Saturday, April 02, 2022

bon voyage: Web3 Generation Security...

Software developers must have a few thoughts in 2022 and beyond, about the design of public web sites or internal corporate systems.

Many of them are taught these software architectures over the course of a long career in information technology. Or a few hours watching YouTube.

When you setup your particular login account with an online site for the first time, do you ever ask yourself how they decided on this particular process step-by-step for your login credentials?

For example, is the sign-in page to your account requesting an E-mail address for your user name? Or your phone number?

Why?

OR is the sign-in page to your account requesting that you create a unique User Name that is “NOT” your E-Mail address?

Why?

In either case, most login info is validated, before you get to see the box to type in your password. Or Maybe not.

So what about the login page that has your E-mail Address and your Password fields both on the same page? One underneath the other.

You see, software developers have designed their site a particular way for a reason. Is it standardized rules in the company, city, state, or GDPR country?

Or is it something else. :)

Now, we all should have something called Multi-Factor Authentication (MFA) enabled ON for your login as well. If your site does not have it or does not require it, you have to ask yourself.

Why?

Perhaps some of you carry around a little device on your key ring (or not allowed) that has a PIN number to open it, then a little LCD window that shows a 6 or 7 digit number that is constantly changing. You know who you are. “I am not using an Authenticator that is on my phone, designed by the same people who created the web site.”

"And then there is this: You'll receive only one verification code each time you request two-step identity verification by text. See Privacy Policy and Mobile Terms and Conditions for more information. Message and data rates may apply."

Some of you have given up. Enough is enough.

Why not just let the computer USE MY FACE as a way to open up the use of this device or this web site? After all, my ears sticking out, are actually very unique and the FACE ID software will not ever be confused.

Are you winning or losing in Web3?

Godspeed!