Our title is itself a book's and the first sentence, see that after the comma, is in its front flap by journalist Scott Rosenberg. Let's take some more words from it and share here. Blogging brought the Web's native character into focus---convivial, expressive, democratic. Bloggers have become the curators of our collective experience, testing out their ideas in front of a crowd and linking people in ways that broadcasts can't match. Blogs have created a new kind of public sphere--one in which we can think out loud together. The preceding paragraph is all in the book flap, front and back. It is the simplest answer if somebody is asking what a blog is, then and now. Although we see that as the magnanimous purpose of a blog which is really enticing and challenging. It adds choices and rooms for both sources and audiences without the regular prescriptive cadence. What's common is the responsibility. Whether or not we do it via blog, print and online news, and whoever
Secured credentials whatever business, technical and the notable internet-related activities are like
We do different things and we do things very different from others.
Even if we are using the same technology, the way we run them and the policy that makes up with their operation are different and it should be. That makes us, different individuals and businesses unique. Right?
Before, we can afford to keep quiet while we stay offline working. We can even forget that online resource we'd brought online because it has nothing of value to our work or business. That's no longer the case now. With a lot of devices and sensors that can now link your space or activity to the internet, just don't and instead adapt and use the right solution and do it properly, this is usually fitting for enterprise environment.
In here is about what any entity can use and apply immediately. As in now, don't delay any longer.
If you are just starting to deploy an application, after having established access to the resource, make sure to go straight to application's or device's "system setting" or "security and privacy" setting and enable that security layer for your technology/digital resource and asset.
Security shouldn't be sacrificed just to maintain such niche in whatever we are working on.
We don't need to be a technology learned and practiced professional to apply, particularly, credential security with our online activities.
If you are still using password, you have to add another layer to it in order to make sure you are the only one who has access to such digital space, of your own or company's. There is a certainty with such an addition, and you can really call it your "own" by using any of the following
- Mobile SIM card number, receives one time password during registration of a new account, and this provisioning is easier to do than when your account had been created before OTP’s widespread use. Services or applications that adapted OTP had also made it easier for an OTP to be enabled by some while others have made it readily available, you have to manually configure it yourself.
- Authenticator, app needs to be installed to your mobile device. Code is generated and it works just like an OTP from SMS, it's just that it is generated in the app and time-based. It makes the code available in your mobile device, which is useful when your mobile internet signal or reception is not available or if you can't connect. Online or offline, code is generated and changed there in seconds.
- Notification, may also be used instead of the SMS or authenticator OTP alone. Although, a notification can be enabled via authenticator, it can also be made by the devices, computers and smartphones, where an account, like for instance, is being used to login somewhere else or on your devices where such notification is being made. They come in different format, one is to select the number being shown from where the login is being made to the authenticator app or device that you use to approve such authenticated login, and the other is you enter the character generated from the logging app or device to the text box that appears to your approving app or device.
- Hardware based key, stores your credentials including username, password and the cryptographic key that was generated while the account was being generated or transferred to it for authentication purposes. It is also called M|2FA the same as the above, and the how is what makes them differ, or USB token. Wherever and whenever you have to used your credentials, which are stored on your the hardware key you carry, and you have to keep it to yourself only, don’t share it to anyone, can be inserted to your computer's USB port and make the login and authentication process seamless, a lot simpler and faster. You may forget your username and password but your hardware key will not and you can use it the way it is without the need to remember your credential details. Such hardware key is based on FIDO standard, the most widely accepted framework, if not the only one, for such method.
- Passkey, is gaining popularity as people replace their mobile devices with new ones. When you created or logged in your account, like for instance either with your iOS or Android, and such an account is needed to be logged in to another device, you are usually given, and one of, the options, is passkey, along with authenticator, recovery and so on. Simply pick passkey and your device will show how you should respond to, or approved, such request from where the login is being made.
With notification and passkey, make sure it is you that is requesting for approval.
- Verified ID, is being made available for use with some authenticators (app) and devices. It will only going to increase their popularity, and adoption with other media, as it can make the easiest way to setup an account and also protect it. QR code may have been the number one consideration to authenticate, and which has already made people accustomed to its use.
Speaking of credentials, we know that using the same username and password time and again, to every resource we use has been strongly discouraged and we should listen, do our fair share to protect our account and by doing that we are doing so to our digital resource and assets a favor. Stakeholders if they know, that we easily adapt to new solutions, would feel a lot safer.
For a few unique online accounts created using different usernames and passwords and combinations of characters lengthy enough to get through security policy creation may still be manageable and be retained or memorized in the head. This is ideal for technology people. Regular accounts created and used by end-users may have been managed differently, with some writing it on paper and sticking it in monitor or at least to follow if not obscure security instructions will stick in under the keyboard or better put in card case or wallet. Not at all ideal no matter how we hide them not visible to our eyes.
What’s most ideal, which enable this particular effort in technology, lighten the responsibility while tighten the security further for everyone is to use a password manager. This has implementations in many apps including
- Internet browsers offering to save username and password every time they are used,
- Authenticator app, some here, has integration and they can save username and password, or even create them there and especially password and passphrase within it, and the possibility of combining characters in numbers, alphabetic and symbols with varied length to your own preference is also supported.
- Dedicated password managers have been around and there are plenty of applications that can be explored and used to manage dozens, or beyond the hundreds of usernames, passwords with respective URLs and notes. It has features for sharing these information within the team or organization. They have authenticator feature designed for such a purpose, just like how primarily designed/developed authenticators are when it comes to their own use or operation.
Internet-related activities is more than just making sure you've got a credential manager. It meant to facilitate business and technical efforts blurring the differences of the two, specialisms in business and technology, and the preferences of people across the enterprise regardless of their responsibility, in which case technology becomes the medium for business operation, and for stakeholders, to prosper and be dependable no matter the situation.
The key to being productive with any of these credential security is to try, test different use cases based on your business requirement or how they should fit within your setting. Technology is about making them operate to enable, support or facilitate production which is a business prerogative, nothing else is clearer than that. Business leaders would like that more than any sophisticated technology you’ve got there if they don’t understand anything about how the business is getting the helped it needed, satisfactorily.
Comments