Archive

Archive for the ‘’ Category

Outdoor Marketing 101: Top Strategies, Tools, and More!

November 6th, 2023 No comments

Outdoor marketing remains a potent force even in our digital-centric world. Despite the rise of online ads, 85% of consumers remember seeing an outdoor advertisement in the past month, as highlighted by a study from the University of Pennsylvania’s Wharton School

This fact emphasizes the lasting impact of billboards, banners, and other outdoor promotional tools. This article dives into the intricacies of this traditional marketing method, presenting the most effective strategies and tools of today. 

Whether you’re an experienced marketer or a newcomer, this guide provides the insights needed to make your brand shine in the open air.

Source

What Is Outdoor Marketing?

Outdoor marketing is a broad category of advertising that encompasses any type of campaign executed outside the home. This form of marketing is designed to reach consumers as they go about their daily activities, capturing their attention in public spaces.

The most recognizable form of outdoor marketing is the billboard. Still, the category includes mediums such as transit posters (found on buses, trains, and subways), kiosks, bus shelters, and even guerrilla marketing tactics like sidewalk chalk or unique installations. 

Digital billboards and interactive displays have also modernized the OOH landscape, creating more dynamic and engaging content.

The primary advantage of outdoor marketing is its ability to offer high visibility in strategic locations, ensuring that brands can reach many potential customers. 

Unlike digital ads that can be skipped or print ads that might go unnoticed, outdoor advertisements are prominently placed in the environment, making them hard to ignore. They’re especially effective in high-traffic areas where they can garner numerous impressions.

The History of Outdoor Marketing

Outdoor marketing, often called out-of-home (OOH) advertising, has been a cornerstone of the advertising world for centuries. Its evolution offers a fascinating glimpse into the changing dynamics of commerce, technology, and societal values.

The Birth of Modern Billboards

Billboards emerged in the 19th century in the U.S. with the railway system expansion. Companies advertised to train passengers using surfaces alongside tracks. By the late 1800s, billboard structures were standardized, leading to large-scale advertising companies.

Source

The 20th Century: A Boom in OOH Advertising

In the 20th century, the rise of automobiles transformed outdoor marketing, making roadside billboards common on highways. As cars became widespread, advertisers targeted on-the-move consumers. 

In cities, transit advertising on buses, trams, and subways flourished, with exteriors and interiors used. The mid-century introduced neon signs, with cities like Las Vegas and Tokyo becoming renowned for their neon-lit nightscapes.

Innovation and Regulation

With the growth of outdoor marketing came concerns about aesthetics and safety. The 1960s U.S. Highway Beautification Act regulated billboard size, spacing, and lighting to prevent distractions and protect landscapes. 

Concurrently, advances in materials, like vinyl in the 1980s, enabled more vibrant, durable ads, offering advertisers greater flexibility and creativity.

The Digital Revolution

The late 20th and early 21st centuries introduced digital outdoor marketing. Digital billboards, offering real-time updates and interactivity, became pivotal. Some even used cameras and sensors to tailor content based on audience reactions. 

Augmented reality (AR) and QR codes further enhanced traditional OOH formats, allowing users to scan codes for extra content or merge digital data with the real world.

The Modern Landscape and Beyond

Today’s outdoor marketing combines traditional and digital techniques. Classic billboards and transit ads now feature QR codes or social media hashtags, connecting the physical and digital worlds. 

Additionally, environmental considerations have influenced the industry by adopting eco-friendly materials, solar-powered billboards, and sustainable practices.

Source

The Benefits of Outdoor Marketing

In an age dominated by digital screens and online platforms, one might wonder about the relevance of traditional advertising methods. 

However, outdoor marketing, often called out-of-home (OOH) advertising, has not only withstood the test of time but continues to offer unique advantages that digital mediums often can’t replicate. Here are seven compelling benefits of outdoor marketing:

1. Uninterrupted Visibility

Unlike digital ads, which can be skipped, blocked, or closed, outdoor advertisements are prominently displayed in the environment, making them hard to ignore. Billboards, banners, and transit ads command attention by size and placement. 

They are there 24/7, ensuring that your message is always visible to passersby, whether they’re pedestrians in a city center or drivers on a highway. This constant exposure increases the likelihood of your message being noticed and remembered.

2. Broad Audience Reach

Outdoor marketing doesn’t discriminate. It reaches out to everyone who passes by, irrespective of age, gender, or socioeconomic status. This broad reach is especially beneficial for brands or campaigns that target a wide demographic. 

For instance, a billboard placed in a strategic location can be seen by tens of thousands of people daily. Over time, this accumulates to a massive number of impressions, ensuring that your message reaches a diverse and extensive audience.

3. Enhances Local Presence

For businesses that operate in a specific locality or region, outdoor marketing can significantly boost local presence and recognition. 

A well-placed billboard or poster in a community can make a brand synonymous with a particular area, creating a sense of familiarity and trust among local residents. 

This is especially beneficial for small businesses looking to establish themselves in a community or larger businesses aiming to create a localized connection.

4. High Recall Rate

Studies have shown that the human brain is more likely to remember something it has seen in the physical world compared to the digital realm. The tangible nature of outdoor advertisements, combined with their size and repetitive visibility, ensures a higher recall rate. 

Many people can remember a specific billboard they’ve seen during their commute, even if they’ve only seen it a few times. This high recall translates to better brand recognition and, ultimately, a higher likelihood of conversion.

5. Cost-Effective in the Long Run

While the initial investment for outdoor advertising might seem high, especially for prime locations, its longevity, and broad reach often result in a lower cost per impression than many digital advertising methods. 

A billboard, for instance, might be up for several weeks or months, continuously advertising to new sets of eyes. When you break down the cost over the duration and the number of impressions, outdoor marketing often presents a cost-effective solution for brands looking for long-term exposure.

6. Complements Digital Campaigns

Outdoor marketing’s ability to complement digital campaigns extends beyond just QR codes or social media hashtags. Consider the potential of geotargeting: when consumers see a billboard for a product or service, they might immediately search for it on their smartphone. 

Brands can capitalize on this behavior by using geotargeted digital ads that appear to users within the vicinity of their outdoor advertisements. This creates a seamless transition from the physical ad they just saw to the digital realm, enhancing the user’s journey with the brand.

Moreover, outdoor advertising can be a visual anchor, reinforcing digital messages. For instance, users might scroll past a digital ad on their social media feed without much thought. 

However, if they later encounter a similar outdoor advertisement, the previous digital interaction is recalled, amplifying the message’s impact.

7. Flexibility and Creativity

The vast canvas that outdoor marketing provides is not just limited to billboards. Brands have utilized buses, trams, and even entire buildings to showcase their creativity. 

This expansive space allows for larger-than-life representations of products, services, or brand messages, creating a visual spectacle that’s hard to forget.

Moreover, the rise of digital billboards has added a dynamic element to outdoor advertising. These billboards can change messages based on the time of day, weather, or even current events, allowing brands to stay relevant and timely in their communication.

Interactive outdoor campaigns, where audiences can engage directly with the advertisement, have also gained traction. 

From billboards that change content based on audience reactions to installations that users can interact with, the merging of technology with outdoor spaces has opened up many creative possibilities.

Top Channels for Outdoor Marketing

As technology advances, so do the methods and channels available for outdoor marketing. Here are the top five channels for outdoor marketing:

1. Digital Outdoor Signage

Digital outdoor signage has revolutionized the way brands communicate with their audience outdoors. Unlike traditional billboards, digital signs can display dynamic content, change advertisements in real-time, and interact with passersby. 

Image by rawpixel.com on Freepik

One of the leading names in this space is AIScreen, which offers cutting-edge digital signage solutions that enhance brand visibility and engagement. The ability to update content on the fly, coupled with high-resolution displays, makes digital outdoor signage a preferred choice for many advertisers. 

It’s not just about displaying an ad; it’s about creating an experience. With features like touch interactivity, motion detection, and even augmented reality integrations, digital signage offers a level of engagement that traditional billboards can’t match.

2. Transit Advertising

Transit advertising refers to advertisements placed on or within public transportation vehicles, such as buses, trains, and taxis, and at stations or terminals. This form of advertising is especially effective in urban areas with a high concentration of commuters. 

Whether it’s a bus wrap showcasing a new product or a poster inside a subway car, transit advertising ensures that your message travels with your audience. 

Given the captive nature of the audience—people waiting for or riding on public transport—transit ads can have a significant impact. Moreover, with the rise of smart cities, even transit advertising is going digital, with screens displaying ads based on the time of day, location, or weather.

3. Street Furniture Advertising

Street furniture advertising encompasses ads placed on city fixtures like bus shelters, benches, kiosks, and phone booths. These ads are strategically located in high-footfall areas, ensuring maximum visibility. 

One of the advantages of street furniture advertising is its ability to cater to pedestrians and vehicular traffic. For instance, a well-designed ad on a bus shelter can catch the eye of someone waiting for the bus and a person driving by. 

Given their proximity to the ground level, these ads can be more detailed, allowing for more information or even QR codes that pedestrians can scan.

4. Guerrilla Marketing

Guerrilla marketing is an unconventional form of outdoor advertising that aims to catch people off guard and create a memorable brand experience. It involves creative, sometimes spontaneous activities in public spaces, designed to create buzz and virality. 

From flash mobs to interactive installations, guerrilla marketing campaigns are often bold and innovative. The key to a successful guerrilla marketing campaign is originality. It’s about doing something unexpected that resonates with the audience and gets them talking. 

While it can be a riskier approach compared to traditional methods, when executed correctly, guerrilla marketing can generate significant media coverage and social media buzz.

5. Building Wraps and Large Format Banners

Size does matter in outdoor advertising. Building wraps and large format banners are hard to miss. These massive advertisements cover the sides of buildings or hang in prominent locations. Given their sheer size, they command attention. 

Whether it’s in a bustling city center or along a busy highway, these ads make a statement. They’re especially effective for product launches or major events where you want to make a big splash. 

The key is to have a compelling visual and a clear message, as these ads are often viewed from a distance.

Innovative Outdoor Marketing Ideas For Your Business

While traditional billboards and posters still have their place, innovation in outdoor marketing can set your brand apart, creating memorable experiences that resonate with consumers. 

Here are five innovative outdoor marketing ideas to elevate your brand’s presence and engage your target audience:

Interactive Digital Billboards

Gone are the days when billboards were static displays. Today’s digital billboards can be interactive, engaging passersby in real-time. Imagine a billboard that responds to the weather, changing its message or design based on rain, sunshine, or snow. 

Or consider a billboard that allows users to interact with it through their smartphones, perhaps by playing a game, participating in a poll, or accessing a special promotion. 

For instance, a fashion brand could showcase its latest collection and let pedestrians vote on their favorite outfits using their phones. This not only grabs attention but also encourages active participation, making the advertisement more memorable.

Augmented Reality (AR) Experiences

AR technology has opened up a world of possibilities for outdoor marketing. By overlaying digital information in the real world, AR can create immersive brand experiences. For example, a movie studio promoting an upcoming film could set up AR stations in popular city squares. 

When people point their smartphones or AR glasses at a specific marker, they can see a trailer or even interact with characters from the movie. 

Another idea is for retail stores to use AR to showcase how furniture or clothing might look in a customer’s home or on them, respectively. The key is to create an experience that’s not just novel but also adds value or entertainment for the user.

Pop-Up Events and Experiences

Pop-up events are temporary, often unexpected, events or stores that “pop up” for a short period. They can be incredibly effective for generating buzz and creating a sense of urgency. 

A cosmetic brand, for instance, could create a pop-up spa in a city park, offering quick facials or makeup sessions. A tech company might set up a temporary lounge in a busy train station, showcasing its latest products. 

The transient nature of pop-ups means that people are more likely to engage, knowing it’s a limited-time opportunity. Plus, the surprise element can generate significant word-of-mouth publicity.

Eco-Friendly Installations

As consumers become more environmentally conscious, brands can make a statement with eco-friendly outdoor marketing initiatives. Consider creating installations using recycled materials or setting up displays that double as urban gardens. 

Another idea is to use solar-powered digital displays or create advertisements that can later be repurposed or recycled. 

For instance, a brand promoting sustainability could set up a billboard made entirely of recyclable materials and then invite the community to a recycling event once the campaign is over. 

Such initiatives not only promote the brand but also resonate with eco-conscious consumers, showcasing the brand’s commitment to sustainability.

Personalized Outdoor Advertising

Personalization is a significant trend in digital marketing, but it can also be applied to outdoor marketing. With the rise of data analytics and smart technology, outdoor advertisements can be tailored to the audience in real-time. 

For example, digital displays in shopping malls could showcase ads based on the demographics of the people nearby, detected through mobile data or facial recognition (with proper privacy measures in place). 

A billboard in a busy business district might showcase ads for professional services during the day and switch to entertainment or dining ads in the evening. The more relevant the advertisement, the more likely it is to engage the viewer.

I apologize for the inconvenience. It seems I’m currently unable to access external resources directly. However, I can still provide a detailed overview based on my existing knowledge. Let’s dive into some examples of successful outdoor marketing campaigns:

Top Tools To Leverage Outdoor Marketing For Your Business

Image by berlionemore_contributor on Freepik

Here are five top tools that businesses can leverage to make the most of their outdoor marketing efforts:

1. Digital Billboards and Display Screens

Digital billboards are a significant upgrade from their static counterparts. These electronic displays can showcase multiple advertisements in a rotation, allowing businesses to feature various products or messages throughout the day. 

The flexibility of digital billboards means that ads can be updated in real time, making them ideal for promotions, flash sales, or timely announcements. 

Additionally, some advanced screens come with sensors that adjust brightness based on ambient light, ensuring optimal visibility at all times.

2. QR Code Generators

Quick Response (QR) codes have seen a resurgence in recent years, especially in outdoor marketing. These scannable codes can bridge the gap between physical advertisements and the digital world. 

By using a QR code generator, businesses can create unique codes that, when scanned by a smartphone, lead to a specific webpage, video, or promotional offer. This tool not only drives engagement but also allows for easy tracking of campaign effectiveness.

3. Sales automation software

Sales automation software plays a pivotal role in outdoor marketing by streamlining lead management, automating follow-ups, and delivering personalised email campaigns. For example, a retail business can use sales automation to efficiently collect customer leads during outdoor events, send targeted follow-up emails, and manage appointments, ultimately boosting customer engagement and sales conversions.

4. Augmented Reality (AR) Platforms

AR has the power to transform static advertisements into interactive experiences. With AR platforms, businesses can overlay digital information onto physical ads. For instance, a poster for a new movie could come to life with a trailer when viewed through an AR app. 

This immersive experience can captivate audiences and create memorable interactions with the brand. Companies like Snapchat and Instagram offer AR ad solutions that can be integrated into outdoor campaigns.

5. Eco-friendly Printing Solutions

As environmental concerns become more pressing, businesses seek sustainable methods in all operations, including marketing. Eco-friendly printing solutions use materials that are biodegradable, recycled, or sourced sustainably. 

These printers also utilize inks that are less harmful to the environment. By opting for green printing solutions, businesses not only reduce their ecological footprint but also appeal to environmentally-conscious consumers.

6. Analytics and Tracking Software

To gauge the success of an outdoor marketing campaign, businesses need robust analytics and tracking tools. Modern software can track the times a QR code is scanned or measure engagement with digital billboards. 

Some advanced digital displays even incorporate cameras to analyze audience demographics and gauge reactions to advertisements. By harnessing this data, businesses can refine their strategies and optimize future campaigns.

Examples of Successful Outdoor Marketing Campaigns

1. Coca-Cola’s “Share a Coke” Campaign

Source

One of the most iconic outdoor marketing campaigns in recent years is Coca-Cola’s “Share a Coke” initiative. The company replaced its traditional logo on bottles with popular names, inviting consumers to find a bottle with their name or the name of a loved one. 

This simple yet effective personalization turned every bottle into a mini billboard. The campaign was amplified with large outdoor billboards showcasing various names, making it a personal experience on a grand scale. 

The result? Increased sales and a massive social media buzz as consumers shared pictures of their personalized bottles.

2. Spotify’s “Thanks 2016, It’s Been Weird” Campaign

Spotify humorously leveraged its vast user data with its end-of-year campaign. Billboards showcased quirky, real user habits, such as “To the person who played ‘Sorry’ 42 times on Valentine’s Day, what did you do?” 

This campaign was a hit because it combined humor, accurate user data, and a touch of mystery, making it relatable and intriguing. It was a testament to the power of data-driven outdoor advertising.

3. Ikea’s “Climbable Billboard”

Source

To promote the opening of a new store in France, Ikea set up a giant vertical billboard that doubled as a climbing wall. 

This interactive billboard was adorned with actual Ikea furniture, showcasing the brand’s products in a fun and engaging way. Not only did it draw attention, but it also allowed consumers to interact with the brand, creating a memorable experience physically.

4. McDonald’s “Sundial Billboard”

In a creative twist, McDonald’s used a billboard as a functional sundial. The shadow cast by the billboard’s structure moved across the board, aligning with images of different McDonald’s breakfast items at the appropriate times of the morning. 

It was a clever way to promote their breakfast menu, reminding passersby of the time and, more importantly, that it was time for a McDonald’s breakfast.

5. BIC’s “Shave the Billboard” Campaign

Source

To promote its line of razors, BIC showcased a massive billboard featuring a man’s bearded face. Over time, the beard was “shaved” off, revealing a clean-shaven face, demonstrating the effectiveness of BIC razors. 

This dynamic billboard changed over time, encouraging viewers to revisit and see the progress, thereby repeatedly exposing them to the brand and its message.

What Challenges Can One Face in Outdoor Marketing Today?

As brands compete for attention in an increasingly digital world, outdoor marketing must evolve to stay relevant. Here are ten challenges faced in outdoor marketing today:

1. Digital Distractions: With smartphones and digital devices dominating, capturing the attention of a tech-savvy audience is challenging.

2. High Costs: Prime outdoor advertising spaces, especially in urban areas, can be expensive.

3. Vandalism: Billboards and posters can be susceptible to graffiti and other vandalism.

4. Weather Dependency: Outdoor ads can be affected by weather conditions, reducing their lifespan and visibility.

5. Regulatory Restrictions: Many cities have strict regulations regarding the size, location, and content of outdoor advertisements.

6. Short Attention Span: With people on the move, outdoor ads have only a few seconds to make an impact.

7. Measurement Difficulties: Unlike digital marketing, tracking the direct impact and ROI of outdoor ads can be challenging.

8. Environmental Concerns: Large billboards and print materials can be considered environmentally unfriendly.

9. Space Limitations: Conveying a message with limited space requires creativity and precision.

10. Rapid Technological Changes: Keeping up with the latest technologies, like digital billboards and AR integrations, requires constant adaptation.

In conclusion, while outdoor marketing offers vast potential, navigating its challenges requires strategic planning, creativity, and adaptability.

What Is the Difference Between Outdoor and Digital Marketing?

In the vast realm of advertising, two dominant forms have emerged over the years: outdoor marketing and digital marketing. 

While both aim to engage audiences and promote brands or products, they employ distinct strategies, mediums, and technologies. Here, we’ll delve into five key differences between these two marketing forms.

1. Medium and Platform

Outdoor Marketing: This form of marketing, often called out-of-home (OOH) advertising, utilizes physical spaces to communicate its messages. Classic examples include billboards along highways, posters in transit systems, banners at events, and even guerrilla marketing tactics in public spaces. 

These advertisements are tangible, static (except digital billboards), and are placed in strategic locations to garner maximum visibility.

Digital Marketing: Digital marketing operates in the online realm. It encompasses various platforms and strategies, including search engine optimization (SEO), pay-per-click advertising (PPC), social media marketing, email campaigns, and content marketing.

 These advertisements are virtual and dynamic and can be tailored to appear to specific demographics based on online behavior, preferences, and search history.

2. Targeting and Personalization

Outdoor Marketing: OOH advertising is broad in its targeting. While a billboard or transit ad can be placed in a location to reach a particular demographic (e.g., a university campus for targeting students), it doesn’t offer personalized content for each viewer. Everyone who passes by sees the same message.

Digital Marketing: One of the most powerful features of digital marketing is its ability to target specific audiences with precision. Advertisers can tailor content based on a user’s online behavior, location, device, age, gender, interests, etc. For instance, retargeting ads can show products that a user has previously viewed on an e-commerce site, making the advertisement highly relevant to the individual.

3. Duration and Flexibility

Outdoor Marketing: Once an outdoor advertisement is set up, it remains constant for its duration, which could be weeks or even months. Changing the content requires a physical change, which can be time-consuming and costly.

Digital Marketing: Digital ads offer unparalleled flexibility. Advertisers can change their content in real-time based on performance metrics, current events, or inventory levels. For instance, if an ad isn’t performing well, marketers can quickly adjust the design, messaging, or targeting parameters to optimize results.

4. Measurement and Analytics

Outdoor Marketing: Measuring the direct impact of OOH advertising can be challenging. While companies can estimate the number of impressions based on location traffic, it’s harder to determine the exact number of conversions (e.g., purchases) directly attributed to the ad. Some modern methods, like using QR codes on billboards, can provide more direct tracking, but overall, OOH analytics tend to be more generalized.

Digital Marketing: The digital realm offers robust analytics. Marketers can track many metrics, including click-through rates, conversion rates, bounce rates, and more. They can see which ads are most effective, which demographics are most engaged, and which times of day yield the best results. This data-driven approach allows for continuous optimization and a clear return on investment (ROI) measurement.

Conclusion

Outdoor marketing, with its rich history and diverse strategies, remains a pivotal component in the advertising landscape. 

From the inception of billboards alongside train tracks to the digital innovations of today, it has continuously evolved to capture the attention of audiences on the move. The blend of traditional and modern methods, coupled with the integration of digital elements. 

As brands navigate the challenges and opportunities of this dynamic medium, the fusion of creativity, strategy, and technology will be paramount. 

Whether through a captivating billboard, an interactive digital display, or a guerrilla marketing stunt, the essence of outdoor marketing lies in its ability to engage, surprise, and leave a lasting impression on the vast open canvas of the real world.

FAQs

What is the difference Between Outdoor Marketing And Outdoor Advertising?

Outdoor marketing encompasses all external promotional strategies, while outdoor advertising specifically refers to visible ads like billboards and posters.

What insights does this guide provide?

The guide offers insights into effective outdoor promotional methods, the latest tools, and evolving industry trends for successful campaigns.

How does outdoor marketing differ from digital marketing?

Outdoor marketing uses physical spaces for promotions, like billboards, while digital marketing focuses on online platforms and strategies.

Are digital elements incorporated in modern outdoor marketing?

Yes, modern outdoor marketing integrates digital elements like digital billboards, QR codes, and augmented reality for enhanced engagement.

Featured image by Andrae Ricketts on Unsplash

The post Outdoor Marketing 101: Top Strategies, Tools, and More! appeared first on noupe.

Categories: Others Tags:

How to Recover From a Data Security Breach

November 6th, 2023 No comments

In a world where everything is intertwined with technology, a data security breach is like an unexpected rain on your parade—definitely not a fun surprise. 

But here’s the thing: you can’t just brush it off like nothing happened. 

Cyberattacks are ramping up, no doubt about it. According to Cybersecurity Ventures, the cost of cybercrime is likely to hit a whopping $10.5 trillion?? by 2025.

So, let’s get into it. In this complete guide, we’re diving deep into data breaches, breaking down what they mean, the domino effect they set off, and, most importantly, how to pick yourself up when things get messy.

So settle in—we’re making data breaches as easy to understand and handle as a walk in the park.

What is a Data Breach?

Think of a data breach as a digital break-in. It’s when hackers manage to sneak into a company’s databases and nab sensitive info. 

Now, these cyberattacks happen because there are holes in data security. Companies don’t always have the right locks and alarms, leaving their data and customers’ info vulnerable.

Types of Breaches

There’s a whole range of data breach flavors out there, like:

  • Phishing: Tricking someone into revealing info via fake emails or websites.
  • Ransomware: Holding data hostage until a ransom is paid.
  • Social Engineering Scams: Manipulating people into sharing sensitive details.
  • Software Misconfigurations: Getting in through poorly set up software.
  • Weak Passwords: Guessing easy-to-crack passwords.
  • Physical Device Theft: Yep, sometimes they steal the actual devices.
  • Third-Party Breaches: When a company’s partner gets hacked, cybercriminals sneak through the backdoor.

Suppose you work at a cloud communications platform company. One day, the headlines scream—hackers just broke into your system. They’re now holding customer data, like contact numbers and communication history, hostage. These hackers could start sending messages that look legit, but they’re loaded with malware. So when customers click, boom—their devices are infected with a computer virus or malware.

You see, data breaches aren’t just faraway stories. They’re real and messy, affecting real people and real businesses. This is why understanding breaches and how to react is super important.

What Happens When a Company Suffers a Data Breach?

Now that you have a better idea of what data breaches are, let’s discuss the aftermath of a data breach and look at some of the problems that they can cause:

Customer Trust Takes a Hit

Source

Think of your customer’s trust being like a vase. A data security breach would smash it to pieces. Customers start worrying about their personal information—and they’re not alone. KPMG revealed that 86% of people have growing concerns about their data privacy.

Government Fines

The law gets involved. Data breaches often come with regulatory fines in the U.S. For instance, HIPAA violations can lead to fines ranging from $100 to $50,000 per violation. 

A Dip in Stock Price

Money talks. News of a data breach can spook investors. Share prices of breached companies hit a low point of approximately 110 market days following a breach. Share prices fall -3.5% on average and underperform the NASDAQ by -3.5%, as reported by Comparitech.

How Can Companies Prevent Data Breaches?

Preventing data breaches is essential for keeping your valuable stuff safe. Here are some ways to increase data security in your business:

  • Implement Cybersecurity Measures: Invest in robust cybersecurity measures like firewalls, encryption, and intrusion detection systems. Multi-factor authentication is a great way to fortify access to sensitive info.
  • Stay Up-to-Date with Software and Patch Management: Keep your software up-to-date, and don’t snooze on those patches. Hackers often exploit vulnerabilities in outdated software.
  • Train Your Troops: Make sure your team knows the drill. Regularly train employees about cybersecurity best practices. A well-informed workforce can be your first line of defense. You can even hold personalized training sessions on topics like how to create strong passwords and the importance of archiving for data privacy.
  • Limit Access: Principle of Least Privilege (PoLP): Not everyone needs access to everything. Follow the principle of least privilege—grant employees the minimum access required to perform their roles.
  • Partner Wisely with Third-Party Vendors: Your partners’ security matters too. Before collaborating, assess their data security practices.
  • Regular Checkups: Just like a health checkup, your digital health needs one too. Regularly conduct security audits and assessments to spot vulnerabilities before they become gateways for hackers.

Stay tuned—we’re delving deeper into the battle plan against data breaches. From recovery tactics to ensuring legal compliance, we’ve got you covered.

What Should You Do About a Data Breach?

Alright, the inevitable has happened—a data security breach slipped through the cracks, even after all your best efforts to increase data security. Here’s your playbook on what to do when facing a data breach:

Act Fast to Contain the Breach

Image sourced from IBM

Imagine you’re in charge of a tech company that relies on secure remote access solutions, like VPNs. The moment you get wind of a breach, rally your response team into action. 

Together, you can identify how the breach happened and take immediate steps to contain it. This can include disconnecting compromised systems, changing passwords, isolating affected areas, and temporarily shutting down remote access. Acting fast means you can slam the brakes on the breach’s impact and put up roadblocks to stop it from spreading. 

According to IBM, spotting a breach takes about 204 days on average. Containing the chaos? That’s another story—roughly 73 days. Add it all up, and you’re staring at a whopping 277 days. Yup, that’s nearly a year. But with quick thinking and speedy action, you’re on track to slam the brakes on that breach’s rampage.

Notify Authorities

In many scenarios, data security breach incidents require reporting to regulatory authorities. It’s crucial to familiarize yourself with the laws and requirements governing breach notifications in your country. Just like you wouldn’t miss a red light on the road, don’t overlook your responsibility to notify the appropriate channels.

Alert Affected Parties

When a breach occurs, swift and transparent communication is paramount. Data breaches can damage your reputation with your customers or clients. Imagine being in a position where you’re responsible for a company’s response to a breach. You promptly reach out to the individuals whose data has been compromised. You don’t delay or sugarcoat—you provide clear information about the breach, the type of data exposed, and the potential risks they might face.  By doing so, you’re not only meeting a legal obligation but demonstrating respect for their privacy and fostering trust.

Seek Legal and PR Guidance

Navigating legal waters can be complex. When a breach hits, it’s time to consult legal experts to grasp your obligations and potential liabilities. Additionally, engaging your PR team is akin to switching on your headlights in a fog—it ensures clarity and honesty in your communication. The result? A clear path forward amidst the confusion.

Enhance Security

Source

This is your wake-up call. Bolster your security measures. Implement stronger access controls, regular security audits, and ongoing employee training. 

Suppose you work at a law firm, and a recent breach shakes things up. In response, you tighten the reins and introduce solutions like Assembly Software that protect your data for improved security. You enhance access controls, ensuring that only authorized personnel can access sensitive data. You schedule regular security audits to catch vulnerabilities before they become gateways. Taking these measures becomes your shield against future breaches and a testament to your commitment to safeguarding client information.

By leveraging digital signage solutions, you can consistently remind and educate your employees about best practices and the importance of data security.

Provide Support

Think of the aftermath of a breach as a storm that leaves individuals shaken. Now, envision being the helping hand that offers assistance. If you work at a company that’s just experienced a breach, provide resources to those affected, like credit monitoring or identity theft protection services. By doing this, you’re not just addressing the immediate fallout. You’re showing empathy and commitment to helping them navigate the breach. In a time of vulnerability, your support becomes a lifeline that helps individuals regain control and security.

Plan for the Future

The age-old wisdom of “hope for the best, prepare for the worst” couldn’t be more fitting here. Data breaches serve as a stark reminder that being proactive is key. So, you roll up your sleeves and create an incident response plan. This plan should include a clear chain of command, communication protocols, technical procedures, legal requirements, and contact details of relevant stakeholders, including legal counsel, PR experts, and cybersecurity specialists.

Facing a data breach is no walk in the park, but with a clear plan and swift action, you can navigate the storm and come out stronger on the other side. 

Data Breaches: Prevent, Prepare, and Be Proactive

So there you have it—the full scoop on data breaches and how to bounce back from them. 

We’ve covered the scary stuff, the fallout, and the steps to take when a breach comes knocking. 

From acting quickly to getting legal and PR help, boosting security, and lending a hand to those affected—each move is like a piece of a puzzle that helps you sail through a breach. And don’t forget, the secret sauce for the future is a solid plan. 

By knowing the risks, getting ready for the worst, and reacting with precision, you can actually turn the tables on a data security breach. So, as you move ahead in the digital world, remember while data breaches are tough cookies, your power to tackle them is even tougher.

Featured image by Towfiqu barbhuiya on Unsplash

The post How to Recover From a Data Security Breach appeared first on noupe.

Categories: Others Tags:

5 Tips for Creating a Winning Sales Funnel for Your Business

November 2nd, 2023 No comments

No matter your industry, creating a winning sales funnel can help you meet prospects where they’re at, so you can grow your customer base and meet your company’s financial goals

In the simplest of terms, the funnel starts with a wide pool of potential customers or clients, and eventually whittles its way down to those who actually follow through by giving you their business. 

Whether you’re a business owner, entrepreneur, or sales professional, here’s what you need to know about building a sales funnel to set your company up for financial success.

What Is a Sales Funnel?

There are many different sales funnel models, but we’ll dive into one of the simplest ones: the four-stage sales funnel. The four stages are: awareness, interest, decision, and action.

  • The first stage, awareness, is at the very top of the pyramid. It’s where customers first become aware of your business and products or services. 
  • The next stage, interest, refers to when a customer is comparing business options before making a decision. 
  • The third stage, decision, is when the customer has reached the decision-making stage and is ready to choose a company.
  • The last stage, action, refers to when the customer is ready to act and pay for a product or service.

You’ll want to develop a sales strategy around each of these four stages, attracting customers before they even know what your brand is with a good marketing approach, standing out from the competition when a prospect is weighing competitors, offering an incentive to go with your company when the customer reaches the decision-making stage, and staying engaged even if it’s clear a customer will buy from your company.

Some sales funnels go beyond this model to help you keep current customers happy. It’s important to consider this when coming up with a sales and marketing strategy to ensure current customers don’t drop off.

5 Ways to Build a Leading Sales Funnel

1. Dig into the data

Whether you’re building out customer personas, analyzing buying habits of customers in similar industries, or reviewing recent purchasing trends, it’s important to know more about the customers in your line of work.

For example, if you own a moving company and find the target demographic in your area is families, you can cater your advertising to attract more families to your business. Likewise, if you learn younger generations are more interested in a product your company makes, you can consider engaging with Gen Z on social media apps like TikTok or millennials on apps like Instagram.

2. Create a top-notch marketing strategy

Now that you know more about your target customers, you can create ad campaigns, social media posts, videos, and content pieces that speak to your key demographic. When creating ads, think about your audience’s key pain points, how your product or service solves this problem, and why you’re different from the competition. 

You can use targeted ads to better reach the specific audiences you’re narrowing in on. Be sure to also keep track of your ad performance to see which ads customers are responding to most.

Make sure you research what your competitors are doing, too. You’ll want to review their social media platforms to see how their customers are responding to their posts. Keep note of any unanswered questions or frustrations customers bring up. This can help you stand out by offering a distinct voice and option for prospective customers.

Beyond ads, you might consider a power dialer as a step up from cold calling to help you find customers interested in your offerings.

3. Send your prospects to a winning website

After sparking a prospect’s interest, you’ll want to send them to your website or dedicated landing page. It’s smart to include more information on your website about how your offering solves a problem the customer might be experiencing and why they should buy from you rather than a competitor.

Make sure you also show detailed photos of the product or service, provide an overview, and offer more in-depth content users can access if they want to learn more. Consider including interactive elements like videos or product demos, infographics, and user reviews. 

If prospects can buy the product or service outright, include a link to add it to their cart or a call to action explaining what they should do next. Try to put this all on one page to make it as easy as possible for the customer to take the next step. If the process feels too complicated, some prospects may drop out of the funnel.

Be sure to test your website or landing page on desktop and mobile. More customers shop directly from smartphones now, so you’ll want to ensure your website is optimized for both experiences.

4. Keep in contact

After the prospect buys your product or service, stay in touch with them by sending them a thank you email and adding them to your email newsletter list (make sure they can opt-out if they choose). This allows you to keep in touch if your company has sales, deals, or new product launches down the road. You might also send an email asking them to leave a review to encourage new prospects to purchase one of your products down the road.

You might also consider adding a sign-up form to your landing page, so a prospect can learn more about your offerings even if they don’t decide to make a purchase right away. In this case, you might want to reach out with promotional codes, one-time discounts, or other incentives to get them to buy from you.

5. Continue refining your process

Make sure to tighten up your sales process constantly to better fit your business goals. Review your data regularly to determine if you should adjust your ad strategy, or if you should expand or narrow your targeted ad field. Review your website or landing page metrics for more than just visitor counts — you can also view your click-through rates and see where users might stumble on your page. If you notice an issue, try launching a test version of the page to see if it performs better. 

Featured Image by Austin Distel on Unsplash

The post 5 Tips for Creating a Winning Sales Funnel for Your Business appeared first on noupe.

Categories: Others Tags:

The Dangers of Doomscrolling for Designers and How to Break Free

November 1st, 2023 No comments

As a creative professional, navigating the digital realm is second nature to you. It’s normal to follow an endless thread of ideas across the web. But lately, you may have found yourself lost in seemingly endless scrolls that go nowhere. If so, you’re not alone.

Categories: Designing, Others Tags:

Answering Common Questions About Interpreting Page Speed Reports

October 31st, 2023 No comments

This article is a sponsored by DebugBear

Running a performance check on your site isn’t too terribly difficult. It may even be something you do regularly with Lighthouse in Chrome DevTools, where testing is freely available and produces a very attractive-looking report.

Lighthouse is only one performance auditing tool out of many. The convenience of having it tucked into Chrome DevTools is what makes it an easy go-to for many developers.

But do you know how Lighthouse calculates performance metrics like First Contentful Paint (FCP), Total Blocking Time (TBT), and Cumulative Layout Shift (CLS)? There’s a handy calculator linked up in the report summary that lets you adjust performance values to see how they impact the overall score. Still, there’s nothing in there to tell us about the data Lighthouse is using to evaluate metrics. The linked-up explainer provides more details, from how scores are weighted to why scores may fluctuate between test runs.

Why do we need Lighthouse at all when Google also offers similar reports in PageSpeed Insights (PSI)? The truth is that the two tools were fairly distinct until PSI was updated in 2018 to use Lighthouse reporting.

Did you notice that the Performance score in Lighthouse is different from that PSI screenshot? How can one report result in a near-perfect score while the other appears to find more reasons to lower the score? Shouldn’t they be the same if both reports rely on the same underlying tooling to generate scores?

That’s what this article is about. Different tools make different assumptions using different data, whether we are talking about Lighthouse, PageSpeed Insights, or commercial services like DebugBear. That’s what accounts for different results. But there are more specific reasons for the divergence.

Let’s dig into those by answering a set of common questions that pop up during performance audits.

What Does It Mean When PageSpeed Insights Says It Uses “Real-User Experience Data”?

This is a great question because it provides a lot of context for why it’s possible to get varying results from different performance auditing tools. In fact, when we say “real user data,” we’re really referring to two different types of data. And when discussing the two types of data, we’re actually talking about what is called real-user monitoring, or RUM for short.

Type 1: Chrome User Experience Report (CrUX)

What PSI means by “real-user experience data” is that it evaluates the performance data used to measure the core web vitals from your tests against the core web vitals data of actual real-life users. That real-life data is pulled from the Chrome User Experience (CrUX) report, a set of anonymized data collected from Chrome users — at least those who have consented to share data.

CrUX data is important because it is how web core vitals are measured, which, in turn, are a ranking factor for Google’s search results. Google focuses on the 75th percentile of users in the CrUX data when reporting core web vitals metrics. This way, the data represents a vast majority of users while minimizing the possibility of outlier experiences.

But it comes with caveats. For example, the data is pretty slow to update, refreshing every 28 days, meaning it is not the same as real-time monitoring. At the same time, if you plan on using the data yourself, you may find yourself limited to reporting within that floating 28-day range unless you make use of the CrUX History API or BigQuery to produce historical results you can measure against. CrUX is what fuels PSI and Google Search Console, but it is also available in other tools you may already use.

Barry Pollard, a web performance developer advocate for Chrome, wrote an excellent primer on the CrUX Report for Smashing Magazine.

Type 2: Full Real-User Monitoring (RUM)

If CrUX offers one flavor of real-user data, then we can consider “full real-user data” to be another flavor that provides even more in the way individual experiences, such as specific network requests made by the page. This data is distinct from CrUX because it’s collected directly by the website owner by installing an analytics snippet on their website.

Unlike CrUX data, full RUM pulls data from other users using other browsers in addition to Chrome and does so on a continual basis. That means there’s no waiting 28 days for a fresh set of data to see the impact of any changes made to a site.

You can see how you might wind up with different results in performance tests simply by the type of real-user monitoring (RUM) that is in use. Both types are useful, but

You might find that CrUX-based results are excellent for more of a current high-level view of performance than they are an accurate reflection of the users on your site because of that 28-day waiting period, which is where full RUM shines with more immediate results and a greater depth of information.

Does Lighthouse Use RUM Data, Too?

It does not! It uses synthetic data, or what we commonly call lab data. And, just like RUM, we can explain the concept of lab data by breaking it up into two different types.

Type 1: Observed Data

Observed data is performance as the browser sees it. So, instead monitoring real information collected from real users, observed data is more like defining the test conditions ourselves. For example, we could add throttling to the test environment to enforce an artificial condition where the test opens the page on a slower connection. You might think of it like racing a car in virtual reality, where the conditions are decided in advance, rather than racing on a live track where conditions may vary.

Type 2: Simulated Data

While we called that last type of data “observed data,” that is not an official industry term or anything. It’s more of a necessary label to help distinguish it from simulated data, which describes how Lighthouse (and many other tools that include Lighthouse in its feature set, such as PSI) applies throttling to a test environment and the results it produces.

The reason for the distinction is that there are different ways to throttle a network for testing. Simulated throttling starts by collecting data on a fast internet connection, then estimates how quickly the page would have loaded on a different connection. The result is a much faster test than it would be to apply throttling before collecting information. Lighthouse can often grab the results and calculate its estimates faster than the time it would take to gather the information and parse it on an artificially slower connection.

Simulated And Observed Data In Lighthouse

Simulated data is the data that Lighthouse uses by default for performance reporting. It’s also what PageSpeed Insights uses since it is powered by Lighthouse under the hood, although PageSpeed Insights also relies on real-user experience data from the CrUX report.

However, it is also possible to collect observed data with Lighthouse. This data is more reliable since it doesn’t depend on an incomplete simulation of Chrome internals and the network stack. The accuracy of observed data depends on how the test environment is set up. If throttling is applied at the operating system level, then the metrics match what a real user with those network conditions would experience. DevTools throttling is easier to set up, but doesn’t accurately reflect how server connections work on the network.

Limitations Of Lab Data

Lab data is fundamentally limited by the fact that it only looks at a single experience in a pre-defined environment. This environment often doesn’t even match the average real user on the website, who may have a faster network connection or a slower CPU. Continuous real-user monitoring can actually tell you how users are experiencing your website and whether it’s fast enough.

So why use lab data at all?

The biggest advantage of lab data is that it produces much more in-depth data than real user monitoring.

Google CrUX data only reports metric values with no debug data telling you how to improve your metrics. In contrast, lab reports contain a lot of analysis and recommendations on how to improve your page speed.

Why Is My Lighthouse LCP Score Worse Than The Real User Data?

It’s a little easier to explain different scores now that we’re familiar with the different types of data used by performance auditing tools. We now know that Google reports on the 75th percentile of real users when reporting web core vitals, which includes LCP.

“By using the 75th percentile, we know that most visits to the site (3 of 4) experienced the target level of performance or better. Additionally, the 75th percentile value is less likely to be affected by outliers. Returning to our example, for a site with 100 visits, 25 of those visits would need to report large outlier samples for the value at the 75th percentile to be affected by outliers. While 25 of 100 samples being outliers is possible, it is much less likely than for the 95th percentile case.”

Brian McQuade

On the flip side, simulated data from Lighthouse neither reports on real users nor accounts for outlier experiences in the same way that CrUX does. So, if we were to set heavy throttling on the CPU or network of a test environment in Lighthouse, we’re actually embracing outlier experiences that CrUX might otherwise toss out. Because Lighthouse applies heavy throttling by default, the result is that we get a worse LCP score in Lighthouse than we do PSI simply because Lighthouse’s data effectively looks at a slow outlier experience.

Why Is My Lighthouse CLS Score Better Than The Real User Data?

Just so we’re on the same page, Cumulative Layout Shift (CLS) measures the “visible stability” of a page layout. If you’ve ever visited a page, scrolled down it a bit before the page has fully loaded, and then noticed that your place on the page shifts when the page load is complete, then you know exactly what CLS is and how it feels.

The nuance here has to do with page interactions. We know that real users are capable of interacting with a page even before it has fully loaded. This is a big deal when measuring CLS because layout shifts often occur lower on the page after a user has scrolled down the page. CrUX data is ideal here because it’s based on real users who would do such a thing and bear the worst effects of CLS.

Lighthouse’s simulated data, meanwhile, does no such thing. It waits patiently for the full page load and never interacts with parts of the page. It doesn’t scroll, click, tap, hover, or interact in any way.

This is why you’re more likely to receive a lower CLS score in a PSI report than you’d get in Lighthouse. It’s not that PSI likes you less, but that the real users in its report are a better reflection of how users interact with a page and are more likely to experience CLS than simulated lab data.

Why Is Interaction to Next Paint Missing In My Lighthouse Report?

This is another case where it’s helpful to know the different types of data used in different tools and how that data interacts — or not — with the page. That’s because the Interaction to Next Paint (INP) metric is all about interactions. It’s right there in the name!

The fact that Lighthouse’s simulated lab data does not interact with the page is a dealbreaker for an INP report. INP is a measure of the latency for all interactions on a given page, where the highest latency — or close to it — informs the final score. For example, if a user clicks on an accordion panel and it takes longer for the content in the panel to render than any other interaction on the page, that is what gets used to evaluate INP.

So, when INP becomes an official core web vitals metric in March 2024, and you notice that it’s not showing up in your Lighthouse report, you’ll know exactly why it isn’t there.

Note: It is possible to script user flows with Lighthouse, including in DevTools. But that probably goes too deep for this article.

Why Is My Time To First Byte Score Worse For Real Users?

The Time to First Byte (TTFB) is what immediately comes to mind for many of us when thinking about page speed performance. We’re talking about the time between establishing a server connection and receiving the first byte of data to render a page.

TTFB identifies how fast or slow a web server is to respond to requests. What makes it special in the context of core web vitals — even though it is not considered a core web vital itself — is that it precedes all other metrics. The web server needs to establish a connection in order to receive the first byte of data and render everything else that core web vitals metrics measure. TTFB is essentially an indication of how fast users can navigate, and core web vitals can’t happen without it.

You might already see where this is going. When we start talking about server connections, there are going to be differences between the way that RUM data observes the TTFB versus how lab data approaches it. As a result, we’re bound to get different scores based on which performance tools we’re using and in which environment they are. As such, TTFB is more of a “rough guide,” as Jeremy Wagner and Barry Pollard explain:

“Websites vary in how they deliver content. A low TTFB is crucial for getting markup out to the client as soon as possible. However, if a website delivers the initial markup quickly, but that markup then requires JavaScript to populate it with meaningful content […], then achieving the lowest possible TTFB is especially important so that the client-rendering of markup can occur sooner. […] This is why the TTFB thresholds are a “rough guide” and will need to be weighed against how your site delivers its core content.”

Jeremy Wagner and Barry Pollard

So, if your TTFB score comes in higher when using a tool that relies on RUM data than the score you receive from Lighthouse’s lab data, it’s probably because of caches being hit when testing a particular page. Or perhaps the real user is coming in from a shortened URL that redirects them before connecting to the server. It’s even possible that a real user is connecting from a place that is really far from your web server, which takes a little extra time, particularly if you’re not using a CDN or running edge functions. It really depends on both the user and how you serve data.

Why Do Different Tools Report Different Core Web Vitals? What Values Are Correct?

This article has already introduced some of the nuances involved when collecting web vitals data. Different tools and data sources often report different metric values. So which ones can you trust?

When working with lab data, I suggest preferring observed data over simulated data. But you’ll see differences even between tools that all deliver high-quality data. That’s because no two tests are the same, with different test locations, CPU speeds, or Chrome versions. There’s no one right value. Instead, you can use the lab data to identify optimizations and see how your website changes over time when tested in a consistent environment.

Ultimately, what you want to look at is how real users experience your website. From an SEO standpoint, the 28-day Google CrUX data is the gold standard. However, it won’t be accurate if you’ve rolled out performance improvements over the last few weeks. Google also doesn’t report CrUX data for some high-traffic pages because the visitors may not be logged in to their Google profile.

Installing a custom RUM solution on your website can solve that issue, but the numbers won’t match CrUX exactly. That’s because visitors using browsers other than Chrome are now included, as are users with Chrome analytics reporting disabled.

Finally, while Google focuses on the fastest 75% of experiences, that doesn’t mean the 75th percentile is the correct number to look at. Even with good core web vitals, 25% of visitors may still have a slow experience on your website.

Wrapping Up

This has been a close look at how different performance tools audit and report on performance metrics, such as core web vitals. Different tools rely on different types of data that are capable of producing different results when measuring different performance metrics.

So, if you find yourself with a CLS score in Lighthouse that is far lower than what you get in PSI or DebugBear, go with the Lighthouse report because it makes you look better to the big boss. Just kidding! That difference is a big clue that the data between the two tools is uneven, and you can use that information to help diagnose and fix performance issues.

Are you looking for a tool to track lab data, Google CrUX data, and full real-user monitoring data? DebugBear helps you keep track of all three types of data in one place and optimize your page speed where it counts.

Categories: Others Tags:

Perks of Implementing DevOps into Your Business 

October 31st, 2023 No comments

Digitalization and implementation of innovative ideas are crucial for success in the changing stage of business and technology. DevOps services (DaaS) is a new cutting-edge concept that is changing the overall concept of the business and maintaining software. Also, it’s not hidden that DevOps has transformed the overall software business. And the service-based approach provides a window to a new era of possibilities.  

Implementation of DevOps services and solutions can assist you in streamlining the operations, enhancing collaboration, and leading your organization toward growth. Today, in this blog, we will be discussing ways through which you can enhance your business by incorporating DevOps, which will help your business move forward with proper speed, creativity, and low cost. 

Listed below are a few of the perks that will assist businesses in providing growth:  

Stimulating Time to Market  

In this ever-changing business world, DevOps is a ray of light that is assisting an organization to grow on the growing edge. By incorporating the overall potential of DevOps, a business can lead to a smooth path. With an organized development cycle, testing process, and continuous growth, DevOps has empowered teams to showcase their creativity and provide a meaningful pace. This will help businesses to get an opportunity to get new customers provide space and help in dealing with the competitors. In this growing era, DevOps has become a helping hand that is assisting organizations to grow and propel.  

Improving the Overall Collaboration and Communication 

It has been seen that communication can ease the overall business process and lead to the path to success. DevOps can easily bring the overall development process together, make the operations seamless, and make sure to provide cross-functional communication.  

Also, it supports an environment where they provide an open channel for enhanced communication and entertain the latest ideas and insights. Proper collaboration, helps firms to utilize and emerge with the latest tech. With enhanced communication, DevOps provides an opportunity to utilize the overall process and unlock the opportunities.  

Profound Stability  

With high quality, stability, and caliber these are the main pillars for providing customer satisfaction. With proper support and automation testing and looking after the overall software. These things empower businesses to locate problems, rectify issues, and provide enhanced quality of work.  

Scaling up the roots of the businesses is quite tough, and when someone provides an intact foundation for it. Then, the source turns concrete, and this way it carries proper support and delivers customer loyalty.  

Enhance Productivity and Efficiency  

DevOps services stand upfront when it comes to enhancing overall production and delivery efficiency. With its automation functionality, the team can easily tackle the overall problem save them with repetitive tasks, and enhance their productivity.  

This way you will be away from the monotonous work and fuel up your productivity, which allows you to make meaningful decisions and get result-oriented solutions. DevOps also acts as a catalyst and helps businesses to grow and be successful.  

Regular Feedback and Enhancement  

When we talk about distinction, feedback helps you to get success and enhance your overall path. With regular feedback users and businesses will be able to move towards a path of growth. It also assists you in getting success. 

The best part, with profound data, it will be easy to make decisions that are driven by data. This way overall customer services will be enhanced too. You will be moving a step towards a path to success and this way overall customer service will be enhanced too.  

Risk Management  

Risk pounders on every step of the business and DevOps is the most trusted partner when it comes to managing the overall risk. With its controlled feature and infrastructure as code, DevOps makes sure to provide you with safe, secure, and transparent control.  

When you incorporate these properties, your businesses will be able to gain huge popularity, which will help small businesses gain popularity and show visibility in every process. Also, it offers comfort and makes sure to distribute services aptly. DevOps has been like a parent who protects the business from any risks.  

Scalability and Flexibility 

When we consider scalability and flexibility, DevOps is considered to empower businesses and help them with the technology shift and demand. When we consider cloud-based infrastructure, DevOps can easily provide you with seamless adaptation. Businesses can easily scale up their overall infra and apps for managing work pressure and get enhanced performance.  

This new instance helps companies meet their demands without compromising their overall work. DevOps has become a catalyst for growing businesses so that they can reach heights with proper opportunities without any leakages.  

Conclusion

As we come to the closure, you might have understood the benefits that DevOps holds in the business sector. We are all astonished by its impact on the business. The best part: the overall solution is human-centric, which provides enhanced collaboration, and drives innovation in the organization. This also enhances the overall business and makes sure to provide the consumer with over-the-top solutions.  DevOps services and solutions have become the need of the business sector, for proper growth, risks, and regular improvements.

Featured image by RealToughCandy

The post Perks of Implementing DevOps into Your Business  appeared first on noupe.

Categories: Others Tags:

Live Streaming Platforms Comparison: Making The Right Choice

October 31st, 2023 No comments

Live streaming has become extremely popular and influential for brands, businesses, creators, and media outlets to engage audiences in real-time. But with many streaming platform options, it can take time to determine which one best suits your streaming needs. Comparing features and capabilities is vital to making the right choice. 

Here is an overview of critical platforms and factors to consider when selecting your live-stream solution.

Rumble Live Stream

Emerging platform Rumble Live Stream represents a new challenger in the crowded video streaming space, promising creators more independence and monetization leverage compared to mainstream giants like YouTube. The service enables influencers to broadcast real-time live content and engage audiences directly on Rumble. 

Interactive capabilities like live chat, screen sharing, tipping, and channel subscriptions aim to incentivize streamers. Rumble Live Stream promotes transparency and greater creator control over content and earnings. The platform hopes to draw a wide variety of streamers across political, gaming, entertainment and other verticals by positioning itself as a home for uncensored expression. 

While still dwarfed in size by the leading players, Rumble Live Stream offers creators another potential avenue to build their digital community and business through unfiltered live streaming and direct viewer engagement.

YouTube Live

With over 2 billion monthly users, YouTube is the world’s largest video platform. YouTube Live offers seamless integration for existing YouTube creators to go live and leverage their subscriber base. 

It has robust features like streaming up to 4K resolution, DVR to rewatch streams later, super chats for viewer payments, multi-camera switching capabilities, and integrates well with other YouTube tools. 

As an established platform, YouTube Live provides excellent viewer reach and discovery. Downsides can include moderation challenges within massive comment streams and less community building than other platforms.

Twitch

Image by myriammira on Freepik

Twitch specializes in gaming and esports streaming. It offers incredibly robust community tools for streamer/viewer interaction, including Stream labs integration, raids to redirect viewers to other channels, clipping highlights, and chatbots. 

Twitch is ideal for collaborative, engaging gaming broadcasts but supports different content verticals like music, sports, and creative arts. As an early live stream innovator, Twitch has an influential audience scale but less broad discovery versus YouTube. Subscriptions and channel points help monetize.

Facebook Live

With nearly 3 billion monthly Facebook users, Facebook Live offers unmatched access to gigantic built-in audiences ideal for brand reach. It allows multi-person streams and easy shareability across Facebook. 

Viewers can comment, react, and quickly find live streams. Facebook Live incentivizes viewer participation with comments prioritized in the feed. Downsides include fewer monetization options and community tools compared to other platforms. But for raw viewer numbers, it’s unmatched.

Instagram Live

Image by Freepik

For consumer brands and creators already active on Instagram, Instagram Live is a no-brainer add-on to drive real-time engagement. You can go live to your followers, interact via comments and Q&As, do dual streams with a guest, and post the replay as an IG Story. 

Seamless integration within Instagram makes it super convenient for mini broadcasts or supplemental content. Limitations include max 1-hour streams and smaller concurrent audience size versus standalone platforms.

LinkedIn Live

LinkedIn Live can be highly effective for B2B companies and thought leaders seeking to engage professional networks. LinkedIn’s focus on knowledge sharing and career building means informative broadcasts perform well. 

You can share live streams natively into your LinkedIn feed, Groups, and messaging. However, LinkedIn doesn’t allow multi-guest streaming and has fewer community and viewer interaction features than other platforms.

Vimeo Livestream

Vimeo Livestream shines for organizations and creators wanting a premium ad-free live streaming experience with high production value. It offers pristine HD quality streaming, customized branding, paywall and subscription options, marketing, and analytics tools, plus integration with Vimeo’s excellent VOD features. However, audience reach and discovery are smaller than mass market platforms. But for controlled high-quality broadcasts, Vimeo delivers.

Custom Multi-Stream Options

For advanced streaming events and productions, tools like Restream, StreamYard, and Switchboard enable broadcasting live video simultaneously to multiple platforms. This requires integrating APIs but allows access to wider audiences while controlling the experience across destinations. It does need more technical expertise to configure correctly.

Key Comparison Factors

When evaluating live streaming platforms, it’s crucial to consider your target audience, the streaming features available, how well the medium fits your content type, capabilities for building community, ease of use, video quality and reliability, options for monetization, and your overall goals. Be sure to review each platform’s specific terms of service since policies vary. Taking the time to dig into crucial comparison factors will help determine the best match:

Consider the built-in audience size and potential discovery the platform offers – can you tap into new viewers easily or only reach existing followers? Massive platforms like Facebook Live and YouTube Live provide access to billions of built-in users to aid discovery.

Conclusion 

Carefully weighing these key factors will guide your optimal platform choice aligned with your goals, audience, content focus, features needed, and resources. Pick one that fits your needs to maximize streaming success.

Featured image by Ismael Paramo on Unsplash

The post Live Streaming Platforms Comparison: Making The Right Choice appeared first on noupe.

Categories: Others Tags:

Tales Of November (2023 Wallpapers Edition)

October 31st, 2023 No comments

November tends to be rather gray in many parts of the world. So what better remedy could there be as some colorful inspiration? To bring some good vibes to your desktops and home screens, artists and designers from across the globe once again tickled their creative ideas and designed beautiful and inspiring wallpapers to welcome the new month.

The wallpapers in this collection all come in versions with and without a calendar for November 2023 and can be downloaded for free. And since so many unique designs have seen the light of day in the more than twelve years that we’ve been running this monthly wallpapers series, we also compiled a selection of November favorites from our archives at the end of the post. Maybe you’ll spot one of your almost-forgotten favorites in there, too? A big thank you to everyone who shared their designs with us this month — this post wouldn’t exist without you. Happy November!

  • You can click on every image to see a larger preview,
  • We respect and carefully consider the ideas and motivation behind each and every artist’s work. This is why we give all artists the full freedom to explore their creativity and express emotions and experience through their works. This is also why the themes of the wallpapers weren’t anyhow influenced by us but rather designed from scratch by the artists themselves.
  • Submit a wallpaper!
    Did you know that you could get featured in our next wallpapers post, too? We are always looking for creative talent.

Transition

“Inspired by the transition from autumn to winter.” — Designed by Tecxology from India.

Ghostly Gala

Designed by Bhabna Basak from India.

Journey Through November

“Step into the embrace of November’s beauty. On this National Hiking Day, let every trail lead you to a new discovery and every horizon remind you of nature’s wonders. Lace up, venture out, and celebrate the great outdoors.” — Designed by PopArt Studio from Serbia.

Bug

Designed by Ricardo Gimenes from Sweden.

Sunset Or Sunrise

“November is autumn in all its splendor. Earthy colors, falling leaves and afternoons in the warmth of the home. But it is also adventurous and exciting and why not, different. We sit in Bali contemplating Pura Ulun Danu Bratan. We don’t know if it’s sunset or dusk, but… does that really matter?” — Designed by Veronica Valenzuela Jimenez from Spain.

Harvesting A New Future

“Our team takes pride in aligning our volunteer initiatives with the 2030 Agenda for Sustainable Development’s ‘Zero Hunger’ goal. This goal reflects a global commitment to addressing food-related challenges comprehensively and sustainably, aiming to end hunger, ensure food security, improve nutrition, and promote sustainable agriculture. We encourage our team members to volunteer with non-profits they care about year-round. Explore local opportunities and use your skills to make a meaningful impact!” — Designed by Jenna Miller from Portland, OR.

Behavior Analysis

Designed by Ricardo Gimenes from Sweden.

Oldies But Goodies

Some things are just too good to be forgotten, so below you’ll find a selection of oldies but goodies from our wallpapers archives. Please note that these designs don’t come with a calendar.

Anbani

Anbani means alphabet in Georgian. The letters that grow on that tree are the Georgian alphabet. It’s very unique!” — Designed by Vlad Gerasimov from Georgia.

Cozy Autumn Cups And Cute Pumpkins

“Autumn coziness, which is created by fallen leaves, pumpkins, and cups of cocoa, inspired our designers for this wallpaper. — Designed by MasterBundles from Ukraine.

A Jelly November

“Been looking for a mysterious, gloomy, yet beautiful desktop wallpaper for this winter season? We’ve got you, as this month’s calendar marks Jellyfish Day. On November 3rd, we celebrate these unique, bewildering, and stunning marine animals. Besides adorning your screen, we’ve got you covered with some jellyfish fun facts: they aren’t really fish, they need very little oxygen, eat a broad diet, and shrink in size when food is scarce. Now that’s some tenacity to look up to.” — Designed by PopArt Studio from Serbia.

Colorful Autumn

“Autumn can be dreary, especially in November, when rain starts pouring every day. We wanted to summon better days, so that’s how this colourful November calendar was created. Open your umbrella and let’s roll!” — Designed by PopArt Studio from Serbia.

The Kind Soul

“Kindness drives humanity. Be kind. Be humble. Be humane. Be the best of yourself!” — Designed by Color Mean Creative Studio from Dubai.

Time To Give Thanks

Designed by Glynnis Owen from Australia.

Moonlight Bats

“I designed some Halloween characters and then this idea came to my mind — a bat family hanging around in the moonlight. A cute and scary mood is just perfect for autumn.” — Designed by Carmen Eisendle from Germany.

Outer Space

“We were inspired by the nature around us and the universe above us, so we created an out-of-this-world calendar. Now, let us all stop for a second and contemplate on preserving our forests, let us send birds of passage off to warmer places, and let us think to ourselves — if not on Earth, could we find a home somewhere else in outer space?” — Designed by PopArt Studio from Serbia.

Winter Is Here

Designed by Ricardo Gimenes from Sweden.

Go To Japan

“November is the perfect month to go to Japan. Autumn is beautiful with its brown colors. Let’s enjoy it!” — Designed by Veronica Valenzuela from Spain.

International Civil Aviation Day

“On December 7, we mark International Civil Aviation Day, celebrating those who prove day by day that the sky really is the limit. As the engine of global connectivity, civil aviation is now, more than ever, a symbol of social and economic progress and a vehicle of international understanding. This monthly calendar is our sign of gratitude to those who dedicate their lives to enabling everyone to reach their dreams.” — Designed by PopArt Studio from Serbia.

Tempestuous November

“By the end of autumn, ferocious Poseidon will part from tinted clouds and timid breeze. After this uneven clash, the sky once more becomes pellucid just in time for imminent luminous snow.” — Designed by Ana Masnikosa from Belgrade, Serbia.

Peanut Butter Jelly Time!

“November is the Peanut Butter Month so I decided to make a wallpaper around that. As everyone knows peanut butter goes really well with some jelly so I made two sandwiches, one with peanut butter and one with jelly. Together they make the best combination. I also think peanut butter tastes pretty good so that’s why I chose this for my wallpaper.” — Designed by Senne Mommens from Belgium.

On The Edge Of Forever

“November has always reminded me of the famous Guns N’ Roses song, so I’ve decided to look at its meaning from a different perspective. The story in my picture takes place somewhere in space, where a young guy beholds a majestic meteor shower and wonders about the mysteries of the universe.” — Designed by Aliona Voitenko from Ukraine.

Me And The Key Three

Designed by Bart Bonte from Belgium.

Mushroom Season

“It is autumn! It is raining and thus… it is mushroom season! It is the perfect moment to go to the forest and get the best mushrooms to do the best recipe.” — Designed by Verónica Valenzuela from Spain.

Welcome Home Dear Winter

“The smell of winter is lingering in the air. The time to be home! Winter reminds us of good food, of the warmth, the touch of a friendly hand, and a talk beside the fire. Keep calm and let us welcome winter.” — Designed by Acodez IT Solutions from India.

A Gentleman’s November

Designed by Cedric Bloem from Belgium.

Sailing Sunwards

“There’s some pretty rough weather coming up these weeks. Thinking about November makes me want to keep all the warm thoughts in mind. I’d like to wish everyone a cozy winter.” — Designed by Emily Trbl. Kunstreich from Germany.

Hold On

“We have to acknowledge that some things are inevitable, like winter. Let’s try to hold on until we can, and then embrace the beautiful season.” — Designed by Igor Izhik from Canada.

Hello World, Happy November

“I often read messages at Smashing Magazine from the people in the southern hemisphere ‘it’s spring, not autumn!’ so I wanted to design a wallpaper for the northern and the southern hemispheres. Here it is, northerners and southerns, hope you like it!” — Designed by Agnes Swart from the Netherlands.

Snoop Dog

Designed by Ricardo Gimenes from Sweden.

No Shave Movember

“The goal of Movember is to ‘change the face of men’s health.’” — Designed by Suman Sil from India.

Deer Fall, I Love You

Designed by Maria Porter from the United States.

Autumn Choir

Designed by Hatchers from Ukraine / China.

Late Autumn

“The late arrival of Autumn.” Designed by Maria Castello Solbes from Spain.

Categories: Others Tags:

Passkeys: A No-Frills Explainer On The Future Of Password-Less Authentication

October 30th, 2023 No comments

Passkeys are a new way of authenticating applications and websites. Instead of having to remember a password, a third-party service provider (e.g., Google or Apple) generates and stores a cryptographic key pair that is bound to a website domain. Since you have access to the service provider, you have access to the keys, which you can then use to log in.

This cryptographic key pair contains both private and public keys that are used for authenticating messages. These key pairs are often known as asymmetric or public key cryptography.

Public and private key pair? Asymmetric cryptography? Like most modern technology, passkeys are described by esoteric verbiage and acronyms that make them difficult to discuss. That’s the point of this article. I want to put the complex terms aside and help illustrate how passkeys work, explain what they are effective at, and demonstrate what it looks like to work with them.

How Passkeys Work

Passkeys are cryptographic keys that rely on generating signatures. A signature is proof that a message is authentic. How so? It happens first by hashing (a fancy term for “obscuring”) the message and then creating a signature from that hash with your private key. The private key in the cryptographic key pair allows the signature to be generated, and the public key, which is shared with others, allows the service to verify that the message did, in fact, come from you.

In short, passkeys consist of two keys: a public and private. One verifies a signature while the other verifies you, and the communication between them is what grants you access to an account.

Here’s a quick way of generating a signing and verification key pair to authenticate a message using the SubtleCrypto API. While this is only part of how passkeys work, it does illustrate how the concept works cryptographically underneath the specification.

const message = new TextEncoder().encode("My message");

const keypair = await crypto.subtle.generateKey(
  { name: "ECDSA", namedCurve: "P-256" },
  true,
  [ 'sign', 'verify' ]
);

const signature = await crypto.subtle.sign(
  { name: "ECDSA", hash: "SHA-256" },
  keypair.privateKey,
  message
);

// Normally, someone else would be doing the verification using your public key
// but it's a bit easier to see it yourself this way
console.log(
  "Did my private key sign this message?",
  await crypto.subtle.verify(
    { name: "ECDSA", hash: "SHA-256" },
    keypair.publicKey,
    signature,
    message
  )
);

Notice the three parts pulling all of this together:

  1. Message: A message is constructed.
  2. Key pair: The public and private keys are generated. One key is used for the signature, and the other is set to do the verification.
  3. Signature: A signature is signed by the private key, verifying the message’s authenticity.

From there, a third party would authenticate the private key with the public key, verifying the correct pair of keys or key pair. We’ll get into the weeds of how the keys are generated and used in just a bit, but for now, this is some context as we continue to understand why passkeys can potentially erase the need for passwords.

Why Passkeys Can Replace Passwords

Since the responsibility of storing passkeys is removed and transferred to a third-party service provider, you only have to control the “parent” account in order to authenticate and gain access. This is a lot like requiring single sign-on (SSO) for an account via Google, Facebook, or LinkedIn, but instead, we use an account that has control of the passkey stored for each individual website.

For example, I can use my Google account to store passkeys for somerandomwebsite.com. That allows me to prove a challenge by using that passkey’s private key and thus authenticate and log into somerandomwebsite.com.

For the non-tech savvy, this typically looks like a prompt that the user can click to log in. Since the credentials (i.e., username and password) are tied to the domain name (somerandomwebsite.com), and passkeys created for a domain name are only accessible to the user at login, the user can select which passkey they wish to use for access. This is usually only one login, but in some cases, you can create multiple logins for a single domain and then select which one you wish to use from there.

So, what’s the downside? Having to store additional cryptographic keys for each login and every site for which you have a passkey often requires more space than storing a password. However, I would argue that the security gains, the user experience from not having to remember a password, and the prevention of common phishing techniques more than offset the increased storage space.

How Passkeys Protect Us

Passkeys prevent a couple of security issues that are quite common, specifically leaked database credentials and phishing attacks.

Database Leaks

Have you ever shared a password with a friend or colleague by copying and pasting it for them in an email or text? That could lead to a security leak. So would a hack on a system that stores customer information, like passwords, which is then sold on dark marketplaces or made public. In many cases, it’s a weak set of credentials — like an email and password combination — that can be stolen with a fair amount of ease.

Passkeys technology circumvents this because passkeys only store a public key to an account, and as you may have guessed by the name, this key is expected to be made accessible to anyone who wants to use it. The public key is only used for verification purposes and, for the intended use case of passkeys, is effectively useless without the private key to go with it, as the two are generated as a pair. Therefore, those previous juicy database leaks are no longer useful, as they can no longer be used for cracking the password for your account. Cracking a similar private key would take millions of years at this point in time.

Phishing

Passwords rely on knowing what the password is for a given login: anyone with that same information has the same level of access to the same account as you do. There are sophisticated phishing sites that look like they’re by Microsoft or Google and will redirect you to the real provider after you attempt to log into their fake site. The damage is already done at that point; your credentials are captured, and hopefully, the same credentials weren’t being used on other sites, as now you’re compromised there as well.

A passkey, by contrast, is tied to a domain. You gain a new element of security: the fact that only you have the private key. Since the private key is not feasible to remember nor computationally easy to guess, we can guarantee that you are who you say we are (at least as long as your passkey provider is not compromised). So, that fake phishing site? It will not even show the passkey prompt because the domain is different, and thus completely mitigates phishing attempts.

There are, of course, theoretical attacks that can make passkeys vulnerable, like someone compromising your DNS server to send you to a domain that now points to their fake site. That said, you probably have deeper issues to concern yourself with if it gets to that point.

Implementing Passkeys

At a high level, a few items are needed to start using passkeys, at least for the common sign-up and log-in process. You’ll need a temporary cache of some sort, such as redis or memcache, for storing temporary challenges that users can authenticate against, as well as a more permanent data store for storing user accounts and their public key information, which can be used to authenticate the user over the course of their account lifetime. These aren’t hard requirements but rather what’s typical of what would be developed for this kind of authentication process.

To understand passkeys properly, though, we want to work through a couple of concepts. The first concept is what is actually taking place when we generate a passkey. How are passkeys generated, and what are the underlying cryptographic primitives that are being used? The second concept is how passkeys are used to verify information and why that information can be trusted.

Generating Passkeys

A passkey involves an authenticator to generate the key pair. The authenticator can either be hardware or software. For example, it can be a hardware security key, the operating system’s Trusted Platform Module (TPM), or some other application. In the cases of Android or iOS, we can use the device’s secure enclave.

To connect to an authenticator, we use what’s called the Client to Authenticator Protocol (CTAP). CTAP allows us to connect to hardware over different connections through the browser. For example, we can connect via CTAP using an NFC, Bluetooth, or a USB connection. This is useful in cases where we want to log in on one device while another device contains our passkeys, as is the case on some operating systems that do not support passkeys at the time of writing.

A passkey is built off another web API called WebAuthn. While the APIs are very similar, the WebAuthn API differs in that passkeys allow for cloud syncing of the cryptographic keys and do not require knowledge of whom the user is to log in, as that information is stored in a passkey with its Relying Party (RP) information. The two APIs otherwise share the same flows and cryptographic operations.

Storing Passkeys

Let’s look at an extremely high-level overview of how I’ve stored and kept track of passkeys in my demo repo. This is how the database is structured.

Basically, a users table has public_keys, which, in turn, contains information about the public key, as well as the public key itself.

From there, I’m caching certain information, including challenges to verify authenticity and data about the sessions in which the challenges take place.

Again, this is only a high-level look to give you a clearer idea of what information is stored and how it is stored.

Verifying Passkeys

There are several entities involved in passkey:

  1. The authenticator, which we previously mentioned, generates our key material.
  2. The client that triggers the passkey generation process via the navigator.credentials.create call.
  3. The Relying Party takes the resulting public key from that call and stores it to be used for subsequent verification.

In our case, you are the client and the Relying Party is the website server you are trying to sign up and log into. The authenticator can either be your mobile phone, a hardware key, or some other device capable of generating your cryptographic keys.

Passkeys are used in two phases: the attestation phase and the assertion phase. The attestation phase is likened to a registration that you perform when first signing up for a service. Instead of an email and password, we generate a passkey.

Assertion is similar to logging in to a service after we are registered, and instead of verifying with a username and password, we use the generated passkey to access the service.

Each phase initially requires a random challenge generated by the Relying Party, which is then signed by the authenticator before the client sends the signature back to the Relying Party to prove account ownership.

Browser API Usage

We’ll be looking at how the browser constructs and supplies information for passkeys so that you can store and utilize it for your login process. First, we’ll start with the attestation phase and then the assertion phase.

Attest To It

The following shows how to create a new passkey using the navigator.credentials.create API. From it, we receive an AuthenticatorAttestationResponse, and we want to send portions of that response to the Relying Party for storage.

const { challenge } = await (await fetch("/attestation/generate")).json(); // Server call mock to get a random challenge

const options = {
 // Our challenge should be a base64-url encoded string
 challenge: new TextEncoder().encode(challenge),
 rp: {
  id: window.location.host,
  name: document.title,
 },
 user: {
  id: new TextEncoder().encode("my-user-id"),
  name: 'John',
  displayName: 'John Smith',
 },
 pubKeyCredParams: [ // See COSE algorithms for more: https://www.iana.org/assignments/cose/cose.xhtml#algorithms
  {
   type: 'public-key',
   alg: -7, // ES256
  },
  {
   type: 'public-key',
   alg: -256, // RS256
  },
  {
   type: 'public-key',
   alg: -37, // PS256
  },
 ],
 authenticatorSelection: {
  userVerification: 'preferred', // Do you want to use biometrics or a pin?
  residentKey: 'required', // Create a resident key e.g. passkey
 },
 attestation: 'indirect', // indirect, direct, or none
 timeout: 60_000,
};

// Create the credential through the Authenticator
const credential = await navigator.credentials.create({
 publicKey: options
});

// Our main attestation response. See: https://developer.mozilla.org/en-US/docs/Web/API/AuthenticatorAttestationResponse
const attestation = credential.response as AuthenticatorAttestationResponse;

// Now send this information off to the Relying Party
// An unencoded example payload with most of the useful information
const payload = {
 kid: credential.id,
 clientDataJSON: attestation.clientDataJSON,
 attestationObject: attestation.attestationObject,
 pubkey: attestation.getPublicKey(),
 coseAlg: attestation.getPublicKeyAlgorithm(),
};

The AuthenticatorAttestationResponse contains the clientDataJSON as well as the attestationObject. We also have a couple of useful methods that save us from trying to retrieve the public key from the attestationObject and retrieving the COSE algorithm of the public key: getPublicKey and getPublicKeyAlgorithm.

Let’s dig into these pieces a little further.

Parsing The Attestation clientDataJSON

The clientDataJSON object is composed of a few fields we need. We can convert it to a workable object by decoding it and then running it through JSON.parse.

type DecodedClientDataJSON = {
 challenge: string,
 origin: string,
 type: string
};

const decoded: DecodedClientDataJSON = JSON.parse(new TextDecoder().decode(attestation.clientDataJSON));
const {
 challenge,
 origin,
 type
} = decoded;

Now we have a few fields to check against: challenge, origin, type.

Our challenge is the Base64-url encoded string that was passed to the server. The origin is the host (e.g., https://my.passkeys.com) of the server we used to generate the passkey. Meanwhile, the type is webauthn.create. The server should verify that all the values are expected when parsing the clientDataJSON.

Decoding TheattestationObject

The attestationObject is a CBOR encoded object. We need to use a CBOR decoder to actually see what it contains. We can use a package like cbor-x for that.

import { decode } from 'cbor-x/decode';

enum DecodedAttestationObjectFormat {
  none = 'none',
  packed = 'packed',
}
type DecodedAttestationObjectAttStmt = {
  x5c?: Uint8Array[];
  sig?: Uint8Array;
};

type DecodedAttestationObject = {
  fmt: DecodedAttestationObjectFormat;
  authData: Uint8Array;
  attStmt: DecodedAttestationObjectAttStmt;
};

const decodedAttestationObject: DecodedAttestationObject = decode(
 new Uint8Array(attestation.attestationObject)
);

const {
 fmt,
 authData,
 attStmt,
} = decodedAttestationObject;

fmt will often be evaluated to "none" here for passkeys. Other types of fmt are generated through other types of authenticators.

Accessing authData

The authData is a buffer of values with the following structure:

Name Length (bytes) Description
rpIdHash 32 This is the SHA-256 hash of the origin, e.g., my.passkeys.com.
flags 1 Flags determine multiple pieces of information (specification).
signCount 4 This should always be 0000 for passkeys.
attestedCredentialData variable This will contain credential data if it’s available in a COSE key format.
extensions variable These are any optional extensions for authentication.

It is recommended to use the getPublicKey method here instead of manually retrieving the attestedCredentialData.

A Note About The attStmt Object

This is often an empty object for passkeys. However, in other cases of a packed format, which includes the sig, we will need to perform some authentication to verify the sig. This is out of the scope of this article, as it often requires a hardware key or some other type of device-based login.

Retrieving The Encoded Public Key

The getPublicKey method can retrieve the Subject Public Key Info (SPKI) encoded version of the public key, which is a different from the COSE key format (more on that next) within the attestedCredentialData that the decodedAttestationObject.attStmt has. The SPKI format has the benefit of being compatible with a Web Crypto importKey function to more easily verify assertion signatures in the next phase.

// Example of importing attestation public key directly into Web Crypto
const pubkey = await crypto.subtle.importKey(
  'spki',
  attestation.getPublicKey(),
  { name: "ECDSA", namedCurve: "P-256" },
  true,
  ['verify']
);

Generating Keys With COSE Algorithms

The algorithms that can be used to generate cryptographic material for a passkey are specified by their COSE Algorithm. For passkeys generated for the web, we want to be able to generate keys using the following algorithms, as they are supported natively in Web Crypto. Personally, I prefer ECDSA-based algorithms since the key sizes are quite a bit smaller than RSA keys.

The COSE algorithms are declared in the pubKeyCredParams array within the AuthenticatorAttestationResponse. We can retrieve the COSE algorithm from the attestationObject with the getPublicKeyAlgorithm method. For example, if getPublicKeyAlgorithm returned -7, we’d know that the key used the ES256 algorithm.

Name Value Description
ES512 -36 ECDSA w/ SHA-512
ES384 -35 ECDSA w/ SHA-384
ES256 -7 ECDSA w/ SHA-256
RS512 -259 RSASSA-PKCS1-v1_5 using SHA-512
RS384 -258 RSASSA-PKCS1-v1_5 using SHA-384
RS256 -257 RSASSA-PKCS1-v1_5 using SHA-256
PS512 -39 RSASSA-PSS w/ SHA-512
PS384 -38 RSASSA-PSS w/ SHA-384
PS256 -37 RSASSA-PSS w/ SHA-256

Responding To The Attestation Payload

I want to show you an example of a response we would send to the server for registration. In short, the safeByteEncode function is used to change the buffers into Base64-url encoded strings.

type AttestationCredentialPayload = {
  kid: string;
  clientDataJSON: string;
  attestationObject: string;
  pubkey: string;
  coseAlg: number;
};

const payload: AttestationCredentialPayload = {
  kid: credential.id,
  clientDataJSON: safeByteEncode(attestation.clientDataJSON),
  attestationObject: safeByteEncode(attestation.attestationObject),
  pubkey: safeByteEncode(attestation.getPublicKey() as ArrayBuffer),
  coseAlg: attestation.getPublicKeyAlgorithm(),
};

The credential id (kid) should always be captured to look up the user’s keys, as it will be the primary key in the public_keys table.

From there:

  1. The server would check the clientDataJSON to ensure the same challenge is used.
  2. The origin is checked, and the type is set to webauthn.create.
  3. We check the attestationObject to ensure it has an fmt of none, the rpIdHash of the authData, as well as any flags and the signCount.

Optionally, we could check to see if the attestationObject.attStmt has a sig and verify the public key against it, but that’s for other types of WebAuthn flows we won’t go into.

We should store the public key and the COSE algorithm in the database at the very least. It is also beneficial to store the attestationObject in case we require more information for verification. The signCount is always incremented on every login attempt if supporting other types of WebAuthn logins; otherwise, it should always be for 0000 for a passkey.

Asserting Yourself

Now we have to retrieve a stored passkey using the navigator.credentials.get API. From it, we receive the AuthenticatorAssertionResponse, which we want to send portions of to the Relying Party for verification.

const { challenge } = await (await fetch("/assertion/generate")).json(); // Server call mock to get a random challenge

const options = {
  challenge: new TextEncoder().encode(challenge),
  rpId: window.location.host,
  timeout: 60_000,
};

// Sign the challenge with our private key via the Authenticator
const credential = await navigator.credentials.get({
  publicKey: options,
  mediation: 'optional',
});

// Our main assertion response. See: <https://developer.mozilla.org/en-US/docs/Web/API/AuthenticatorAssertionResponse>
const assertion = credential.response as AuthenticatorAssertionResponse;

// Now send this information off to the Relying Party
// An example payload with most of the useful information
const payload = {
  kid: credential.id,
  clientDataJSON: safeByteEncode(assertion.clientDataJSON),
  authenticatorData: safeByteEncode(assertion.authenticatorData),
  signature: safeByteEncode(assertion.signature),
};

The AuthenticatorAssertionResponse again has the clientDataJSON, and now the authenticatorData. We also have the signature that needs to be verified with the stored public key we captured in the attestation phase.

Decoding The Assertion clientDataJSON

The assertion clientDataJSON is very similar to the attestation version. We again have the challenge, origin, and type. Everything is the same, except the type is now webauthn.get.

type DecodedClientDataJSON = {
  challenge: string,
  origin: string,
  type: string
};

const decoded: DecodedClientDataJSON = JSON.parse(new TextDecoder().decode(assertion.clientDataJSON));
const {
  challenge,
  origin,
  type
} = decoded;

Understanding The authenticatorData

The authenticatorData is similar to the previous attestationObject.authData, except we no longer have the public key included (e.g., the attestedCredentialData ), nor any extensions.

Name Length (bytes) Description
rpIdHash 32 This is a SHA-256 hash of the origin, e.g., my.passkeys.com.
flags 1 Flags that determine multiple pieces of information (specification).
signCount 4 This should always be 0000 for passkeys, just as it should be for authData.

Verifying The signature

The signature is what we need to verify that the user trying to log in has the private key. It is the result of the concatenation of the authenticatorData and clientDataHash (i.e., the SHA-256 version of clientDataJSON).

To verify with the public key, we need to also concatenate the authenticatorData and clientDataHash. If the verification returns true, we know that the user is who they say they are, and we can let them authenticate into the application.

Here’s an example of how this is calculated:

const clientDataHash = await crypto.subtle.digest(
  'SHA-256',
  assertion.clientDataJSON
);
// For concatBuffer see: <https://github.com/nealfennimore/passkeys/blob/main/src/utils.ts#L31>
const data = concatBuffer(
  assertion.authenticatorData,
  clientDataHash
);

// NOTE: the signature from the assertion is in ASN.1 DER encoding. To get it working with Web Crypto
//We need to transform it into r|s encoding, which is specific for ECDSA algorithms)
//
// For fromAsn1DERtoRSSignature see: <https://github.com/nealfennimore/passkeys/blob/main/src/crypto.ts#L60>'
const isVerified = await crypto.subtle.verify(
  { name: 'ECDSA', hash: 'SHA-256' },
  pubkey,
  fromAsn1DERtoRSSignature(signature, 256),
  data
);

Sending The Assertion Payload

Finally, we get to send a response to the server with the assertion for logging into the application.

type AssertionCredentialPayload = {
  kid: string;
  clientDataJSON: string;
  authenticatorData: string;
  signature: string;
};

const payload: AssertionCredentialPayload = {
  kid: credential.id,
  clientDataJSON: safeByteEncode(assertion.clientDataJSON),
  authenticatorData: safeByteEncode(assertion.authenticatorData),
  signature: safeByteEncode(assertion.signature),
};

To complete the assertion phase, we first look up the stored public key, kid.

Next, we verify the following:

  • clientDataJSON again to ensure the same challenge is used,
  • The origin is the same, and
  • That the type is webauthn.get.

The authenticatorData can be used to check the rpIdHash, flags, and the signCount one more time. Finally, we take the signature and ensure that the stored public key can be used to verify that the signature is valid.

At this point, if all went well, the server should have verified all the information and allowed you to access your account! Congrats — you logged in with passkeys!

No More Passwords?

Do passkeys mean the end of passwords? Probably not… at least for a while anyway. Passwords will live on. However, there’s hope that more and more of the industry will begin to use passkeys. You can already find it implemented in many of the applications you use every day.

Passkeys was not the only implementation to rely on cryptographic means of authentication. A notable example is SQRL (pronounced “squirrel”). The industry as a whole, however, has decided to move forth with passkeys.

Hopefully, this article demystified some of the internal workings of passkeys. The industry as a whole is going to be using passkeys more and more, so it’s important to at least get acclimated. With all the security gains that passkeys provide and the fact that it’s resistant to phishing attacks, we can at least be more at ease browsing the internet when using them.

Categories: Others Tags:

What I Wish I Knew About Working In Development Right Out Of School

October 27th, 2023 No comments

My journey in front-end web development started after university. I had no idea what I was going into, but it looked easy enough to get my feet wet at first glance. I dug around Google and read up on tons of blog posts and articles about a career in front-end. I did bootcamps and acquired a fancy laptop. I thought I was good to go and had all I needed.

Then reality started to kick in. It started when I realized how vast of a landscape Front-End Land is. There are countless frameworks, techniques, standards, workflows, and tools — enough to fill a virtual Amazon-sized warehouse. Where does someone so new to the industry even start? My previous research did nothing to prepare me for what I was walking into.

Fast-forward one year, and I feel like I’m beginning to find my footing. By no means do I consider myself a seasoned veteran at the moment, but I have enough road behind me to reflect back on what I’ve learned and what I wish I knew about the realities of working in front-end development when starting out. This article is about that.

The Web Is Big Enough For Specializations

At some point in my journey, I enrolled myself in a number of online courses and bootcamps to help me catch up on everything from data analytics to cybersecurity to software engineering at the same time. These were things I kept seeing pop up in articles. I was so confused; I believed all of these disciplines were interchangeable and part of the same skill set.

But that is just what they are: disciplines.

What I’ve come to realize is that being an “expert” in everything is a lost cause in the ever-growing World Wide Web.

Sure, it’s possible to be generally familiar with a wide spectrum of web-related skills, but it’s hard for me to see how to develop “deep” learning of everything. There will be weak spots in anyone’s skillset.

It would take a lifetime masterclass to get everything down-pat. Thank goodness there are ways to specialize in specific areas of the web, whether it is accessibility, performance, standards, typography, animations, interaction design, or many others that could fill the rest of this article. It’s OK to be one developer with a small cocktail of niche specialties. We need to depend on each other as much as any Node package in a project relies on a number of dependencies.

Burnout And Imposter Syndrome Are Real

My initial plan for starting my career was to master as many skills as possible and start making a living within six months. I figured if I could have a wide set of strong skills, then maybe I could lean on one of them to earn money and continue developing the rest of my skills on my way to becoming a full-stack developer.

I got it wrong. It turned out that I was chasing my tail in circles, trying to be everything to everyone. Just as I’d get an “a-ha!” moment learning one thing, I’d see some other new framework, CSS feature, performance strategy, design system, and so on in my X/Twitter feed that was calling my attention. I never really did get a feeling of accomplishment; it was more a fear of missing out and that I was an imposter disguised as a front-ender.

I continued burning the candle at both ends to absorb everything in my path, thinking I might reach some point at which I could call myself a full-stack developer and earn the right to slow down and coast with my vast array of skills. But I kept struggling to keep up and instead earned many sleepless nights cramming in as much information as I could.

Burnout is something I don’t wish on anyone. I was tired and mentally stressed. I could have done better. I engaged in every Twitter space or virtual event I could to learn a new trick and land a steady job. Imagine that, with my busy schedule, I still pause it to listen to hours of online events. I had an undying thirst for knowledge but needed to channel it in the right direction.

We Need Each Other

I had spent so much time and effort consuming information with the intensity of a firehose running at full blast that I completely overlooked what I now know is an essential asset in this industry: a network of colleagues.

I was on my own. Sure, I was sort of engaging with others by reading their tutorials, watching their video series, reading their social posts, and whatnot. But I didn’t really know anyone personally. I became familiar with all the big names you probably know as well, but it’s not like I worked or even interacted with anyone directly.

What I know now is that I needed personal advice every bit as much as more technical information. It often takes the help of someone else to learn how to ride a bike, so why wouldn’t it be the same for writing code?

Having a mentor or two would have helped me maintain balance throughout my technical bike ride, and now I wish I had sought someone out much earlier.

I should have asked for help when I needed it rather than stubbornly pushing forward on my own. I was feeding my burnout more than I was making positive progress.

Start With The Basics, Then Scale Up

My candid advice from my experience is to start learning front-end fundamentals. HTML and CSS are unlikely to go away. I mean, everything parses in HTML at the end of the day, right? And CSS is used on 97% of all websites.

The truth is that HTML and CSS are big buckets, even if they are usually discounted as “basic” or “easy” compared to traditional programming languages. Writing them well matters for everything. Sure, go ahead and jump straight to JavaScript, and it’s possible to cobble together a modern web app with an architecture of modular components. You’ll still need to know how your work renders and ensure it’s accessible, semantic, performant, cross-browser-supported, and responsive. You may pick those skills up along the way, but why not learn them up-front when they are essential to a good user experience?

So, before you click on yet another link extolling the virtues of another flavor of JavaScript framework, my advice is to start with the essentials:

  • What is a “semantic” HTML element?
  • What is the CSS Box Model, and why does it matter?
  • How does the CSS Cascade influence the way we write styles?
  • How does a screenreader announce elements on a page?
  • What is the difference between inline and block elements?
  • Why do we have logical properties in CSS when we already have physical ones?
  • What does it mean to create a stacking context or remove an element from the document flow?
  • How do certain elements look in one browser versus another?

The list could go on and on. I bet many of you know the answers. I wonder, though, how many you could explain effectively to someone beginning a front-end career. And, remember, things change. New standards are shipped, new tricks are discovered, and certain trends will fade as quickly as they came. While staying up-to-date with front-end development on a macro level is helpful, I’ve learned to integrate specific new technologies and strategies into my work only when I have a use case for them and concentrate more on my own learning journey — establish a solid foundation with the essentials, then progress to real-life projects.

Progress is a process. May as well start with evergreen information and add complexity to your knowledge when you need it instead of drinking from the firehose at all times.

There’s A Time And Place For Everything

I’ll share a personal story. I spent over a month enrolled in a course on React. I even had to apply for it first, so it was something I had to be accepted into — and I was! I was super excited.

I struggled in the class, of course. And, yes, I dropped out of the program after the first month.

I don’t believe struggling with the course or dropping out of it is any indication of my abilities. I believe it has a lot more to do with timing. The honest truth is that I thought learning React before the fundamentals of front-end development was the right thing to do. React seemed to be the number one thing that everyone was blogging about and what every employer was looking for in a new hire. The React course I was accepted into was my ticket to a successful and fulfilling career!

My motive was right, but I was not ready for it. I should have stuck with the basics and scaled up when I was good and ready to move forward. Instead of building up, I took a huge shortcut and wound up paying for it in the end, both in time and money.

That said, there’s probably no harm in dipping your toes in the water even as you learn the basics. There are plenty of events, hackathons, and coding challenges that offer safe places to connect and collaborate with others. Engaging in some of these activities early on may be a great learning opportunity to see how your knowledge supports or extends someone else’s skills. It can help you see where you fit in and what considerations go into real-life projects that require other people.

There was a time and place for me to learn React. The problem is I jumped the gun and channeled my learning energy in the wrong direction.

If I Had To Do It All Over Again…

This is the money question, right? Everyone wants to know exactly where to start, which classes to take, what articles to read, who to follow on socials, where to find jobs, and so on. The problem with highly specific advice like this is that it’s highly personalized as well. In other words, what has worked for me may not exactly be the right recipe for you.

It’s not the most satisfying answer, but the path you take really does depend on what you want to do and where you want to wind up. Aside from gaining a solid grasp on the basics, I wouldn’t say your next step is jumping into React when your passion is web typography. Both are skill sets that can be used together but are separate areas of concern that have different learning paths.

So, what would I do differently if I had the chance to do this all over again?

For starters, I wouldn’t skip over the fundamentals like I did. I would probably find opportunities to enhance my skills in those areas, like taking the FreeCodeCamp’s responsive web design course or practice recreating designs from the Figma community in CodePen to practice thinking strategically about structuring my code. Then, I might move on to the JavaScript Algorithms and Data Structures course to level up basic JavaScript skills.

The one thing I know I would do right away, though, is to find a mentor whom I can turn to when I start feeling as though I’m struggling and falling off track.

Or maybe I should have started by learning how to learn in the first place. Figuring out what kind of learner I am and familiarizing myself with learning strategies that help me manage my time and energy would have gone a long way.

Oh, The Places You’ll Go!

Front-end development is full of opinions. The best way to navigate this world is by mastering the basics. I shared my journey, mistakes, and ways of doing things differently if I were to start over. Rather than prescribing you a specific way of going about things or giving you an endless farm of links to all of the available front-end learning resources, I’ll share a few that I personally found helpful.

In the end, I’ve found that I care a lot about contributing to open-source projects, participating in hackathons, having a learning plan, and interacting with mentors who help me along the way, so those are the buckets I’m organizing things into.

Open Source Programs

Hackathons

Developer Roadmaps

Mentorship

Whatever your niche is, wherever your learning takes you, just make sure it’s yours. What works for one person may not be the right path for you, so spend time exploring the space and picking out what excites you most. The web is big, and there is a place for everyone to shine, especially you.

Categories: Others Tags: