For those that aren’t immersed in news about web startups and the world of social media, you might have missed the biggest story of recent weeks, the hacking of Twitter business documents by a Frenchman dubbed Hacker Croll.

By breaking into a personal email account of a Twitter employee, he was able to infiltrate most of the company’s highly confidential documents, email and other details held on their own servers and in Google’s ‘cloud-based’ applications.

He then passed over 300 of these documents to the world’s most widely read blog about web startups, TechCrunch.

For the geeks among you the fascinating details of the hack were revealed by TechCrunch yesterday.

Twitter security FAIL. But how robust are the passwords of your staff?

Lots has been made of the fact that Twitter’s security house of cards came tumbling down because like many a good web startup the company used cloud services.

Their documents, email etc were all held online on other people’s servers, like Google, rather than on their own hardware in a broom cupboard.

But the reality is it’s people that are the problem, not where your data is.

The key component of Hacker Croll’s successful break in was being able to guess the personal Gmail password of a Twitter employee.

Because, like the huge majority of people, this individual often used the same password for many accounts and also had the answers to additional security questions like ‘what’s the name of your pet’ inadvertantly spread around the web on social networks, the French hacker soon had his hands on Twitter’s crown jewels.

Secure passwords are at the heart of the problem. Most people simply don’t use them, because they can’t remember a four digit pin number let alone unique passwords for every application, computer or web service they’re signed up to.

This is a major problem. And it’s not just online security that suffers in this way.

I used to work at a FTSE 100 bank where everybody in the department had their computer password written down in the team personal assistant’s rolodex.

So how do you improve password security online and off for your business? Here are some tips:

1. establish a password policy for your business to which all staff are required to adhere;
2. encourage staff to use unique passwords for each computer or service they use;
3. make sure all passwords have eight or more characters;
4. do not allow passwords to contain real, comprehensible words otherwise guessing is about as hard as playing hangman;
5. suggest ways to make passwords, long, secure, but memorable: for example pick a favourite line from a song, poem or nursery rhyme and use the first letters of each word to form a password i.e. “You have brains in your head. You have feet in your shoes.” could be Yhbiyh!YHFIy5;
6. remember to mix upper and lowercase characters in the password together with special characters and numbers.  In the example above, the exclamation mark is used in place of a full stop (which you couldn’t use in a password anyway) and the last ‘S’ is turned into the number 5;
7. make sure answers to password hints are false i.e. if asked ‘what is the name of your pet’ make sure the answer is the name of a friend’s dog, not your cat;
8. if you really have to write down passwords, don’t store them on a computer, but write them on a piece of paper and put them in the company safe.

Just the above measures will dramatically improve your online and physical computing security, but it’s not an extensive list.

Let us know, if you have any password security tips we’ve missed.

I’m on a kind of forced holiday while my new home is being renovated. Being away from broadband much of the time has been interesting, to put it mildly. For donkey’s years, I’ve been one of those “always on” people. A large proportion of my conversation, research and business transactions have been conducted electronically rather than face-to-face.

Reflecting on those years, I’d say that the most sustainable relationships are those where periodic contact and bonding takes place face-to-face. To give an example, Marck is a programmer and he and I first met over 25 years ago. We met maybe four or five times over the next fifteen years but about ten years ago, we went into partnership to create some software. About six years ago, we started publishing the fruits of our labours. We are still working together although we have probably only met face to face about seven or eight times during that ten years and phone calls are exceedingly rare – usually of the “any idea why the server’s gone down?” variety. Most communication is by email or Skype instant messaging.

In a wired world where the talent we need, or can afford, is distributed widely, this is likely to be an increasingly common pattern. I have been working for the past year with someone in America. Same thing. Oliver and I met twice although he does occasionally call me for a chat using Skype. This relationship started online and developed over several months to the point where we wanted to do business together before we actually met.

Paradoxically, you can get a lot closer to people online than you can face-to-face. A woman in the Netherlands and I made contact through a mutual interest in the same (technical) subject. Before you knew it, our conversations extended into our respective private lives. We were able to discuss some important but very personal issues, topics that would never have surfaced in the same amount of face-to-face time. A true meeting of minds without the distractions of bodies and the surroundings. When we met face-to-face, several months later, we greeted each other like old friends. (Although she did later admit to her surprise at my height, or lack of it.)

A lot of business people believe that the internet, especially social stuff, is time-wasting. Others think that face-to-face is the only way to start a proper commercial relationship. I would argue that they are both wrong. The social stuff connects birds of a feather together and face-to-face can always follow an online encounter if it’s considered important enough.