Skip to main content show more with a service' recurrent incident

Have you been using, or watching, as your primary resource to monitor your digital service performance, if not unscheduled downtime, for a long time, and have been going back and forth for it? It's where some people like us, technology savvy and the curious we knew, go to quickly learn about some digital services, whether household or corporate resource are being affected, and the impact of others, associated or not, with those in the current incident, as they are listed, either in the mobile app or its website counterpart.  Did you know that there are few services that never gets to the list, too? We'll give them 5 star if we can. While the majority of those companies and brands in its categories including telecommunications, finance, internet, social media and gaming, shows up repeatedly. This is true regardless of where your country, which a present disruption and instability is happening, the moment you checked the status of a service,  and if trying to be

Secured credentials whatever business, technical and the notable internet-related activities are like

 We do different things and we do things very different from others.

Even if we are using the same technology, the way we run them and the policy that makes up with their operation are different and it should be. That makes us, different individuals and businesses unique. Right?

Before, we can afford to keep quiet while we stay offline working. We can even forget that online resource we'd brought online because it has nothing of value to our work or business. That's no longer the case now. With a lot of devices and sensors that can now link your space or activity to the internet, just don't and instead adapt and use the right solution and do it properly, this is usually fitting for enterprise environment.

In here is about what any entity can use and apply immediately. As in now, don't delay any longer.

If you are just starting to deploy an application, after having established access to the resource, make sure to go straight to application's or device's "system setting" or "security and privacy" setting and enable that security layer for your technology/digital resource and asset.

Security shouldn't be sacrificed just to maintain such niche in whatever we are working on.

We don't need to be a technology learned and practiced professional to apply, particularly, credential security with our online activities.

If you are still using password, you have to add another layer to it in order to make sure you are the only one who has access to such digital space, of your own or company's. There is a certainty with such an addition, and you can really call it your "own" by using any of the following

- Mobile SIM card number, receives one time password during registration of a new account, and this provisioning is easier to do than when your account had been created before OTP’s widespread use. Services or applications that adapted OTP had also made it easier for an OTP to be enabled by some while others have made it readily available, you have to manually configure it yourself.

- Authenticator, app needs to be installed to your mobile device. Code is generated and it works just like an OTP from SMS, it's just that it is generated in the app and time-based. It makes the code available in your mobile device, which is useful when your mobile internet signal or reception is not available or if you can't connect. Online or offline, code is generated and changed there in seconds.

- Notification, may also be used instead of the SMS or authenticator OTP alone. Although, a notification can be enabled via authenticator, it can also be made by the devices, computers and smartphones, where an account, like for instance, is being used to login somewhere else or on your devices where such notification is being made. They come in different format, one is to select the number being shown from where the login is being made to the authenticator app or device that you use to approve such authenticated login, and the other is you enter the character generated from the logging app or device to the text box that appears to your approving app or device.

- Hardware based key, stores your credentials including username, password and the cryptographic key that was generated while the account was being generated or transferred to it for authentication purposes. It is also called M|2FA the same as the above, and the how is what makes them differ, or USB token. Wherever and whenever you have to used your credentials, which are stored on your the hardware key you carry, and you have to keep it to yourself only, don’t share it to anyone, can be inserted to your computer's USB port and make the login and authentication process seamless, a lot simpler and faster. You may forget your username and password but your hardware key will not and you can use it the way it is without the need to remember your credential details. Such hardware key is based on FIDO standard, the most widely accepted framework, if not the only one, for such method.

- Passkey, is gaining popularity as people replace their mobile devices with new ones. When you created or logged in your account, like for instance either with your iOS or Android, and such an account is needed to be logged in to another device, you are usually given, and one of, the options, is passkey, along with authenticator, recovery and so on. Simply pick passkey and your device will show how you should respond to, or approved, such request from where the login is being made.

With notification and passkey, make sure it is you that is requesting for approval.

- Verified ID, is being made available for use with some authenticators (app) and devices. It will only going to increase their popularity, and adoption with other media, as it can make the easiest way to setup an account and also protect it. QR code may have been the number one consideration to authenticate, and which has already made people accustomed to its use.

Speaking of credentials, we know that using the same username and password time and again, to every resource we use has been strongly discouraged and we should listen, do our fair share to protect our account and by doing that we are doing so to our digital resource and assets a favor. Stakeholders if they know, that we easily adapt to new solutions, would feel a lot safer.

For a few unique online accounts created using different usernames and passwords and combinations of characters lengthy enough to get through security policy creation may still be manageable and be retained or memorized in the head. This is ideal for technology people. Regular accounts created and used by end-users may have been managed differently, with some writing it on paper and sticking it in monitor or at least to follow if not obscure security instructions will stick in under the keyboard or better put in card case or wallet. Not at all ideal no matter how we hide them not visible to our eyes.

What’s most ideal, which enable this particular effort in technology, lighten the responsibility while tighten the security further for everyone is to use a password manager. This has implementations in many apps including

- Internet browsers offering to save username and password every time they are used,

- Authenticator app, some here, has integration and they can save username and password, or even create them there and especially password and passphrase within it, and the possibility of combining characters in numbers, alphabetic and symbols with varied length to your own preference is also supported.

- Dedicated password managers have been around and there are plenty of applications that can be explored and used to manage dozens, or beyond the hundreds of usernames, passwords with respective URLs and notes. It has features for sharing these information within the team or organization. They have authenticator feature designed for such a purpose, just like how primarily designed/developed authenticators are when it comes to their own use or operation.

Internet-related activities is more than just making sure you've got a credential manager. It meant to facilitate business and technical efforts blurring the differences of the two, specialisms in business and technology, and the preferences of people across the enterprise regardless of their responsibility, in which case technology becomes the medium for business operation, and for stakeholders, to prosper and be dependable no matter the situation. 

The key to being productive with any of these credential security is to try, test different use cases based on your business requirement or how they should fit within your setting. Technology is about making them operate to enable, support or facilitate production which is a business prerogative, nothing else is clearer than that. Business leaders would like that more than any sophisticated technology you’ve got there if they don’t understand anything about how the business is getting the helped it needed, satisfactorily.


Popular posts from this blog

Philippine telcos blocking entire SMS text with internet addresses in it

If you are sending SMS texts to your friends, family or colleagues and they contain internet or web address including IP and email addresses, and even a period or dot separating, regardless of, your words and numbers, they are automatically blocked and not going to be received by your waiting recipient. Cooler heads must prevail here especially if an important message is urgently being expected. IP version 6 address is fine. However, an IPv4 including localhost address (given automatically to every computers and network interfaces as their own alone designed for troubleshooting purposes), and your money in the billion figure using dot as separators would be blocked.  If you send ", naman.naman etcetera" or any words that made you use dot in between them, as part of the text, they will be blocked. There are some, that isn't blocked in this category. Like check.iclassed, some.ent, whatever.local etcetera, that is because they do not form any domain name at all

How functional and secure AES is

How functional and secure AES is? The Philippine electorate will once again go to polls and decide who will lead the nation in the next six years of their lives. This important event which will elect new president, vice president and 12 senators for national posts, and seats are also being contested for provincial, city and municipal levels, is expected to be counted unofficially in 24 hours, concluded or canvassed officially in a few days or so but authorities and observers expected it to be done in less than a week. Last presidential election, it was known three days after close of election precincts. This is especially true for nation states, not only the Philippines, that conducts their elections using automated election or computerized-and-networked voting systems. In PH, the past automated elections were encumbered with technical issues and fraudulent results, uttered and written everywhere by many concerned and affected individuals and institutions alike. This time, we could say

Philippine cyber campaign

Are Philippine institutions being targeted or simply being probed? We don't know for certain. It could be either or both. Whichever comes first? What we can understand, with the success of such attacks, is that they have found their way. Really.   How hard or easy? The attacker knows, but probably, also, those being attacked. Inclination should be there no matter how sophisticated our security systems are. In cybersecurity, we do a very focused job. Making sure we disappoint whoever is trying to gain access to any resource without permission and authority regardless of the environment we are in. What happened is that every asset deemed to have every variant of resource built-in, operating, that makes up the entire system working whatever it is trying to employ, in that case the primary purpose. Meaning, we have to know if we are running our system in a manner that is really secure, provisioned properly during design stage and managed continuously afterwards, post-implementation. No