StartupTalky

Tag: authentication

  • How to Get a Free SSL Certificate for Your Website?

    “Safety is a small investment for a rich future”.    

    SSL certificate is used by websites across the globe to ensure data security for their users. The websites with SSL certificates are identified as secure and reliable by the search engines due to which they are pushed to better ranks in the search results and more traffic is drawn towards them.

    Therefore, depending on the kind of website you own it is very important to get the relevant SSL certificate. In this article, we will tell you everything you need to know about SSL certificates including how to get a free SSL certificate for your website.

    Keep reading…

    What is an SSL Certificate?
    Why do you need an SSL certificate?
    How to get a free SSL certificate for your website?

    SSL, TLS, HTTP, and HTTPS Explained

    What is an SSL Certificate?

    SSL or Secure Socket Layer Certificate is a protocol that encrypts internet traffic and also verifies the server identity. It helps keep the user’s information private through secure data transfer between a user’s browser and your website.

    The three types of SSL certificates and their price range vary depending on the extent of security they offer to your website. Below we have listed them in order from most to least secure (or most to least expensive):

    • Extended Validated (EV): For websites that involve the most sensitive information such as the financial details of the user.
    • Organization Validated (OV): For websites that collect random information such as small business websites collecting user information for lead generation.
    • Domain Validated (DV): It is for sites that do not exchange any user information. For example blog websites.

    When an SSL certificate is enabled for a website a lock sign appears towards the left side of the website’s URL. A user can easily check the SSL certificate for a website by clicking on this lock icon. The information included in an SSL certificate is as follows:

    • The domain name (for which the certificate was issued)
    • Name of person, organization, or device to which it was issued
    • Issuing authority (Certificate Authority)
    • Digital signature of the certificate authority
    • Date of issuance
    • Date of Expiration
    • Associated subdomains
    • Public key

    Why do you need an SSL certificate?

    Trust is the foundational quality on which a business can grow stronger in every dimension. As per a survey by Accenture, 62% of customers are inclined toward companies that exhibit ethical values and authenticity.

    As you move your business online it’s not just your responsibility to keep users’ information secure rather it is also necessary to grow your business. As per a survey by Statista, almost 15 million data records were exposed worldwide during the third quarter of 2022. An SSL certificate ensures data safety during transmission and is highly crucial for a website as it is considered a symbol of trust and authenticity across the web.

    Here are a few of the major reasons why you must obtain an SSL certificate for your website:

    • Encryption: SSL certificate facilitates a public-private key pairing that makes SSL encryption possible. Here, a secure connection is established between a user’s system and your website, and the information exchanged is coded and decoded between them. The data is protected from any outside viewer through encrypted language.
    • Authentication: SSL certificate helps users to identify your website as genuine. This means a user can verify that he has connected to the rightful owner of the domain. It is especially useful in avoiding domain spoofing and other similar attacks.
    • HTTPS: The “S” in HTTPS stands for “Secure”. This indicates that your website is SSL encrypted and thus, safe for the users to share their information. A website without an SSL certificate is marked as “Not secure” and is given a red flag by search engines.
    • SEO Ranking: Google uses “HTTPS” as one of its ranking features i.e. it gives a boost to the ranking of websites having SSL certificates. Recently, Google has also begun imposing penalties on websites that do not own an SSL certificate.
    • PCI DSS requirements: If you own an e-commerce website or any other website that requires online payments your website must comply with Payment Card Industry Data Security Standards (PCI DSS). One of the major requirements amongst the 12 primary requirements set by the industry for data security includes having an SSL certificate.

    How to get a free SSL certificate for your website?

    SSL certificate is issued by a Certificate Authority (CA). It is a trusted third party or outside organization that also signs the certificate with its key. Most of the Certificate Authorities charge a fee for issuing the SSL certificate while a few also offer it for free.

    Once obtained the certificate should be installed and activated on the website’s server. Post which the “HTTPS” status becomes available for the website and the online traffic gets encrypted and secured.

    Once you have chosen the type of SSL certificate depending on the requirement for your website, you can follow the steps given below to get a free SSL certificate for your website.

    Verify your website’s WHOIS information:

    Whois Homepage
    Whois Homepage

    WHOIS is the internet record that identifies the owner and related information of a particular domain. Recently, it has been replaced by Registration Data Access Protocol (RDAP). These help access the internet resource registration data.

    Several tools can be used to verify your WHOIS or RDAP  information such as Icann lookup, Arin, Securitytrails, etc. Before applying for the SSL certificate it is important that you update this information and also match it with what you are submitting to the Certificate Authority.

    Generate Certificate Signing Request (CSR):

    A website offering CSR Generation
    A website offering CSR Generation

    As the name suggests, it is a message (an encrypted text) sent by the applicant to the Certificate Authority providing them with the required information such as domain name, organization name, country, etc.

    A CSR can be generated through your server, your cPanel, or through an online CSR generator. The last option is least preferred as it is not directly connected with your server, cPanel, or hosting service.

    If you find difficulty in creating your CSR, you can easily approach your hosting company to guide you through the process specific to your website. Once your CSR is ready you will have to submit it to the Certificate Authority to validate your domain.

    The price of getting the SSL certificate depends upon the level of security you require for your website. However, certain CAs offer low-level security SSL certificates for free. Some of them include:

    • Letsencrypt.org: This is an automated and open Certificate Authority and is operated by the Internet Security Research Group (ISRG). It offers a free Domain validated SSL certificate, valid for 90 days. Post 90 days you can easily renew the certificate again for free, for the next 90 days. Their certificate is recognized by all major browsers such as Chrome, internet explorer, firefox, etc.
    • Cloudflare.com: It is a CDN and security company, recognized worldwide for its products. It is used by many popular sites such as Mozilla, Reddit, etc., and is known to make the site faster and more secure. Their SSL certificate, depending upon the level of security, is available at the cost of $0 to $200 per month.
    • SSLforfree.com: It is also a nonprofit CA and is recognized by all major browsers. Their SSL certificate is available for free but has to be renewed every three months.
    • Zerossl.com: They also offer free SSL certificates for 90 days that can again be renewed for the next 90 days. Alongside this, they also provide automated ACME integrations and a full-fledged REST API.

    Install the  certificate on your website:

    Once you have received your SSL certificate from your CA it is required to be installed on your website. You can easily do it yourself on the cPanel. Under Security, you will find SSL/TLS section. From here go to Manage SSL sites and upload your certificate.

    After uploading the certificate you will also have to make changes to your WordPress files. In your WordPress dashboard, go to settings and update your URL by adding HTTPS instead of HTTP. Click save changes. Log out and again log in. Make sure all your URLs now display HTTPS. If you notice mixed content errors, find all your old URLs in the database and replace them with new ones.

    FAQs

    How long is an SSL certificate valid?

    This depends on your certificate provider but usually ranges from 3 to 13 months. Most CAs provide the option to automatically update the certificate as soon as it expires.

    How long it takes for the SSL certificate to start working?

    The average time duration for an SSL certificate to start working ranges between one to three days. Although a few SSL certificates such as Let’s encrypt start working immediately while some may take up to a week.

    How much does an SSL certificate cost?

    The average price for an SSL certificate is around $60 per year. However, this price can vary considerably from one CA to another. A few certificate providers offer it for free while others may charge as high as $1000 per year.

    Can a website work without an SSL certificate?

    Any website without an SSL certificate is marked as “not secure” by the search engines, as your visitors are at great risk of data leakage, and its ranking is also lowered considerably. So, even if your website continues working without an SSL certificate it won’t be able to attract much traffic. Moreover, Google has also begun to impose penalties on websites without an SSL certificate.

    What can you use in place of an SSL certificate?

    Transport Layer Security (TLS) can be used in place of SSL. It is an improved version and successor protocol of the SSL certificate. It also uses encryption to prevent data breaches during the transfer of information from the user to the website.

  • A Decade Of UIDAI (2009 – 2019): Challenges And Impact

    The Unique Identification Authority of India (UIDAI) is a statutory authority establish under the provisions of the Aadhaar Act 2016 from 12th July 2016 by the Government of India, under the ministry of Electronic and Information Technology. Prior to its establishment as a statuary authority, UIDAI was functioning as an attached office of the then Planning commission and was established  a decade ago on 28th January 2009.

    The logo of Aadhaar
    The logo of Aadhaar

    UIDAI was created with the objective of issuing a Unique Identification Number (UID), named as Aadhaar to the citizens of India. The UID had to be robust enough so it would eliminate duplicate and fake identities and also verify and authenticate in an easy, cost effective manner. The authority has so far managed to issue more than 124 crore Aadhaar numbers to the residents of India.

    After the Aadhaar Act 2016, UIDAI is responsible for operation and management of all stages of Aadhaar life cycle, developing the policy, procedure. And also to systematically issue Aadhaar numbers to individuals and perform authentication and the security of identity information and authentication records of individuals.

    Top 10 Mobile Wallets in India | Online Payment Made Easy
    The globe is seen slowly paving its way towards a cashless society. Frominvoices to cards and now to mobile wallets, this significant transformation hasreduced the weights of bulky wallets. We can pay for any product, transfermoney, make bill payments, and almost everything in the comfort of our …
    StartupTalkyAvantika Bhardwaj

    The Vision and Mission of UIDAI

    The vision of UIDAI is to empower resident of India with a unique identity and digital platform to authenticate anytime and anywhere.

    The mission of UIDAI are

    • To provide for good governance, efficient, transparent and targeted delivery of subsidies, benefits and services, the expenditure for which is incurred from the Consolidated Fund of India, to residents of India through assigning of unique identity numbers.
    • To develop policy, procedure and system for issuing Aadhaar number to residents of India, who request for same by submitting their demographic information and biometric information by undergoing the process of enrolment.
    • To develop policy, procedure and systems for Aadhaar holders for updating and authenticating their digital identity.
    • Ensure availability, scalability and resilience of the technology infrastructure.
    • Build a long term sustainable organization to carry forward the vision and values of the UIDAI.
    • To ensure security and confidentiality of identity information and authentication records of individuals.
    • To ensure compliance of Aadhaar Act by all individual and agencies in letter and spirit.
    • To make regulations & rules consistent with the Aadhaar Act, for carrying out the provisions of the Aadhaar Act.
    An example of the details that Aadhar card contains
    An example of the details that Aadhar card contains

    Some of the main functions of UIDAI are according to the Aadhar Act of 2016 are:

    • Specifying the regulations, demographic and biometric information required for enrolment and the process of verification.
    • Appointing of one or more entities to operate the Central Identities Data Repository
    • Generating and assigning Aadhaar numbers to individuals and authenticating Aadhar number.
    • Maintaining and updating the information of individuals in the CIDR in such manner as may be specified by the regulations
    • Omitting and deactivating of an Aadhaar number and information as specified by regulations.
    • Specifying the manner of use of Aadhaar numbers for the purpose of providing or availing benefits, services and other purposes for which Aadhar numbers may be used.
    • Calling for records and information conducting inspections, inquiries and audit operations for the purposes of Aadhaar Act of CIDR.
    • Data management, security protocols and other technology safeguards under Aadhaar Act.
    • Levying and collection of the fees or authorizing the registrar, enrolling agencies or other service providers to collect such fees for the services provided by them.
    • Setting up of facilitation centers and grievance mechanism for redressal of grievances of individuals, Registrars, enrolling agencies and other service providers.

    Top 10 Mobile Wallets in India | Online Payment Made Easy
    The globe is seen slowly paving its way towards a cashless society. Frominvoices to cards and now to mobile wallets, this significant transformation hasreduced the weights of bulky wallets. We can pay for any product, transfermoney, make bill payments, and almost everything in the comfort of our …
    StartupTalkyAvantika Bhardwaj

    The challenges of UIDAI are

    Biometric Challenges – No single biometric modality is sufficient for uniqueness guarantee. As it needs facial photo, eight to ten fingerprints and possibly iris. The problems with that is that significant percentage of the population will not have a desired biometric pattern: children below 8 years old. Enrollment “kit” that contains everything for a mobile unit. Simple training of enrollee such as video when they are waiting in line for enrollment.

    Rural Biometric Challenges – Fingerprint is socially acceptable, but it requires physical contact. Manual labor, dirty hands, assistance needed to capture prints result in large number of errors or missing prints. When it comes to iris scan it is better technology because it is touch less, but needs camera redesign for rural environment. Need improved user friendly capture to enroll in the open. Its needs in situation monitoring for enrollment and continuous monitoring.

    Biometric De – Duplication – Assuming 10 fingerprints for each and every person. A duplication search requires every fingerprint to be compared against entire database. Assuming a peak load of 1 million enrollments/day at database size of 800 million.

    Architecture Challenges – The architecture challenges includes distributed computing, cloud computing and virtualization, in memory databases and optimizing for computation and network.

    Network Infrastructure – Since rural internet connectivity is very poor the government must work on getting a better mobile network for the rural areas. Enrollment client must work in offline mode and batch upload when connected.  It should ride on credit card POS networks.

    Security and Fraud Detection – It make it secure for client, the server must be able to detect and prevent intruders. It should detect fraud on audit trails. Make automatic alerts like credit card alerts based on suspicious patterns.

    Managing multiple risks – It manages multiple risks such as Adoption, Enrolment, Political, technology, scale, sustainability, privacy and security.

    Garib Kalyan Rozgar Abhiyan | New Govt. Scheme to Provide Jobs
    With the Economy of India badly affected due to the COVID-19 pandemic add lossof jobs for lakhs of migrant workers during the lockdown, a scheme by the nameof ‘Garib Kalyan Rozgar Abhiyan’ or ‘Rural Job Scheme’ was launched by theHonourable Prime Minister of India, Narendra Modi in the district o…
    StartupTalkyYash Taneja

    The impact of UIDAI and Aadhaar

    Over 90% of Indian adults are now enrolled in the Aadhaar program making the total about 1.2 million people. It has become one of the pillars which people debate on the role of government in our lives. The value of privacy and how we should safeguard it, how public policy should be shaped and implemented and whether technology is being truly harnessed in the best interests of the citizens.

    The impact of Aadhaar from the past 10 years

    Identity is important

    Aadhaar enrolment has been de- linked from a person’s nationality and is instead available to all residents. In order to be eligible for enrolment an applicant does not have to prove their Indian citizenship, they must only provide proof of residence for at least 182 days. The Aadhaar has identity first approach and the number itself does not establish nationality or confer any rights or benefits and only establishes who the person is.

    Focus on Inclusion

    A central debate in India over Aadhaar has been on its claims towards inclusion. It points out vulnerable section of the population as there are many people that have been excluded from individual legal identity, now have an access to a nationally and widely recognized form of identification e.g. the poor migrants, tribal population in remote areas, transgender individuals and the homeless.

    Make privacy a priority

    The Aadhaar was implemented without a framework of data protection and privacy legislation in place, and it is missing in India even today. As a result, while the central repositories of UIDAI have not been breached, the demographic information collected for issuing Aadhaar cards, and the Aadhaar number itself, have been subject to multiple disclosures by government bodies as well as through fraudulent means.

    There was a lack of clarity on the status of information and the rules on how it was to collected, handled and disclosed. Limited data collection for specific purposes and controls on the retention of data, must be incorporated into the program, in the design of the technical system and also in the rules for every partner and agency related in handling identity related data.

    Everything an Entrepreneur need to know about Budget 2019
    Tax1.Within 2 years, Tax assessment will be done electronically – The governmentannounced that within the next 2 years, they do all the verifications andassessments of returns electronically. They will use anonymised back officeswhich will be manned by tax experts and officials without any pers…
    StartupTalkyLakshya Singh

    Technology choices and their costs

    The Aadhaar program costs US $1.16 per enrolment which is the lowest of any identification program in the world. In other parts of the world the costs are as high as US $6 for enrolment and up to US $5 per identity card, which developing countries cannot afford. This makes the system dependent on connectivity for authentication and enrolment which is difficult to adopt for countries with lower mobile and internet usage.

    Which is why UIDAI introduced offline verification in 2018 through a digitally signed copy of demographic information on a QR code on the Aadhaar card. It enabled local authentication without connecting to the centralized database and also addressed the issue of fraudulent Aadhaar cards.

    Financial Inclusion

    When trying to assess the impact of the Aadhaar system, 2 instances are very significant the PDS, where the benefits are disputable and the financial services where its role is to accelerate KYC process in opening bank accounts. The Reserve Bank of India in 2011 recommended the use of the Aadhaar based e-KYC process for opening small bank accounts.

    This received a boost in 2014 with the launch of the Jan Dhan Yojana, through which over 300 million accounts were opened using eKYC. An uptick in account usage was observed once cash benefits were directly transferred to these accounts, suggesting that the lack of an initial balance might be a deterrent