Mosh Pit

A Very Useful Article About Online Passwords

A Very Useful Article About Online Passwords

Is there anything more likely to make a non-techie yawn than a lecture about passwords? “Make them hard!” “Don’t put them on sticky notes!” “Change your passwords like you change your underwear!” So much lecturing when people just want to get into their online accounts! Well, guess what, my friends. That advice is actually pretty outdated. Let’s talk about real-world, up-to-date dos and dont’s for passwords!

Passwords: So Last Decade

Quite a bit of the old advice out there is either based on old technical limitations or a lack of understanding about how people actually think. For example, requiring frequent password changes—this is NOT necessary.

Passwords Are Not Underwear

According to the National Institute of Standards and Technology (NIST)—the US government department that provides some of the most well-recognized, current advice on digital identity—websites that require users to reset their passwords every few weeks or months are just causing people to use (and reuse) easily cracked passwords. Should users change their passwords after a breach? Yes, definitely. Should they change their passwords every month? No. The way NIST puts it, “Users tend to choose weaker memorized secrets when they know that they will have to change them in the near future.” So, yeah, requiring frequent changes does not have the effect people think it should.

Hard for a Computer, Not for a Human

Did you ever see someone stuck with a password like “$*&fas09iur3jfsk#” that they created because of requirements to use letters, numbers, and certain other characters? Yes, that’s a fine password if a site allows for it, but you know what else really works? “My cowlick speaks batteries.” Or “My cat paw no tail!” Those are passphrases, and a nice long passphrase is actually better for most people than a random character generator. (The smart folks at NIST said that, too.) Just make sure the passphrase isn’t actually a grammatical sentence and you’re golden.

Reality of Recording

It’s been a long-standing tradition to mock people who write their passwords on sticky notes and put them on their computers. But that said, if I had to choose between a person who is more comfortable with writing their passwords in a little black book they keep in a drawer at home near their computer or someone that uses a single password for all their accounts because technology is hard, then by all means! Bring out the book! This really boils down to a question of what risk are you trying to manage—someone physically breaking into your house and stealing your passwords, or someone hacking accounts online. 

The Brave New Password World

If frequent password changes, gobbley-gook passwords, and physically recording passwords somewhere is the old guidance, is there anything new? Why yes, yes there is! Well, relatively new. Let’s start with my personal favorite, multifactor authentication.

Multifactor or Second Factor Authentication (MFA or 2FA)

If a website or service is doing The Right Thing, then just asking you for your password isn’t going to be enough to get you in. It should also ask you for another piece of information, either a one-time code it sends you, a scan of your fingerprint, or even a code from an authenticator app like Google Authenticator or Authy. This is called either second-factor authentication or multifactor authentication (2FA is a subset of MFA; there are Super Top Secret Secure sites out there that will require a third or even fourth factor. Multiple factors are a thing.)  

There’s a really good reason for requiring at least one additional factor.

Let’s say that your username and password were hacked. If the hacker has that, and MFA wasn’t enabled, then they can just waltz in and do whatever they want. If it’s your banking password, then there goes your money as they transfer it away. If it’s your language learning app, there goes your progress as they delete your account. And so on.

But if MFA has been enabled, then even with the password, the hacker is kinda stuck. There is a short-lived piece of information they don’t have, and that’s a way harder nut to crack. Can it be done? Yes, there are techniques that will help a hacker work around MFA security. But that has to be very targeted to an individual; wide-scale account compromises become way harder.

Screening Your Own Passwords

The moment has come. It’s time to set a password. For some reason, you aren’t using a passphrase (probably because outdated sites are limiting the number of characters you can use for your password. Bad site! Bad! No biscuit!) You might want to just do a quick check that you aren’t using one of the really super common passwords out there. 

Wait, you’re not a hacker! How are you supposed to know what other people’s passwords are? As it turns out, lots of people tend to use the same passwords. There are websites dedicated to sharing the top 10, 20, or even top 100 common passwords out there on the Internet. Even baby hackers can pick up that list and have a decent chance at hacking into a bunch of accounts. It won’t take but a moment for you to do a quick scan of those lists to see if the password you set your heart on (don’t say ‘qwerty,’ don’t say ‘qwerty’) is on the short list of common passwords out there.

Password Managers

Password managers are MY FAVORITE THING, at least when it comes to basic Internet security hygiene. This is the electronic version of the Little Black Password Book mentioned earlier. Even with the use of passphrases and MFA, it’s still a really good idea to use different passwords for different sites. The thing is, that really adds up! One study out there says that the average person these days has around 100 passwords to worry about. That’s just too many to remember.

Some mobile devices have a built-in password manager. Some web browsers do, too. The trick is to find a password manager that actually lets you work across platforms and devices. Probably the top-rated one out there right now is LastPass (which has both a free and a premium version), and 1Password (which is entirely subscription-based, and is rated pretty highly, too). 

One bonus to a good password manager is that they’ll actually do the password screening described earlier for you.

The Future of Passwords

If you talk to people who actually work in the digital identity and cybersecurity space, they will tell you how much they want passwords to just not be a ‘thing’ anymore. The good news is that there is a LOT of work underway to make that dream a reality. One particular effort coming out of the FIDO Alliance really looks brilliant. In that brave new world, a user can unlock the security by “swiping a finger, entering a PIN, speaking into a microphone, inserting a second–factor device or pressing a button.”

Technology is constantly evolving. The guidance you may have learned when you first started surfing the web is probably out of date. For that matter, the guidance you learn today might eventually become obsolete thanks to efforts like FIDO making passwords entirely a thing of the past. Keep your eyes open!

Posted by heather in Data Security, Mosh Pit, 0 comments
A Call Made Round the World…And More On Internet Resiliency

A Call Made Round the World…And More On Internet Resiliency

If you look at a map of the world, you see lines around cities, states, and countries that mark the boundaries of those regions. Those lines seem so tidy when looking at a map of the world. Of course, that assumes you’re looking at a well-surveyed area with a stable political infrastructure. 

The Internet is nowhere near that tidy; its boundaries are not well defined. Maps of the Internet don’t look like anything in the physical world. There’s an interesting map based on all known websites and where their domains are registered as of  2011 called The Internet map. There’s a super-fun map called The Map of the Internet that maps out the World Wide Web and gives you a sense of scale. Heck, you can go to Vox and look at “40 maps that explain the Internet,” but none of those map out the Internet itself. When it comes right down to it, there is no single authoritative map of the Internet.

Why is it this way, and why does it matter? Read on!

Why the Internet is Resilient

Did you know the Internet started as a US military defense project? Think about the mindset that would result in: any military would want a computer system to stand up to anything and everything. It would need to be resilient if some pieces went offline. It would need to allow lots of different types of computers to talk to each other any time, day or night. Think of those requirements as the DNA of the Internet. Technical implementations build from there.

But wait, if the Internet started as a military project, how did the rest of us get to use it??? That kind of exchange, from government to private sector and back, is pretty common. That’s a post for another time.

Back to the Internet. The way things work, it’s a lot like a postal letter. Someone writes a letter and it includes the address of where it’s trying to go. And at every step, the delivery system asks, “what’s the best next step from here?” These systems are always chatting with each other, sharing the best path to get from anywhere to everywhere. If one path goes down because a computer broke, that’s ok, because the systems will tell each other a new way to get there. And that happens fast. And it is one part of what makes the Internet so resilient. There is always a path forward.

A while back, I videoconferenced with my mother in Chicago from a hotel in Taipei. I opened an app, clicked on her face, let it ring a few times, and voilá, there she was. WOW, seriously, how cool is it that within a second, the computer I was on in Taipei figured out how to get to my mom’s computer in Chicago? We were nearly 7500 miles apart. I was on a hotel network in Taiwan. She was on a mobile network in Chicago. I opened my app, which itself has the addresses of the computer used by that video service. The network I was on said, ‘ahHA! You’re trying to get way over there! Let’s start routing you through lots of different countries, under the ocean, or maybe into space via satellite.’ 

It is possible for a local region or country to cut itself off from the rest of the Internet, but to do it, it has to get into that delivery system and take its information out of the network. Then any system trying to get there from here won’t know how to do that anymore. (It’s obviously a bit more complicated than that, especially when you throw satellites into the mix, but you get the idea.)

Controlling (Mis)Information

The Internet is resilient, which means it can route information around many different kinds of interruptions like broken computers or weird human error. Yay! That means that cat videos can be available day and night! Well, true, but not everyone is a fan of this level of resiliency, and there are reasons for that. 

The thing about technology is that technology itself is neutral. It’s like a bunch of bricks—you can build houses or you can vandalize windows. It’s not the brick that’s an issue, it’s how the brick is used. But if you’re in a situation where people are using bricks to break things, then you almost certainly want to do something to prevent that. One of those preventative measures is likely to be controlling access to the bricks. Same goes for technology like the Internet—if you use it to harm, someone is going to want to prevent that by controlling what gets posted.

Now more than ever, we are seeing people and their governments demand ways to prevent the spread of information they don’t like on the Internet. From addressing “fake news” that attempts to skew democratic elections to reactions to cyberwarfare, controlling information is considered by many to be necessary for a safe society.

Some governments go so far as to demand restrictions between the Internet within their country and everyone else. This has been top of the news when it comes to Russia, but Russia is just the latest example. China has its Great Firewall, which had its start in 1997. Several other countries in Asia and Africa censor the Internet to various extents. In the US, free speech laws prevent much government censorship, which has many people turning to the social media platforms themselves and demanding action, either to restrict content or to stop restricting content, depending on their point of view.

Why Does This Matter?

Identity Flash Mob is a passion project led by two women who want people to have a better understanding of how the Internet works and why it really matters to know more about it. So, if you take away anything from this article, it should be two things:

  1. The Internet is incredibly resilient, but it’s not invincible. While individuals will always be able to build connectivity to the Internet (if they have the technical know-how and access to satellite networks) that’s not the case for most everyone. Governments may well be able to control big chunks of it, and through that, they control the information people have access to.

Which leads to the second thing:

  1. Not everyone sees the same thing on the Internet. What seems obvious to you based on what you’re reading in the news or social media might not be obvious to others who are not seeing the same thing. 

The resiliency of the Internet that lets me call my mom from halfway around the world is an incredible thing. Hopefully, we’ll still keep in mind all the good things that resilience as a foundational principle allows us in today’s online society.

Posted by heather in Data Security, Mosh Pit, 0 comments
Playing the “Yet Another Vulnerability” Game

Playing the “Yet Another Vulnerability” Game

Last month, technology news was all about Apple’s “OMG Patch Right Now Or Hacker’s Can Mess With Your Stuff!” (You saw the news about that, right? Like our short and sweet Twitter thread, or one of the longer articles about it.) Anyway, right before Apple’s moment, it was all about some new issues with infec

One day, technology news is all about Apple’s “OMG Patch Right Now Or Hacker’s Can Mess With Your Stuff!” Another day, it’s more “Chrome Zero-Day Vulnerability! ACK!” Or even “Cyberwar is going to impact us all!” 

Who else is exhausted?

It just gets too hard to be worried about All. The. Things. All. The. Time. Computers are just going to break again tomorrow, right? Yes, but let’s make it fun and do something about it! Even if it’s just a chore like … grocery shopping. Besides, in life, there’s always SOMETHING, right?

Verse 1: Managing Your Devices is like Grocery Shopping

If you want to eat, you have to do your chores. For most of us, that means going to the grocery store. Every week. It’s just one of those things you have to do as an adult. And as the world goes increasingly digital, managing your devices—keeping them patched, upgrading so you keep getting those security patches, and making sure access to your devices is controlled—is necessary. 

So let’s talk about how to make it easy! With grocery shopping, it’s all about the list. With device management, ok, it’s a little bit more complicated. (What did you expect? 😉) But we’re on top of this with you! Identity Flash Mob has the choreography to teach you what steps to follow. 

Verse 2: There are Tricks To Doing It Well

What you can do in five minutes: 

  • Unless you have a REALLY GOOD reason not to (like, your employer controls what you can do with your device) then do a quick web search on how to make sure that your apps and your operating systems update automatically. (Like this page for Apple devices, or this one for Android, or this one for Microsoft.)
  • For bonus points, go ahead and do a quick manual check before you go to bed so you know if you need to leave your device on a charger so it can update while you sleep.

What you can do in thirty minutes:

  • Not only do your apps and operating systems need to be secured; you also need to make sure your passwords are secure. We have lots of guidance coming up in one of our Patreon pages, but here’s a sneak preview: go to your phone’s password management settings and see if it gives you any warnings about your passwords. If it does, you have your next item to check off your list: change that password.

What you can do to feed your inner geek:

  • Install anti-virus software. Which is considered best practice by all, but it is also kind of tricky to do, and it doesn’t prevent every security vulnerability from impacting your digital world. But! If nothing else, it can let you know if something is changing on your device that you didn’t expect, and you’ll probably get newsletters that tell you when something crazy is going on in the digital world that you need to worry about. 

Verse 3: Play to Win the Vulnerability Game

Avocados have a season. So does security support. It would be too easy to say “All devices end security support after this very specific number of years” because of course different vendors have different schedules. You can, however, be on top of this by preparing to replace your device every few years and upgrading your systems as needed. If your device is so old it can no longer accept a new operating system update, that’s what’s known as a Subtle Clue (kind of like how dropping an anvil on your foot is a Little Painful) that you waited too long. 

Coda (wrap up)

There will be another important vulnerability announced next week. And the week after. And the week after that, too. I don’t know what they will be, but they will absolutely happen. And just like how you have to get food in your house, you get to be in control of making sure you have secure devices in your house. Don’t be afraid to learn a little more and DO a little more to secure your digital world. Your online shopping, gaming, and socializing will thank you for it later.

If you got through this blog post and are STILL scratching your head, we’d love to hear from you. Feel free to leave a comment below or send us a message right here on LinkedIn! We’re committed to empowering EVERYBODY to understand how to navigate this digital world of ours. 

(Originally published in October 2021; updated for April 2022)

Photo by Matthew Henry on Unsplash

Posted by heather in Mosh Pit, 0 comments

When I’m Not Me

Photo of blocks that say "this is who I am"

Okay, so, this morning over my morning coffee I was trying to send a photo from my phone to my computer via text message. I’m not sure why Android and iOS can’t speak directly to each other, but that’s a question for another day. Looking at my contact information it got me contemplating the following question… Why is my contact entry for me  in my phone’s contact app showing up as “Laura (My Daughter)”?

I mean, I certainly am Laura, but I’m not “my daughter” last I checked. Fortunately, this mystery wasn’t hard to figure out. I recently started managing some of my mother’s digital accounts, including her email. And with the email, came the list of her contacts. As a result, I’ve been using my phone for (yet) another persona. In addition to the Me-as-Me personas, I now also had the Me-as-the-Manager-of-My-Mom’s-Accounts persona.

Now, I know how tricky this can be, so I had meticulously kept these personas separate using all of the techniques available to me. BUT, I secured an adorable new phone, and WHAM! all of that hard work went down the drain. My new phone may be cute, but it ain’t too smart when it comes to personas. So, it “helpfully” put all of the contacts together from the six email accounts that I manage, including those from work and my mother’s. AND, since my mother’s account was the last one to join the fray, I guess it decided that because it was the most recent one added, it should be added to my contact list, AND must be the one that was most up to date. Wrong and wrong.

We all have different personas

Maybe you’re not managing a parent’s email, but I’m willing to bet that you are still managing multiple digital personas. (And, if you’re not, you may consider doing so by the time you finish reading this series of posts!) Your personas may include:

  • You as a student where you learned cool things (and maybe did things that only students can get away with!)
  • You as an employee at a place where your values didn’t align with those of the organization
  • You as  an employee at a place where you loved your work and the people you worked with
  • You as volunteer at an organization that will save the world
  • And, you as a friend… sibling… family member…

Don’t get me wrong – these are all YOU! But, the personas exist in parallel universes. (No, I’m not talking about #spiderverse!) You talk about different things when you’re assuming each persona – you may behave differently, wear different clothes, and maybe even speak a different language. Keeping these personas separate in real life is pretty straightforward (unless you’re starring in a romantic comedy), but once you put them into the digital world, there needs to be structures and policies to help you keep these personas separate.

Congratulations, you’ve now entered the realm of digital identity.

Hardware separation

Maybe you work for a company that provides a computer or phone to you, and instructs you to use it only for work purposes. They may further warn you that your activity when using these devices (hardware) can and will be subject to monitoring. This is a not-too-uncommon way for companies to provide clarity for the claim they hold on the personas you assume while working for the organization. If owned by a larger organization, devices like these will contain tools and policy enforcers that are both designed to ensure that the company information housed on the device is secure, and also to ensure that anyone using the device is doing so in a way that is consistent with the company’s policies.

In general, this is a good thing. The company is taking the responsibility and initiative to ensure that company information is safe, secure, and accessible… for and by the company. But, what happens when you use your company computer to book your next doctor’s appointment? Or the cutie at the coffee shop that you just met sends you a text on your work cell phone? (After all, that’s the one you check first during the day!) In these cases, you may have switched to thinking of yourself in a non-work persona, but the device hardware is unlikely to be switching persona contexts with you; rather your computer and cell phone are firmly in your you-at-work persona. This can lead to some awkward side effects. Who wants their boss asking them what Dr. None of Your Business’s website has to do with the upcoming project report!? Even Hillary uses two separate phones now.

Oh look. You’re back in the realm of digital identity

Software separation

The same goes for software. Software separation of personas will allow you to be all the versions of you in one glorious device… Well, sort of. There is the tedious process of switching between them. If you have more than one Instagram, Twitter, or any other type of account as I do, I’m sure you have had at least one near-miss (or total fail) by posting content from the wrong account. (please say that I’m not the only one!)

Even if you are an expert account switcher, there are other things to contemplate. While you may be working hard to keep your personas separate, other players may have great interest in trying to stitch the many facets of you back together again. For example, you may use Facebook mainly to keep in touch with a group you hung out with in college, Instagram to share photos with family, and WhatsApp to chat with close friends. It feels like you’re keeping things separate. But consider that all three of these tools are owned by the same company and that this said company may use data from your interactions to build a non-persona delineated view of you. Armed with this information, things that you shared with your more trusted audiences might be leveraged to influence your behavior when you’re assuming a persona where you might be more cautious. Developing ways to enforce true separation here is something that digital identity professionals think about every day.

Geez… does this realm of digital identity ever end?!

Finale

Ugh – the digital world makes me have to be so SPECIFIC ABOUT EVERYTHING! It’s not possible to put on a hat and some sunglasses to become anonymous citizen #1. And, even when you want to be known, keeping your personas separate is a grand task that can’t be overstated. Keep an eye out for other posts and an Identity Flash Mob event as we dig into these challenges and how you stay on top of them.

Photo by Felicia Buitenwerf on Unsplash; Derivative by Laura Paglione

Posted by Laura Paglione in Personas, Mosh Pit, 0 comments
The Metaverse: A Parallel Dimension

The Metaverse: A Parallel Dimension

A few weeks ago, my mother, a lovely woman who really loves cruise ships and social media, called and asked: “So, what is this metaverse thing?” 

Is there a single media site that isn’t talking about the wonder, glory, and confusion that is the metaverse? Companies like Meta (aka, Facebook) are putting BILLIONS of dollars into their interpretation of it. Alphabet (parent company of Google) is, too. Across the board, there’s a lot of money floating into an idea that hasn’t truly been defined yet.

The best definition I have for you? 

The metaverse is almost like a parallel dimension—it blurs the lines between the physical world that you and I know and the virtual world…like artificial reality and cryptocurrency. 

Ultimately, the idea of the metaverse isn’t about a NEW technology or platform, though that might end up being part of it. It’s about how people interact with the digital world we already know.

The idea of blurring the boundaries between the virtual and the physical isn’t new. Second Life is a multimedia platform that has lived this idea since well before “metaverse” was used as a word outside of science fiction (it was first mentioned in the sci-fi novel Snow Crash in the early 90s!). The problem Second Life had when it started back in 2003, though, was that the technology wasn’t available to support the vision. 

But, that was nearly 20 years ago. Twenty years ago, when Apple was just launching the iTunes store. Google hadn’t started trading on the stock market (that didn’t happen until 2004). Facebook wasn’t even a thing. AND, most critically for this conversation, the fastest broadband Internet speeds in 2003 were around 500 kilobits per second (kbs) for downloads, as compared to 1000 megabits per second (Mbps) today. (Just to throw in some math, 1 megabit equals 1000 kilobits. So, yeah, Internet speeds are sooooooooo much faster today!)

For people who have access to the Internet today (and remember, a third of the world does not fall in that category), this metaverse thing has a lot of potential. Some of that potential is fantastic: experience new cultures, see the world from new perspectives, try on jeans at home without having to wait for them to physically arrive, yay! 

The metaverse is almost like a parallel dimension—it blurs the lines between the physical world that you and I know and the virtual world…like artificial reality and cryptocurrency. 

But what about the fact that there will be greater difficulty in protecting personal privacy and more opportunities for cyberbullying, adding to the digital divide? Either way, the potential for both good and bad is there, and all it needs is people to take the idea and run with it, defining the details as they go.

If I were Queen of the Universe (which I’m not, but I’ve got my tiara ready), the big companies that are trying to win the race to BE the source of the metaverse would focus instead on HOW to make their metaverse ‘neighborhood’ interact with other metaverse hosts. Which may sound simple, but if you’ve ever played a computer game with online stores, imagine trying to use Game A’s credits in Game B’s store. At least today, that’s just not going to work. Could it in the future? Sure. It happened with the Internet. Email flows whether you’re using Outlook or Gmail or AOL. Websites can be viewed from completely unrelated browsers; with some exceptions, you can surf the web whether you’re using Safari, Chrome, Firefox, Brave, Opera. So, can new protocols be developed that would allow metaverse functionality to work across platforms? Absolutely. We’re just not there yet. 

So, what is the metaverse? It’s an idea, currently being explored by lots of different people and organizations, to blend the digital world with the physical world. The idea as it stands today is pretty far ahead of what’s currently possible. We’re a lot closer, though, than we were twenty years ago.

Photo by julien Tromeur on Unsplash

Posted by heather in Web3, Mosh Pit, 0 comments
Web3 – It’s About Disruption

Web3 – It’s About Disruption

To understand Web 3, it helps if you’ve read Malcolm Gladwell’s The Tipping Point: How Little Things Can Make A Big Difference. Not because that book has anything to do with the web, but more because it gets into market disruption and why it happens. In a nutshell, innovation gets things started, then adoption happens … and happens … and happens … until it is just a BFD and there isn’t room to innovate anymore, and so people decide “I can do this simpler/better/faster!”  They abandon the big, stable thing in order to get back to innovation. And then the innovation is successful, and adoption happens … and happens … You get the idea. 

Web 3 is like that. It’s a reaction to the fact that Web 2.0 is this thing driven by a few successful, ginormous platforms, leaving little room for out-of-the-box innovation. The market is pretty darn stable compared to where it was even a decade ago. And there are people out there who desperately want to innovate. It’s cool and fun, after all. And maybe, if they innovate well enough, their ideas will grow and grow and grow, and they will be wildly successful and everyone will throw money at them. 

There’s nothing wrong with a desire to innovate and to break a market apart to support new ideas and technologies. The main challenge with understanding Web 3, though, is that the marketing of what it means to be Web 3 doesn’t match the reality of what people want or can be expected to do. So let’s take a step back and look at what the web was initially, what it is today, and what Web 3 promoters say it’s going to be.

In the beginning, there were a few computers networked together, starting the Internet. It looked a lot like this:

(Source: nasa.gov)

Just a couple of computers, connected to a couple of other computers, mostly with black screens and green text. The thing that became the Internet (the Arpanet) started in 1969, and it looked a lot like that for a while. When the World Wide Web kicked off in 1993, it was based on that model where people were in charge of their own computers and everyone was able to share content everywhere. This is called a “decentralized” environment. No one in charge, cats and dogs living together, it was glorious anarchy. OK, maybe not anarchy. But there really wasn’t anyone particularly “in charge” leaving a greenfield ready and waiting for innovative ideas to happen. 

Here’s the thing, though. My mom does not want to do all the stuff on a computer that’s needed for it to share content like that. She’s not going to run server software (and make sure it’s patched). She’s not going to set up a dashboard so she can clearly see and manage who has been allowed the different bits of information about her.  But that’s ok! Innovation happens, and suddenly there are companies willing to make it easy. To do the value-add of hosting a computer for you. Heck, they’ll do EVERYTHING for you, so all you have to do is throw money at them, upload your cat photos, and you’re good to go! There used to be a lot of those companies, but a few became really, really successful. And a trend towards fewer, bigger companies is centralization and that’s at the heart of Web 2.0.

So if a decentralized model was Web 1, and centralized was Web 2, then what’s left for Web 3? Well, here’s where it gets a little complicated. 

The promise of Web 3 as made by the people motivated to make it a thing is the promise of decentralization. It’s power to the people! Innovation in everything from finance to personal records to digital identity! People will be able to take control of their own online experiences in ways that haven’t been done before thanks to new technologies like blockchains. Think of it as a reaction against “you’re not the consumer, you’re the product” as companies sell information about you to other companies, leaving you with advertisements and them with money. If you have ultimate control over your own information, then the world can only be a safer, more personally profitable place.

Doesn’t that sound lovely?

Now step back from the lovely picture and think for a minute about what that actually requires. Let’s start with the “you control all the information about you” (like your name, your phone number, your email address, your age, your location, your preference for cats instead of dogs, your sexual orientation, your political orientation, and so on and so on and so on) and therefore who gets to see it. That means you need to keep on top of that information, sometimes making sure it’s verified by a third-party (e.g., a government agency). You need to respond to every request for that information by companies that are offering you stuff. You not only have power, you have _responsibility_.

Let’s be honest, that gets really tedious. It gets worse if part of the power means running stuff on your own computer, which, back in Web 1, used to be pretty easy. It’s not like computers went anywhere. They were these big things that plugged into the wall 24/7. Now, ‘running stuff on your computer’ could mean your phone, or your tablet, or your laptop, or your desktop, or even your watch. 

And here’s where innovation tends to strike. There are people out there who, for a small (or medium, or large) fee, would be more than happy to make this easier for you. To build a platform that would take care of lots of the details for you so you could get back to your cat photos. At first, there will be lots of little platforms, all trying to differentiate themselves with various value-add features to the underlying technology to improve their own adoption. And adoption will happen … and happen … and happen… until the most adopted wins, innovation is stifled, and how on earth did we get back to this part of the cycle again? What you’ll have is some strange combination of centralized platforms supporting decentralized technologies, combining the best and worst of Web 1 and Web 2.

Since we’re at that point in the cycle where we have really big, successful players AND a really solid attempt at disruption by lots of innovative little players, this is a space that’s filled more with hype and ideals than solid services and market definition. It’s different from the same point in the cycle that was the difference between Web 1 and Web 2 because there are so many more people online today and computers are capable of so much more. People like my mom have expectations about what her user experience is going to be like online, and not a whole lot of patience with technical details. There are people who are ‘born digital’ that are more comfortable with technology and yet have an expectation that much of the hard work of offering online services will just be … taken care of. So, yeah. It’s not the same world as the first major shift in the nature of the web. It’s a world where literally everything is promised, and anything can happen, but the thoughtful human will take a moment and really think about the implications of the hype before they dive in.

If you’d like to dive a little deeper into thoughts on Web3, you might find Fabio Manganiello’s blog post “Web 3.0 and the undeliverable promise of decentralization” and Moxie Rosenfeld’s (more commonly known as Moxie Marlinspike) “My first impressions of web3” interesting, though a bit more technical. 

Posted by heather in Web3, Mosh Pit, 0 comments
Wait, You Mean Digital Identity is an Entire Industry?

Wait, You Mean Digital Identity is an Entire Industry?

So there I am, enjoying my first neighborhood barbeque in YEARS, chatting with one of my neighbors about what it is I do.

Me: “I work with people and organizations developing standards for how to use digital identity.”

Them: “I have no idea what that means.”

Me: …

Hmmm. Now if that wasn’t a trigger to try and educate this poor soul who was just trying to enjoy a veggie burger and a beer, I don’t know what is! Because digital identity is an AWESOME field. Seriously, an understanding of digital identity opens doors to careers in… just about everything: gaming, education, health care, government, commerce, enterprise, research… The list goes on forever.

But I totally get why they answered that way. 

Digital identity may be part of everything online, but so are a lot of other technical bits and pieces that make the Internet function. After all, there are only so many hours in the day to learn ALL. THE. THINGS. Still, digital identity has the unique characteristic of being about YOU. So not only is this a career field with limitless possibilities for you, it’s also important for you to know what happens with data about you when surfing the web.

So, let’s take a quick look at a few ways that digital identity impacts different industry sectors, and most importantly, how digital identity impacts you. 

Digital Identity and… Research

The expansion of the universe aside—even though that’s still hotly debated by scientists—there is no such thing as limitless growth. Whether you’re considering the question of how to continue to sustain life on Earth, how to sustain the needs of a business, or how to sustain your own lifestyle, you have to understand what types of resources you have and what resources you’re spending. And that understanding requires data. Lots and lots of data.

Here’s the thing about data, though. Who should have access to it? At a personal level, you probably don’t want everyone to have access to your financial information and budget, but you probably do want people to know what pronouns you prefer. You don’t want *everyone* to have access everything, but you do want *some people* to have access to some things. And you need to be able to specify who gets access to what.

Congratulations, you’ve now entered the realm of digital identity

Digital Identity and… Education

OK, so let’s switch over to education. The educational sector is about students, faculty, and staff. It’s about parents, school boards, and support groups. It’s about teaching and learning specific things, but it’s also about students needing access to online learning materials. Even if your school doesn’t support remote learning, though, you may still need access to online books and journals that your school has paid for you to have access to.

Or, let’s get fancy again! Maybe you need to switch schools, or you’ve applied to college. You and your current school need to transfer your transcripts digitally. That means there needs to be systems that identify who is a student at a given school. They need to also identify who is a teacher. Perhaps the school needs to create accounts for someone to pay the bills. Different types of people need to be identified so they can be offered only as much access as they need, and nothing more.

Oh look. You’re back in the realm of digital identity—knowing who’s who, and using that to decide who should have access to online information.

Digital Identity and… Commerce

But wait, there’s more! Even if you’re done with school, don’t have a budget to speak of, and you aren’t a scientist to worry about big data sets, you probably still buy things online. And it’s really disturbing if someone else accesses whatever accounts you have and buys things with your information. To make it worse, now the bad guys stole data about you, created new accounts with new online services that look legit, but mess with your credit score or spend your money.

Or, let’s look at it another way. In the United States alone, several organizations that study this kind of thing suggest that nearly $900 BILLION was spent online in 2020 alone (Google it, you’ll see). This is what’s called a lucrative field and EVERYONE wants a piece of that pie. They want to target information so it has the most impact on you, because that impact means you spend money with them, or you support their cause, or you follow them to a website equivalent of a back alley where they can steal your information. Protecting against fraud is crazy important, and managing digital identity is a critical piece of that.

Geez… does this realm of digital identity ever end?!

Wrap up

OK, so at this point you’ve probably got the idea. If there is any question of needing to control or restrict online access to ANYTHING, then you’re talking about a site, service, or industry that depends on digital identity. To break that down even further, if you have to login, there is something on the other side that’s handling digital identity. Once you understand that, you can think a bit more about what that means for your personal identity, and it also gives you a target to build a career that spans everything.

Posted by heather in Mosh Pit, 0 comments
What is Digital Identity (and why should you care)?

What is Digital Identity (and why should you care)?


If you’re reading this, you have a digital identity. 

And depending on how you think about it, you probably have more than one! After all, you have your social media accounts—those are all digital identities of yourself, right? And then you have your school or workplace accounts—those are digital identities, too. 

Oh! And let’s not forget any accounts with your bank, credit card, doctor’s office, any online shopping you do…oy, just typing about it is stressing us out.

But that’s why we dance! Because let’s face it, the Internet is a rapidly changing landscape and sometimes the only way to stay sane is to dance through digital identity.

We’ll teach ya the steps. 😉

It’s All About Perspective

With a few exceptions, each service you use thinks of your account as uniquely you. Their responsibilities start and end with protecting the information you’ve given them about you. So, if you think about it from the perspective of the service provider, you have LOTS of different digital identities—aka different personas that apply in different situations. Think of it like the “work-life balance” thing people talk about (as if it was a split between two halves of you).

Anyway, the collection of personas is your full digital identity, and managing and protecting the collection of your personas is something only YOU can do.

But why would you want to? That’s easy. Because it’s how you protect yourself from fraudsters, stalkers, hackers, marketers, and anyone else who wants to control you, be you, or use you online. You really do NOT want to become a victim of Identity Theft—unless you do, which is a very interesting personal preference.

Anywho… 

Let’s Take Control

What you can do in five minutes:

  1. Install a password manager. LastPass is really popular and super easy to use! You can learn more about other password managers here
  2. Install Authy or some other multi-factor authentication application. If you are running the new iPhone 15, there is a new built-in multifactor authentication service.  Just have the service installed and ready; we’ll talk about how to use it later. If Authy doesn’t work for you, there are plenty of other options.

What you can do in thirty minutes:

  1. If you have an iPhone running iOS 14 or newer, check out your passwords (found in your settings) for any security alerts and change them if necessary (and add them to your password manager). It will tell you if you’re reusing passwords, or if your passwords have been found in some online hacker store for sale. Google’s Smart Lock does much the same thing for Android phones and Chrome browsers. There are lots of potentially useful security features there.
  2. As a bonus, as you change your passwords, check to see if any support multi-factor authentication (remember that Authy thing?). That means that the service will ask you for a little more information, maybe from an app like Authy or from information they send you in a text message. 

What you can do in an hour:

  1. Make sure all your systems are patched and your apps are up to date.
  2. Sign up with a service like Credit Karma and have it start watching your credit history and your account information for free. There are other services out there as well; check them out and decide what might work best for you!

We know you’re going to say it…

But It’s All SO Annoying!

Yes, all this security and management is really, really annoying! But trust us, it’s not nearly as annoying as recovering from identity theft. Allstate Insurance did a study and found it takes 100-200 hours—to put that into perspective, OVER SIX MONTHS—to recover from identity theft. According to Experian, a major credit agency, it can even take years. YEARS!

We said we’d dance, but we’re not up for spinning out of control here.

Wrap Up

So, what do you think? Can you pass the marshmallow test and do something now for better rewards (which in this case is the promise of less pain!) later? Of course you can! Identity Flash Mob is here to help you think through what’s possible, what’s practical, and how to make your digital identity as secure as YOU as you need it to be!

We hope to meet again on the dance floor. Until next time!  

Photo by Ayo Ogunseinde on Unsplash

Posted by heather in Mosh Pit, 0 comments