A few months back, I mentioned the book Nudge, which advocates for structuring the choices we give to people in a way that helps them make better decisions for themselves.
I’ve been leafing through the book a second time, thinking about how Web hosting providers, which serve as “choice architects” for website owners, could help nudge their customers in ways that would reduce the risk of their sites becoming compromised. Here are a few ideas I came up with:
- Offer a short security “class” online and reward customers that complete it (and perhaps pass a short test/quiz) with a free month of hosting.
- Allow certain features to be accessed, or certain apps to be installed, only if the customer opts into higher security (e.g., password-protected ssh keys instead of username/password, SFTP instead of FTP).
- Ensure that default installations of apps (e.g., WordPress or Joomla), and of course the default hosting environment, are secure out of the box. For example, make sure that directory permissions are locked down on WordPress installations, instead of assuming customers will do this themselves.
- Wherever customers are prompted to create a password, display a password strength indicator.
- Automatically notify customers via email and their dashboard/panel when applications have security-related updates available.
I’m sure there are many other opportunities to nudge hosting customers to safer choices. If you think of others, please post them in the comments!