Free AI web copilot to create summaries, insights and extended knowledge, download it at here

2693

Abstract

ated by smartphone apps</li><li>OTPs sent via text or email</li><li>Access badges, USB devices, Smart Cards or fobs or security keys</li><li>Software tokens and certificates</li></ul>Inherence<ul><li>Fingerprints, facial recognition, voice, retina or iris scanning or other Biometrics</li><li>Behavioral analysis</li></ul>Other Varieties of Multi-Factor AuthenticationAs MFA incorporates machine learning and AI, authentication methods become more advanced, including:Location-Based AuthenticationLocation-based MFA examines a user’s IP address and, when possible, their geographical location. This information can be utilized to block access if the location doesn’t match the approved whitelist. It may also serve as an additional authentication layer alongside other factors like passwords or OTPs to verify the user’s identity.Adaptive Authentication or Risk-Based AuthenticationAnother subset of MFA is Adaptive Authentication, also known as Risk-Based Authentication. Adaptive Authentication assesses additional factors by considering context and behavior during the authentication process. It utilizes these factors to evaluate the risk level associated with the login attempt. For example:- Where is the user attempting to access information from?

Is the login occurring during the user’s typical hours or outside of normal patterns?
What type of device is being used? Is it consistent with previous usage?
Is the connection via a private or public network?The risk level is calculated based on these factors and determines whether the user will be prompted for an additional authentication factor or allowed to log in without further verification. This approach is often referred to as risk-based authentication.With Adaptive Authentication in place, a user trying to log in from an unfamiliar cafe late at night may be required to provide a code sent to their phone, in addition to their username and password. However, if they log in from their regular office location at their usual time, they may only need to enter their username and password.To combat cybercriminals’ continuous attempts to steal information, implementing an effective and enforced MFA strategy is crucial. An efficient data security plan can save your organization time and money in the long run.<figure id="0e75"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*9v22NGl6MWx61mU5hfnNvw.png"><figcaption></figcaption></figure>What’s the Difference between MFA and Two-Factor Authentication

Options

(2FA)?MFA is often used interchangeably with two-factor authentication (2FA). 2FA is basically a subset of MFA since 2FA restricts the number of factors that are required to only two factors, while MFA can be two or more.What is MFA in Cloud ComputingIn the realm of Cloud Computing, Multi-Factor Authentication (MFA) has become increasingly indispensable. As businesses transition their systems to the cloud, they can no longer solely depend on a user’s physical presence within the same network for security. It becomes imperative to implement additional security measures to verify the authenticity of users accessing the systems, safeguarding them against malicious actors. As users have the flexibility to access these systems from any location and at any time, MFA plays a vital role in ensuring their true identity by requiring additional authentication factors that are challenging for hackers to mimic or crack using brute force methods.<h1 id="b1a3">How MFA helps prevent common cyberattacks</h1>In 2020, global cybercrime costs exceeded $1 trillion, impacting 37% of organizations with ransomware attacks and 61% with malware attacks. These alarming statistics highlight the pressing need for organizations to confront a multitude of severe cyber threats. To safeguard their networks, systems, and data, robust cybersecurity controls and measures like Multi-Factor Authentication (MFA) are essential.MFA offers protection against various types of cyberattacks, including:1. Phishing 2. Targeted spear-phishing attacks 3. Keyloggers 4. Credential stuffing 5. Brute force and reverse brute force attacks 6. Man-in-the-middle (MITM) attacksBy implementing MFA, organizations can significantly bolster their security defenses and mitigate the risk posed by these sophisticated cyber threats.<h1 id="af16">Conclusion</h1>MFA cannot guarantee foolproof security or stop all cyberattacks. However, it can help protect high-value systems and accounts, secure email access, and limit the usefulness of stolen credentials. Most importantly, MFA adds additional layers of authentication to protect systems and combat many types of cyberattacks. MFA is also critical to achieving <a href="https://www.onelogin.com/learn/zero-trust">Zero Trust</a>, the most reliable cybersecurity approach in the modern cyberthreat landscape.<ul><li><a href="https://a.co/d/b2ccU5N">https://a.co/d/b2ccU5N</a></li><li><a href="https://a.co/d/eNnZw7F">https://a.co/d/eNnZw7F</a></li><li><a href="https://a.co/d/hKu12BF">https://a.co/d/hKu12BF</a></li></ul></article></body>

The Dogma Defence

The biggest challenge Scrum faces (IMO) is that the number of poor implementations of Scrum far outnumber the right ones, and that, by far, the number of poor implementations of Scrum is representing Scrum.

It’s like a team just getting started playing football, realizing they are shit at it, then proceed to change the rules of the game and lines on the field, rather than improving their play. Then… instead of training/improving, they’ll (rather lazily) stick to complaining about not getting premier league results, whilst abandoning practices that should have made them great over time.

Ron Jeffries explained this well in his article We tried Baseball, but it didn’t work.

Perhaps the business isn’t a game (or is it?); at least I bet that just like in a game:

when participants play by different rules, interpretations thereof, or are confused about all the unwritten house rules, you’ll have conflict and chaos.

Those starting Scrum should understand it takes time and training to get the hang of it to experience benefits from it.

Teams should try to get better at it; there is plenty of room in the field to experiment.

I would agree that a statement like ‘because the Scrum Guide says so’ doesn’t cut it and indeed sounds ‘dogmatic’. One would have to argue the ‘why the Scrum Guide says what it says’ and question if that purpose matches the intended purpose. Scrum will likely not work for organizations applying Scrum for purposes it is not designed for, even when implemented ‘dogmatically’.

But what is ‘dogmatic’ anyway but an invasive negative term introduced to Scrum. For example: is ‘the ambition to practice something well’ dogmatic? is ‘playing by the rules’ dogmatic? is ‘honoring your team agreements’ dogmatic? Is ‘trying to be good at Scrum’ dogmatic?

This is actually at the core of what our community is about: working to improve practice and understanding of Scrum and helping each other. Follow Scrum to the letter ‘no matter what’. That is not helpful.

The critics

When engaging critics of Scrum and learning they aren’t actually doing Scrum, #dogma is played. Aka: “You shouldn’t follow Scrum by the letter, just because the guide says so because that would be #dogma”.

I do agree that you shouldn’t follow a guide just because the guide says so, yet if you choose to adopt the framework then at least learn to understand why the guide says what it says. Be open to try it, be dedicated to trying to do it well, before you deliver judgment. Call this approach Shu-Ha-Ri if you like.

Teams may well choose not to follow the guide and are thus bound to get lost. This is okay as long as you are there to help them back on track.

Many will say Agile is only a set of ‘guidelines’, or that it is a ‘philosophy’. No, it isn’t. It is a manifesto! It is something bold that should be upheld. It contains ‘principles’: a fundamental proposition that serves as the foundation for a system of belief or behavior or for a chain of reasoning. It should be desirable to follow it if you want to battle, escape, remedy toxic environments. Taking out or modifying elements that make up the foundational framework, without a proper understanding of its impact, will weaken the whole.

Some will argue that ‘whatever the team wants’ can be considered Agile because of #self-steering or # self-organizing. If you do, please consider the Agile Principles, Scrum’s Values, and the reasoning behind them, to challenge that, what the team wants, is actually outweighing the benefits of that which it seeks to adjust/abandon. This is the value of coaching.

The value of adding ‘yet’

Don’t get me wrong though, there can be valid reasons why teams abandon or adapt certain values, principles, or practices, but surely this can be done without bashing the manifesto or framework that helped you establish that. For example, if your team isn’t able to deliver qualitative value within a timeframe, please note that they just can’t do it ‘yet’.

Their is a major difference to saying “I can’t do it”, versus saying: “I can’t do it yet”

Those that utter those three letters will reveal a totally different mindset. A mindset that is far more likely to deliver better results and experiences.

Stop lowering bars and abandoning principles, just because you aren’t good at it yet. Instead, use those principles as a means to improve. ‘Yet’ is far more powerful than ‘But’.

Frankenstein terminology

Unless you are a skilled practitioner, stop introducing Frankenstein terminology to hide ineptitude; it doesn’t make you sound creative or innovative.

Stop adopting Scrum, then deciding to not actually do Scrum, but still call it Scrum. Stop saying Scrum doesn’t work if you haven’t done it properly yet. It says more about your ability and commitment to Scrum rather than Scrum.

Stop saying “Scrum doesn’t work” if you should be saying “I have trouble doing it right”.

You can choose to avoid change, uphold a status-quo, keep doing what is comfortable and upholding your convictions that Scrum doesn’t work, or Agile is just a fad, or that learning how to do it right is dogma, and dogma is bad m’kay. OR…. if you can set aside your ego, you might actually show some courage by saying/asking things like:

“I have trouble getting it right”
“Why am I not getting the results I expected”
“How can I do it better”
“What am I not doing right”
“Why do I think this will not work”
“What’s one step I can take that will make it slightly better”

Feel free, go beyond!

Look, with Scrum you’ll end up dragging the organization through its own mud. It’s painful. No one said it would be easy or painless.

The benefits will only be experienced by those who persist, not by those who give in.

Having said all this, please don’t imply that I am telling you to limit yourself. Plenty can be done on the canvas which the framework supports. Use that canvas, introduce your values, principles, practices, workshops, training, and tools. Nothing is preventing you from going ‘beyond’. In fact, please do go beyond. Scrum is a framework designed so teams can find freedom on their canvas.

I wrote this with a genuine urge to help others, like myself, battle defects, rather than submit to status quos and toxic cultures and environments. Feel free to ignore it all. Feel free to tell me why I am wrong to write all this. Feel free to give me a new perspective so I can learn, adapt, improve.

Thank you for taking the time to read my rant. It would mean a lot to me if you let me know what this made you feel and think.

After posting this, I’ve kindly been referred to these blog articles by Ken Schwaber.

Do you want to write for Serious Scrum or seriously discuss Scrum?