Tilde Lowengrimm on Nostr: This post comes to you from a long tradition of "Go forth, be free!" knowledge, ...
This post comes to you from a long tradition of "Go forth, be free!" knowledge, including:
Permission to never again care about the concept of "factors" when it comes to authentication. This is a real permission slip from a real security professional which you can absolutely pull out when dealing with anyone who demands that you count authentication "factors".
Freedom from password rotation or complexity requirements. You never have to do them again! In fact, password expiry & composition rules are not just no longer recommended; they are forbidden.
Freedom from ever doing anything with pronoun or name fields except store and display them exactly as provided. (This freedom revokes permission to ever parse, split or concatenate names. Honestly, this one needs a little more explanation to truly free you. But long story short, never try to assemble or disassemble name string into other name strings. Want someone's personal name? Ask for it. Want someone's full name? Ask for it. Do not try to smush together a personal name field with a family name field to create a full name or vice versa. Do not do anything of the sort.
Liberation from the word "user", and especially the concept of "our users". (This one still needs a writeup, sorry.) Do not call people who use something "users", even if the thing they are using is fentanyl. Just like in so many other domains, they are a person first — a person who uses the thing. This especially frees you from the brainworm of thinking about "our users". They aren't yours. They are people who use the thing you made. You have no dominion over them. It takes a little getting used to, but I promise that this one weird trick will improve the way you think.
Also from the Sapir-Whorf department: you don't need to "trust" things. Trust is a slippery verb. It can refer to several different dimensions, like honestly or proficiency (which are pretty orthogonal). Instead, I invite you to "rely on" things, because that's a great reminder to "rely on" things "to" (or "not to") do or be something specific. Spell out the properties which are important rather than fuzzily bundling them all into trustworthiness.
Go forth, be free!
Permission to never again care about the concept of "factors" when it comes to authentication. This is a real permission slip from a real security professional which you can absolutely pull out when dealing with anyone who demands that you count authentication "factors".
Freedom from password rotation or complexity requirements. You never have to do them again! In fact, password expiry & composition rules are not just no longer recommended; they are forbidden.
Freedom from ever doing anything with pronoun or name fields except store and display them exactly as provided. (This freedom revokes permission to ever parse, split or concatenate names. Honestly, this one needs a little more explanation to truly free you. But long story short, never try to assemble or disassemble name string into other name strings. Want someone's personal name? Ask for it. Want someone's full name? Ask for it. Do not try to smush together a personal name field with a family name field to create a full name or vice versa. Do not do anything of the sort.
Liberation from the word "user", and especially the concept of "our users". (This one still needs a writeup, sorry.) Do not call people who use something "users", even if the thing they are using is fentanyl. Just like in so many other domains, they are a person first — a person who uses the thing. This especially frees you from the brainworm of thinking about "our users". They aren't yours. They are people who use the thing you made. You have no dominion over them. It takes a little getting used to, but I promise that this one weird trick will improve the way you think.
Also from the Sapir-Whorf department: you don't need to "trust" things. Trust is a slippery verb. It can refer to several different dimensions, like honestly or proficiency (which are pretty orthogonal). Instead, I invite you to "rely on" things, because that's a great reminder to "rely on" things "to" (or "not to") do or be something specific. Spell out the properties which are important rather than fuzzily bundling them all into trustworthiness.
Go forth, be free!