The work list is the main page used for managing the domain and its sites. It is the first page seen after login.
Any articles currently being edited will be displayed in this section.
|1||Date||Date the article was created, or started being updated|
|2||Article||Article identifier as a jump to its Article head page|
|3||Phase||Current phase of the editing lifecycle as a jump to the article's History page|
|4||Locale||Locale currently being edited, else blank|
|5||User||Identifier of the user performing the current phase, else Manager|
|6||Due||Time until due, as a jump to the article's Article body page to show the latest version. If overdue,  will bracket the value. If currently with the Manager, the field will be blank|
When a version is released, all phase information involved in getting there is deleted.
Managers and guests see a list of all in-progress articles, while a writer is only shown the articles that have been assigned to them.
This section covers the jumps to the pages for all the content of a Smallsite Design site.
|1||Subsites||Expanding list of jumps to the pages for the clicked element. The complete list is only available for managers and guests, while writers only have jumps to what they are allowed to edit|
|2||Files||Expanding list of jumps to the lists of all files for the clicked purpose. Only available for managers or guests|
|3||Banners Rights …||Direct jumps to the pages of the same name. Only available for managers or guests|
This section covers jumps to the administrative pages of Smallsite Design, along with a password change facility.
|1||Users …||Direct jumps to the pages of the same name. Writers will only see Users|
|2||Log out||Only shown for the master manager. Immediately log out, but without the normal 20 minute timeout that would prevent another manager from immediately taking over as master manager|
|3||Password||Expand to change password. Not shown for guests|
|1||Prompt||Word or phrase to remind the user of their password|
|2||Password||Long password. When the initial vetting pass is successful, including against the public leaked password list if required, four more password fields will be displayed for the user to repeat the password in all so it is familiar|
Some explanations of how passwords are handled in Smallsite Design.
Passwords are awkward, especially long ones, so Smallsite Design uses a novel method of helping to remember them.
The idea behind this password regime is that because people like to have a memorable password, but have difficulty remembering a complex one that would be more secure and unguessable, a simple prompt, perhaps the name of a place visited, should be enough to remember a couple of facts about the place, but which nobody else knows about. The prompt can be displayed in public, and no one will have a clue to the password.
The facts can be anything, like the shape of a stain on a wall or something else noticed and remembered, but not worthy of telling anybody else about. String a couple of those together to get enough characters for a password .
For example, a trip to Manila and remembering being on the balcony of a 19th floor apartment, looking out over the sea, may give a prompt of Manila and a password of balcony19overthesea. A postcard of Manila, but for somewhere else but the sea, stuck to the computer, or as a background picture for a phone, may be all that is required to be the prompt.
Sometimes a long password may be awkward to type in for the first time, so after the initial vetting of the password, typing it in four more times gives a chance to get more familiar with the typing rhythm. If it is still too awkward to type in, such as might happen if one word ends with the first character of the next word, think of another password phrase.
There are over half a billion leaked passwords publicly available as a result of hackers.
Checking of passwords against this password database can be enabled in the Password checking section of the Settings.
If enabled, password checking is done at login, at least 24 hours apart, or when creating a new password. If the check fails at login, a warning notice will be displayed at the top of the page, leaving it to the user to decide when to change their password. If the test fails when creating a password, an error message is displayed and another password will have to be provided.
Smallsite Design uses a fairly simple means of providing 2-factor login, without requiring hardware or intrusive apps.
If 2-factor login is enabled on the Settings page, upon login, an email with a special link is sent to the user. Once the link is clicked on, the Work list page is shown, after which the page opened by the link can be closed. This process relies for its security upon the email address not being accessible by anyone untrustworthy of having access to the site.
2-factor login is more secure because it is supposedly two unrelated (known as out-of-band) means of communicating mandatory information required to log in. Many businesses send an SMS to a phone with a code, but because phones have been hijacked by what is know as SIM-jacking, an alternative to SMS is being sought. Note that an email-to-SMS gateway, a separate third-party paid service, can be used to send a link to a phone, but these are unlikely to be used by many individuals or micro-businesses.
Some companies require an authentication app running on a phone. Google has made this compulsory for all their services, but the way they have done it seems more to gather real-world identity data than protecting their users. All phones have a unique identifier, which Google Android apps have access to and tag all communication to their servers with. This ensures they have a real-world identifier that goes everywhere the phone's owner goes, and is associated by Google with all activity on the phone.
If at this point, you are thinking of ditching Android, Apple does their complete user tracking using a separate inter-phone 900MHz mesh communication channel, like Amazon's Sidewalk using the Echo and Ring devices, that is relaying all user activity, and that of all Apple devices within a 300 metre radius, back to Apple, and which, unlike Sidewalk, a user cannot turn off, nor can they select what information to block or delete. It is these egregious privacy intrusions that Smallsite Design is avoiding.