I'm ever so slightly annoyed (= raging mad) that #Helsinki IT has managed to leave the personal details of every #school age kid, their parents, and every city employee on an unsecured network drive, allowed them to be stolen, and now is trying to wiggle out of the responsibility to inform every impacted person (= just about everyone) or offer anything but stupid generalities as protection for #identity#theft. #cybersecurity fail of the year. Perhaps several.
Guest speaker: Scottish actor & playwright Matthew Zajac, who will be also performing his critically acclaimed play THE TAILOR OF INVERNESS – the first performance of this play in France
"I didn't realize until years later, thinking back about that, was I was three years old. I lived with my birth mother, and then I didn't anymore.
And I was a three year old. I was talking to her. I forgot over [00:27:00] a while, over time what I was doing. And in the book I talk about it that way. I forgot what I was doing, but I kept doing it. And in, the way that I forgot my name, I had no idea what my name was and I had to find it."
In the evolving digital landscape, "Identity on the Web" is crucial for online interaction, #privacy and #security.
At the @w3c member meeting in #Hiroshima 🇯🇵, Heather Flanagan, co-chair of the newly created W3C Federated Identity #WorkingGroup discussed challenges in establishing a common understanding of #identity and explored this topic's technological, social, and #ethical dimensions in relation to the W3C’s mission.
"The Seattle hospital said in a statement that it had 'successfully fought' the 'overreaching demands to obtain confidential patient information.' A judge in Austin dismissed the lawsuit Friday, saying the parties had settled their dispute."
Thanks Evan, there's a bit to digest there, some of which I agree with, and some of which I don't, between what both you and the OtherEvan had to offer.
It's good to get this stuff right out in the open, especially as the Fediverse is currently undergoing yet another paradigmatic shifts, perhaps an evolutionary step, but certainly, a complete game changer from much of the perspective offered in the Evan <==> Evan Essays ;)
TOMORROW is the deadline for applications to the #Trust and #Identity Incubator #Mentorship Programme (TIM). #Students can get paid while they study, and learn from the best in the field.
Apps that will only present the #2FA challenge upon a successful password #authentication — isn’t there a very good point in always providing both, as to not give any hints on whether the first factor credentials were correct or not?
New EUCJ decision: storing two fingerprints on the chip of an identity document is acceptable but needs updates to the legal framework. Note that the decision is only about storing them on the chip. Not a free pass to store all fingerprints in one big database. Press release: https://curia.europa.eu/jcms/upload/docs/application/pdf/2024-03/cp240050en.pdf Decision text not yet published.
> Digital Identities aren’t something unique to the fediverse and it’s not something Mastodon could stop if they wanted to. Nomadic identity is coming to the internet. The only question is who is going to own your identity. VISA/Mastercard, your government, Google, Microsoft, or you.
Give @julian#Github comment some good reactions to show the folks of the #W3C Federated Identity CG that there's more than #BigTech#identity providers to take into account..
For user accounts that have enabled multifactor authentication, how do you handle self-service password resets? On online platforms, it is usually possible to reset the password via email. I think that is fine for accounts that don't use multifactor authentication. But what if a user logs in with their phone number (They have no email, just the phone) and use text message as their second factor? Sending a password reset code via text message would be a bit stupid. This would mean that the user doesn't really have two-factor authentication if you can reset the first-factor with the second-factor.
I do currently not allow self-service password resets if a user has multifactor enabled. They are required to get in contact with customer support in that case. For our use-case this is ok, but it's obviously not very user-friendly. However, I don't really see a solution in the case where the phone number is the primary identifier and second-factor. I am interested in some thoughts on the topic.
"US spy agencies purchased Americans' phone location data and internet metadata without a warrant but only admitted it after a US senator blocked the appointment of a new NSA director."
Ich weiss, das zu mindestens #Okta mal unsicher war, doch wie sieht es bei den anderen aus und nutzen die auch die aktuellste #Technik für ihre #Dienstleistung'en? Das ist ja viel versprochen aber nicht garantiert, da Closedsource oder nicht?
«#Identity & #Access Management – Die 9 besten IAM-Tools:
Diese Identity-und-Access-Management (#IAM) -Tools schützen Ihre Unternehmens-Assets auf dem Weg in die Zero-Trust-Zukunft.»