CodeIsGo.com

Adaptive MFA improves security and customer experience. According to Dashlane, the average US internet user has over 150 online accounts, with that number projected to double by 2022. By Randy Nasson and Antonio Fuentes.

Given the rampant password reuse problem (65% of people reuse passwords across multiple sites), when data breaches occur, a vast number of accounts are vulnerable. While protective measures like Breached Password Detection can help minimize risks associated with known stolen credentials, there nevertheless remains a substantial risk for potential credential theft in the future.

Key takeaways form this article:

• Multi-factor authentication (MFA) provides added security for protected content, but usability concerns can adversely affect the user experience
• Using custom MFA options can help reduce friction, but custom MFA requires writing rules (coding) or explicit user opt-in to minimize prompts for secondary factors
• Auth0 now offers Adaptive MFA, which only prompts users for secondary authentication factors if the login or authorization attempt is considered risky

Adaptive MFA bridges the gap between user experience and account security by providing a secondary factor for end-users but only prompting them for secondary verification when the primary factor login looks suspicious or unusual. For example, if the user logs in from a new device or logs in from previously unseen geolocation, these signals can indicate low confidence that a login attempt is legitimate and that the user should be prompted to authenticate via the second factor.

MFA offers an excellent defense against password-related account compromise. According to Open Web Application Security Project (OWASP), MFA is “by far the best defense against the majority of password-related attacks”. Good read!

Understanding how the useEffect Hook works is one of the most important concepts for mastering React today. If you have been working with React for several years, it is especially crucial to understand how working with useEffect differs from working with the lifecycle methods of class-based components. In fact, it is a wholesale shift in mindset! By Sebastian Weber.

Fully understanding effects is a complex issue. As Dan Abramov of the React team stated, you might have to unlearn some things to fully grasp effects.

Source: https://blog.logrocket.com/guide-to-react-useeffect-hook/ With useEffect, you invoke side effects from within functional components, which is an important concept to understand in the React Hooks era. Working with the side effects invoked by the useEffect Hook may seem cumbersome at first, but you’ll eventually learn everything makes a lot of sense.

The article main points are:

• A whole new mental model: The core concepts of useEffect
• The key concepts of using effects
• Always use useEffect for asynchronous tasks
• Use multiple effects to separate concerns
• When are effects executed within the component lifecycle?
• The useEffect control flow at a glance
• How to execute side effects with useEffect

… and more. understanding the underlying design concepts and best practices of the useEffect Hook is a key skill to master if you wish to become a next-level React developer. Good read!

This is the story of how close we came to shutting down before even launching our first product, how we survived, and the lessons we learnt. By Sudeep Chauhan.

In March, 2020, when COVID hit the world, our startup Milkie Way too was hit with a big blow and almost shut down. We burnt $72,000 while exploring and internally testing Cloud Run with Firebase within a few hours.

Having a very small team, our focus was on writing code, designing the UI and getting product ready. I spent minimal time in Cloud management, just enough to make us go live, and have basic development flow (cicd) going.

The article then describes:

• Some technical details
• Nightmare begins
• Nightmare continues
• Some Breather : GCP loopholes
  • Automatic upgrade of Firebase account to paid account
  • Billing “Limits” don’t exist. Budgets are at least a day late
  • Don’t rely on Firebase Dashboard!

Having been a Googler for ~6.5 years and written dozens of project documents, postmortem reports, and what not, I started a document to share with Google outlining the incident, and adding the loopholes from Google’s side in a postmortem. Google team would come back to work in 2 days. Interesting read!

PHP is one of the most widely used server-side programming languages. Many popular CMS and frameworks such as WordPress, Magento, and Laravel are written in PHP. PHP 8.0 is the latest major release of the PHP language. It introduces several breaking changes, performance improvements, and lots of new features such as named arguments, JIT compiler, union types, match expression, and more. By linuxize.com.

The article will show you how to install PHP 8 on Ubuntu 20.04 and integrate it with Nginx and Apache.

Before upgrading to or installing PHP 8, make sure that your applications support it. The same steps apply for Ubuntu 18.04 and all Ubuntu-based distribution, including Kubuntu, Linux Mint, and Elementary OS.

The guide then describes how to:

• Enable PHP repository
• Installing PHP 8.0 with Apache
  • Install PHP as Apache Module
  • Configure Apache with PHP-FPM
• Installing PHP 8.0 with Nginx
• Installing PHP extensions
• Testing PHP Processing

Installing PHP 8 on Ubuntu 20.04 server seems like a simple task. All you need to do is to enable the appropriate repository and install PHP 8 with apt. How straightforward.

Payment transactions occur in a matter of seconds. We can easily swipe our credit card or touch to pay, and there’s an instant exchange of value. But it’s not as simple as it seems. Behind every digital transaction is an intricate web of processes that enables nearly $2 trillion in payment volume. By privacy.com.

When a consumer swipes their card, the merchant’s bank will send out a request for authorization via the payment network. The card company then runs payment details through a variety of fraud-protection tools to validate the information.

In thins article you will be able to learn more about:

• Where credit card purchases begin and who is involved
• How banks and credit card companies clear and settle payments
• Security gaps along the payment transaction process
• Virtual cards create a secure and efficient payment ecosystem

If the consumer is using a debit card, the network will have to verify that enough funds are available to complete the transaction. For credit cards, different rules will apply based on the consumer’s available credit or predetermined spending limits. Once the consumer’s account details are verified, the payment network is given the okay to route approval to the merchant’s bank. At this stage, payment is guaranteed.

At Privacy, they provide virtual cards that allow consumers to have greater control over their spending. Consumers start by opening a number of virtual cards to manage everyday purchases or subscription spending. If fraud is detected or a merchant places a charge without permission, consumers can pause or stop transactions on their virtual card at any time.

Unlike standard credit cards, virtual cards use unique card numbers, which can be turned off or limited in real time. These features allow the consumer to actively mitigate security gaps that can occur throughout the payment transaction process. Interesting read!

Securing any environment requires multiple lines of defense. Azure Container Registry recently announced the general availability of features like Azure Private Link, customer-managed keys, dedicated data-endpoints, and Azure Policy definitions. These features provide tools to secure Azure Container Registry as part of the container end-to-end workflow. By Reshmi Mangalore Senior Program Manager.

The article describes the following:

• Customer-managed keys
• Private links
• Dedicated data-endpoints
• Azure built-in policies

Private Link is the most secure way to control network access between clients and the registry as network traffic is limited to the Azure Virtual Network. When Private Link can’t be used, dedicated data-endpoints can minimize data exfiltration concerns. You will also get plenty oof links to further reading on the subject. Good work!

Notifications are one of the important parts of any application. Almost every application on your mobile device will be sending some or other kind of notification. By Sumit Mishra.

But many developers find it difficult to send the notifications to all their users i.e. it is found that only a few of their users receive the notifications and due to this, one of the most asked questions to me is “Why some of the users are not receiving the push notifications?”

Source: https://blog.mindorks.com/how-to-increase-push-notification-delivery-rate-in-android The content of this article is split into:

• What exactly the problem is?
• How does the notification system work?
• How to solve the problems?
• What next?

First of all, the most common mistake that all developers do is taking the wrong data about the users of their app. For example, if your app is having 125 users, then there are cases that out of those 125 users 20% might have uninstalled your app. So, you might be taking data for 125 users but in reality, you sent the notification to 100 users only(20% of 125 = 25). So, the very first thing that you need to do is take the exact user count.

From author’s experience, normally, only 30% of the users receive the notifications that we send i.e. only 30 out of 100. So, we are not able to send notifications to 70% of our customers. Some of reasons being:

• 30% puts it in DND: Due to a large number of applications and so many notifications from those applications, 30% of the users tend to put that particular application in DND mode i.e. in Do Not Disturb mode. So, in this case, no notifications will be shown to the users for that particular application
• 20% OEM restrictions: For better performance of mobile devices, the mobile manufactures make a list of apps called whitelisted apps
• 20% FCM GooglePlayServices not present or disconnected

Follow the link to the full article to learn how to overcome above mentioned problems. Niobe one!

Most communication on the modern Internet is encrypted to ensure that its content is intelligible only to the endpoints, i.e., client and server. Encryption, however, requires a key and so the endpoints must agree on an encryption key without revealing the key to would-be attackers. By Christopher Patton.

In this post we’ll dive into Encrypted Client Hello (ECH), a new extension for TLS that promises to significantly enhance the privacy of this critical Internet protocol. Today, a number of privacy-sensitive parameters of the TLS connection are negotiated in the clear. This leaves a trove of metadata available to network observers, including the endpoints’ identities, how they use the connection, and so on.

Source: https://blog.cloudflare.com/encrypted-client-hello/

The article contains information on:

• The story of TLS is the story of the Internet
• Handshake encryption in TLS
• Before ECH there was (and is!) ESNI
• The ins and outs of ECH
• The spectre of ossification

… and more. Ultimately, the goal of ECH is to ensure that TLS connections made to different origin servers behind the same ECH service provider are indistinguishable from one another.

The old TLS handshake is (unintentionally) leaky. Operational requirements of both the client and server have led to privacy-sensitive parameters, like SNI, being negotiated completely in the clear and available to network observers. Excellent and very detailed read!

Use these tips from Michigan Tech faculty and staff to be more physically comfortable and safer while learning, working and staying healthy at home. By Cyndi Perkins.

For many, the biggest challenge with remote work isn’t keeping the cat off the keyboard or responding to the toddler who informs your Zoom webinar audience that she needs to use the bathroom now. Instead, it’s preventing strains, pains and other potential injuries caused by working in unaccustomed, unhealthy positions. Another concern: sitting more and moving less throughout the day.

The article provides the answer to the questions:

• Why should we care about ergonomics?
• Why should we care about how long we sit in one position?
• What are other ways to make a seated position healthier and more comfortable?
• How can I take care of my wrists, neck and shoulders while I’m working on my laptop?
• What do we need to know about lighting? How can we avoid eyestrain using the 20-20-20 rule?
• Are standing desks a good idea?

Standing desks can be useful, as long as you alternate sitting and standing. The important thing with sit-stand stations is that they need to be properly configured and that users remember that standing in itself is a stationary activity, so it should not be used as your only desk. Some good advice in this article. Recommended read!

Microfrontends is a new trend in the frontend world however, the idea of being able to compose an application out of other independent applications is not new. By Sergio Martino.

Previous experiences such as Java Portlets have not been very successful while other companies, such as Beamery or Spotify, have tried the Microfrontends path with mixed results.

Microfrontends is an architecture pattern that offers an alternative to the frontend monolith by breaking up the frontend into multiple frontends, each with its own lifecycle. Being able to administer an application lifecycle independently from other applications allows teams to deploy features to production faster, as they face less dependencies, a concise scope and less risk of failures.

A migration path for a Monolith is complex as it does not offer a clean way to implement incremental structural changes however, breaking changes would be packaged within a single codebase and could be managed successfully. More often than not, a migration of a Monolith simply means developing a new version alongside a legacy version: old code might be difficult to read, but it would not come with side effects.

The frontend market today offers decent alternatives to the infamous Spotify’s iframe orchestration: Webpack’s Module Federation, Open Components or technology agnostic frameworks such as Single Spa are prime solutions for implementing Microfrontends, despite their young age. Interesting!