “sold” doesn’t mean sold

The Uniform Commercial Code, or UCC, is a law that’s common across the country which, among many other things, contains clauses that govern how auctions are to be conducted. I’m a UCC purist, believing that a strict interpretation is the best way to run an auction, even if the common practices in some areas of the country differ from those prescribed by that law.

I’ve recently accepted that there are practicing auction law attorneys who make compelling cases that it’s actually legal to override the UCC with an auction’s terms and conditions, and that it’s okay to do so. However, even if it’s legal and common to override the default, why on Earth would you want to? I’m no legal expert, but I intend to show from a customer experience perspective that it’s better for the bidders, the auctioneer and the seller if “sold” means sold.

The UCC provides a default standard of practice that involves an offer and an acceptance method of establishing the sales price and buyer for an item at auction. The strict interpretation, of which I’m quite fond, is that the auctioneer is the only person with the authority to accept an offer made by a bidder. Once no other offers are tendered, the auctioneer sells the item to the bidder he recognized as making the last, highest offer.

When an auctioneer says sold, the contract is formed between the bidder in the auctioneer’s mind and the seller. In the event that another bidder believed he or she had made a valid offer, the UCC’s default position is that only the bidder in the auctioneer’s mind is the buyer and that the second bidder has no claim of ownership.

This situation can seem unfair to the second bidder. Because of this specious unfairness, some auctioneers add terms to the auction that allow them to “reopen” the bidding to give the “missed” bidder an opportunity to advance the sales price to become the buyer. This practice of overriding the default way an auction should work creates problems for the bidders, the auctioneer and the seller and, in my opinion, should be avoided.

Bidders

Bidders should expect auctions from different auctioneers to work similarly. The UCC establishes that default expectation. When an auctioneer overrides that default, he’s creating a set of “house rules” that may be confusing to bidders. Now, I accept that common practice for an area of the country might be the same set of house rules and that bidders from the area may all be accustomed to that same set of changes imposed by most of the local auctioneers, but we can’t expect all bidders who may not be familiar with the changes to hunt for them in the terms and conditions.

Most of the examples given for reopening bidding involve being fair to the missed bidder, but they ignore that the bid caller has said “sold” and established a buyer. That buyer believes he or she is the owner of the item and then is told that when the bid caller said “sold” he didn’t really mean it. The terms and conditions said he could offer the item again to someone else. Even if the missed bidder elects not to advance the bid, the buyer will likely, or at least should, still feel wronged and lose some respect for what should be the absolute authority of the bid caller.

Auctioneer

An auctioneer should strive to create an environment where bidders know who is currently winning and at what price, and that if they aren’t sure that they’re winning or not, that they won’t accidentally advance their own bids if they bid again to be sure. If the auctioneer finds himself in a situation where the bid caller and a ringman have indicated to separate bidders that each is the currently winning bidder, then that auction crew has failed spectacularly.

It’s no secret that I’m not fond of ringmen, but my personal feelings notwithstanding, a ringman’s job is very important — to relay bids to the bid caller, not accept them on behalf of him (I understand there may be a state-specific exemption to this job description). If the ringman has given indication to anyone that the winning bidder is someone other than the bidder the auctioneer has recognized at that increment, that ringman has not only performed his job incorrectly, he’s created an opportunity for disaster. Should the bid caller declare the item sold, then at least one bidder will feel wronged by the auction crew, regardless of how the situation is handled.

The bid caller is not without fault in the situation. Any time ringmen are involved in an auction, the bid caller has a responsibility to the bidders and the ringmen to make very clear before selling each item who the currently winning bidder is. I’ve attended too many auctions in my 15 years in the industry where bid callers are either lazy, apathetic or lack the skill to specify in the chant where the winning bidder is before declaring a buyer.

27365319If the bid caller failed to make clear who the winning bidder was before saying “sold”, he then has to choose between being loyal to the the bidder he declared to be the buyer and a bidder who mistakenly believed he or she was the currently winning bidder. I think it’s best for bidders as a whole to trust that the bid caller will be loyal to the buyer with whom he’s already created the contract. I think it’s much easier to explain to a missed bidder than an item can’t be unsold than to tell the buyer that the word “sold” doesn’t mean what he thinks it means.

Seller

An auctioneer has a fiduciary obligation to the seller. This set of responsibilities often requires the auctioneer to obtain the highest price for each item sold. It’s this flag that most proponents of reopening bidding wave when defending the practice of modifying the common auction rules set forth by the UCC in order to allow them to unsell an item long enough to see if another bidder will advance the bidding. Indeed, it seems to make sense — our job as auctioneers is to take as many bids as we can, so why wouldn’t we want to establish every set of house rules possible that allows us to take more bids?

In Auction Podcast episode 13 I discussed the appearance of dual agency regarding absentee bids, where I made the case that, on the aggregate, sellers benefited most and would realize higher overall proceeds when an auction created an environment of trust among the bidders — that we work best for our client only when we treat our customers fairly. If bidders believe their bids will be handled fairly, they’ll bid more and higher. The flip side of that axiom is that if bidders don’t have trust in an auctioneer, they’ll be less excited to participate to the fullest extent.

By creating an environment wherein a bid caller saying “sold” doesn’t actually and absolutely create a buyer, the bidders’ faith in the process will likely be diminished. The auction process is a simple one. The more complex we make it, the more difficult it is for our customers to understand and participate. By adding house rules that increase complexity above and beyond what’s established by the UCC, we’re creating opportunities to depress bidder participation and, thus, not being true to the duties we owe our sellers.

Summary

I’m not a legal expert, and I hope I didn’t get too far into the law here. There are heated discussions on the book of faces that are picking the legal arguments apart on both sides, but I posit that it’s not really a question of law but of how we treat our customers. I have spent countless hours thinking about and writing about the customer experience at auctions. Whenever I think about the issue of reopening the bidding, it’s clear to me that doing so ends up having a negative impact on the experience for bidders, the auctioneer and the seller.

 

Posted in bid calling, theory | Tagged , , , |

Pixel XL on Verizon is Google’s first phone

Several auctioneer friends have been anxiously awaiting my reviews of the Pixel XL and the LG V20. Since both devices are excellent choices for auctioneers, I’m posting them to AuctioneerTech, starting today with the Pixel XL. Check back in a couple weeks for the review of the LG V20. Visit aarontraffas.com for reviews of other devices.

The Google Pixel XL

Since the day it was announced, I’ve been anxious to get my hands on a Google Pixel XL. Google makes Android, which has historically run only on hardware designed by third party manufacturers. The Google Nexus line has been sold by Google, but it was still hardware designed by other companies. With the Pixel, Google designed both the hardware and the software to work together. I love a pure Android experience, and the combination of unadulterated Android on premium hardware from Google sounded like the perfect combination. My friends at Verizon let me spend the last month with a Pixel XL, the larger version of the two Pixel models, and I’ve been really impressed with the quality and the experience.

Hardware

img_8895The phone comes in 32GB or 128GB capacities and is available in colors called Very Silver, Quite Black and Really Blue. My review unit was Very Silver.

The build quality of the Pixel XL is superlative. The metal back and sides yield a solid feel in the hand, and the phone is devoid of branding or logos, save for a tasteful G on the back. There’s a layer of smooth paint surrounding the fingerprint reader on the back, which is an interesting embellishment to an otherwise silver back. The power button and volume rocker are on the right side, the headphone jack is on the top and the USB Type-C port is on the bottom between the stereo speakers.

img_8898The Pixel XL has a 5.5″ AMOLED screen, which I think is a great size for most people who like larger phones. The Pixel XL is too thin and smooth for me to use comfortably without a case, and I’m not big on putting my phone in my pocket, so I grabbed a Youmaker belt clip holster case that made the Pixel XL really easy to use and keep with me on the farm and around the house.

The phone unfortunately lacks an SD card slot, and 32GB is getting to be too small, especially for lots of photos and podcasts, so the 128GB is definitely the version of the Pixel to get.

Software

img_8894The Pixel brings a very clean implementation of the latest version of Android, but also includes features not found yet on other phones running Google’s software. Google Assistant is a new voice only interface to Google’s services that’s only currently available on the Pixel, Google Home and within Google’s new messaging app, Allo. While there’s speculation that Assistant may be available on other devices in the future, right now it’s a very compelling reason to get a Pixel.

Moves is a section in settings that allows me to enable the triggering of events based on physical actions. For example, swiping down on the fingerprint reader can display the notification shade. Double pressing the power button can launch the camera. It seems to be an area that Google will continue to update, as news broke last night that some users are seeing two new moves added with a recent update, including my beloved double-tap to wake. The new moves aren’t yet on my Pixel XL, but I can only assume they’ll be coming with the next software update.

The new Night Light setting will reduce the amount of blue light during night hours, and the times can be configured manually or synchronized with sunset. It allegedly makes it easier to sleep, though I find the red screen sometimes difficult to use.

I did find one noticeable software problem that seems to be unique to Google’s pure versions of Android. On both my Nexus 6 and the Pixel, I can find no way to disable the hotspot timeout. I rely heavily on my phone’s hotspot for my tablets and laptops, and it’s really frustrating to have to re-enable the hotspot every time it decides to turn itself off. Other phones have a setting to adjust the timeout or turn it off, but not the Pixel. I hope this oversight is fixed in future updates.

Camera

Camera ranking company DxOMark gave the 12.3MP camera on the Pixel the highest score of any phone on the market. It really is quite good, but instead of providing a bunch of manual controls like other phones, the Pixel wants to make taking pictures easy. The interface is simple and uncluttered, and aside from settings for HDR, white balance and flash, there’s not much the I had to worry about when taking some of the fastest and most reliably good pictures from any phone on I’ve seen. Here’s a comparison between the Pixel XL, left, and the LG V20, right.

The video from the camera is even more impressive. Videos shot with the Pixel XL can be automatically stabilized. The video below is unedited, and the picture is so stable it looks like it was shot with a drone or a steadycam.

Also worth noting is that Google Photos offers unlimited backup for Pixel photos at the original image quality. Because it’s keeping the original images, a setting called Smart Storage can be configured to automatically remove older pictures and videos from the phone, while keeping them safely in the cloud.

Battery and power management

2016-10-31-00-25-21

The battery curve is really good

The Pixel XL is the first phone I’ve tested that has a battery that I believe might get me through most of the day. I’m notoriously hard on batteries, especially when I’m on the farm on the fringes of mobile data coverage. Most phones, including recent releases like the Galaxy S7 and LG G5, leave me looking for a charger in the midafternoon. One day I cut milo starting at 11 a.m. with spotty coverage on only a part of the field, and the Pixel was still alive, though barely, at 6 p.m.

It’s my understanding that the Pixel’s battery longevity is due to software optimizations. I still wish it had a replaceable battery and wireless charging, but it does support USB Power Delivery, which means it can simultaneously use data and charge quickly over the USB Type-C connection. While USB Power Delivery is the best standard for future fast charging, it only charges at regular speed with the myriad Quick Charge chargers that litter my house and vehicles.

Reception

img_8896I don’t have a way to objectively test phone reception, but ever since the Galaxy Note 3 taught me how different phones can perform on the same network, I’ve always tried to pay attention to cellular performance. I used LTE Discovery to compare the signal strength of the Pixel XL with the Nexus 6 while riding in a car on a road with poor coverage. I’ve always considered the Nexus 6 to have excellent reception, but the Pixel XL always showed an equal or stronger signal than the Nexus 6.

Summary

As I put the Pixel XL back in the mail to Verizon today, I’m going to miss the speed and drop-dead simplicity of the camera. I’ll miss the full resolution backups offered by Google Photos and the Google Assistant. If I were to improve on the Pixel, I’d add a removable battery, wireless charging and an SD card slot.

The Pixel is Google’s first attempt at making a smartphone from start to finish, and it delivered a premium phone with excellent software and a great camera.

Google Pixel XL camera demonstration

As always, here’s a selection of unedited pictures I took while reviewing the Pixel XL.

Posted in Android, reviews, gadgets | Tagged , , , , |

The state auctioneers association website solution

I’m in my eighth year writing for AuctioneerTech. Over that time, I’ve proclaimed a correct solution for many things – the best Android podcast app, the best note taking and document management system, the perfect backup solution, the best network storage solution, the correct professional email signature, the best way to brand your company on the Internet and even the best way to roll cables. I’ve even written a series about writing an RFP for building a new, accessible website for an auction firm – even though it was eight years ago, most of it still holds up today.

Today, I’m going to address websites for state auctioneer associations. Auction Zip has historically hosted many – if not the majority of – state websites. However, as Auction Zip becomes more difficult to work with, many associations are left wondering how to transition to a new website that provides membership listings and auction calendaring functions without paying a firm to develop one from scratch.

front.jp

The KAA website

I have extensive experience with association websites, having served on the NAA’s Technology Committee years ago when we designed the last auction calendar. I’ve also served on the Kansas Auctioneers Association’s Technology Committee since 2010 when we built our own website and have managed it since. I believe our current solution in Kansas is the right answer for most, if not all, state associations.

I know there are vendors in the auction industry who either specialize in or offer this service free to associations. I applaud them for providing this service, because while it’s valuable to the associations who haven’t had many other options until now, it must be a huge headache that’s both thankless and unprofitable. However, there’s no reason now that an association can’t own its web presence.

Let’s first look at the requirements. While these will vary from state to state, I think it’s safe to say that most would like to have a web presence that fits the following criteria.

  • Modern, responsive layout that looks good on any device
  • Auction calendar that displays member auctions
  • Member list that shows a profile or at least contact information for each member
  • Listing of upcoming association events
  • News and event recaps
  • Payment mechanism for dues and event registration
  • Complete control of content by the association without relying on a third party

While these criteria make the project seem challenging, there are modular solutions that, when tied together, make for a simple, elegant solution.

WordPress
In order to solve the last, most important bullet in the list above, we’ll start with a content management system. Using a CMS ensures that anyone in the association has the ability to add or change the content on the website. We’ll select WordPress, since WordPress is as easy as it gets – if a board member or executive director can check email and use Microsoft Word, he’s got enough skills to handle WordPress. While stats vary, WordPress runs more than 25% of all websites on the Internet, and has greater than 50% market share among those websites that use a known CMS. If it’s good enough for Disney, CNN, TechCrunch, Vogue – you get the picture…it’s good enough for an association website.

I’m not advocating that the association set it up. It’s good to have a vendor on your side who can deal with installation and configuration. Finding a local firm will ensure that you have face-to-face support when you need it, and should help keep costs down and your money local compared to national design companies. All said and done, you should be able to find someone who can help you select a modern theme and get it up and running for fewer than a couple hundred dollars. Maintenance costs and domain registration should be under $50 per year.

Now that we have a good looking theme running on WordPress, we’ve satisfied most of the requirements listed above. We have a place where anyone in our association with permission can post pictures, news and events that looks great on all devices.

kaa-j

Membership listings with Siteshot

Connections
Because WordPress is open source and runs so many of the world’s websites, there are a ton of plugins available that are either free or inexpensive. Membership management is crucial to an association website that has the goal of facing the public. There are several plugins available that serve this function, but the KAA selected Connections Pro. It lets us house our membership database on our website, so that anyone on our membership committee can see who is and who isn’t a member without having to contact our executive director. It does a great job displaying profiles for each member, and my favorite feature is Siteshot, which shows a thumbnail image of the members’ websites next to their profiles.

Auction Guy
While there are exceptions, most auctioneer associations want to provide a calendar to the membership where members can post auction listings. This requirement is what has historically limited the ability of an association to build a website itself. Developing an auction calendar isn’t easy or cheap, so they were limited to vendors such as Auction Zip and Auction Services. While those providers can serve the need, Global Auction Guide Media Group has released a WordPress plugin for its free auction calendar, Auction Guy.

calendar

Auction calendar plugin

Auction Guy is the largest calendar of auctions in North America that I’ve seen. Using the WordPress plugin allows an association to have its members’ auctions show on the association’s website without having to handle the headache of auction calendar management. The association simply tells Auction Guy which auctioneers are members and gives the members the link to add the auctions. Auction Guy has the vast majority of auctions already in its database, so it’s rare that a member will ever even have to manually add auctions.

I know there are other auction calendaring plugins, and I have experience with all that I’m aware of. Some are difficult or confusing to use. Some don’t allow formatting or restrict the ability to list complete descriptions and pictures of each item with direct links back to the members’ websites. Some actually charge the auctioneers, which should be an immediate red flag for an association. Auction Guy is the best looking, most customizable and easiest-to-use WordPress calendaring plugin – and did I mention it’s free to the association and the members?

Flint

UPDATE: Shortly after I published this article, Flint went out of business. We’re currently using Paypal for website payments and our existing credit card vendor for everything else. If you know of a good solution, let me know in the comments.

I’m a member of several associations, and dealing with the hassle of paper registration forms for conventions and dues renewal is a headache, not to mention the stress involved in writing a credit card number on a PDF that I’m getting ready to email. An association needs a payment processing solution that can handle traditional in-person physical credit card payments as well as website integration that doesn’t involve PCI compliance or handling secure transactions on the association’s website. There are myriad Internet payment options, but we’ve recently begun to implement Flint at the KAA. It doesn’t require any physical hardware – simply use the camera on your phone to take pictures of the credit card and it processes the transaction. It’s cheaper than TSYS, easier than Stripe and will integrate with our website and with QuickBooks. We’ll be implementing it in Kansas in the next few weeks.

Summary
State auctioneer associations should own and operate their websites. Turning that responsibility over in its entirety to a third party introduces friction for the board of directors and the membership. Building a site from scratch is cost prohibitive and unnecessary. The right answer is using WordPress and a few third-party products to provide complete functionality for the public and benefits to the membership.

Posted in design, websites, featured | Tagged , , , , , , , , , , |