You're listening to the identity of the center podcast, this is the show that talks about identity and access management and making sure you know who has access to what let's get started. Welcome to the identity of the sender podcast, I'm Jeff and that's Jim. Hm. Hey Jeff how are you? Not too bad yourself? Don't fantastic here at the authenticate conference 2022 in Seattle. I give the conference in a has been a really good conference
and a fourth etiquette. Yes. And it and next year, I think it could a plus with it moving to San Diego. Which by the way that news was broken on it, did it start a podcast? It was thank you very much and you're shaky are for joining us. Week is sort of like a preview that we rolled out this Monday, the first day of the conference and he was kind enough to give idac listeners sneak preview of where authenticate will be next
year. So hopefully we'll see people in Carlsbad California, which is just North of San Diego. So, it's definitely a destination spot for people who like to plan, you know, vacations around conferences. Or if they have family things that they can send the family do fun things while they sit. You don't talk identity with a bunch of Denny nerds like And I, yeah, well that's that's true. And you know, I met so many people here at the conference
from all over the world. All different stages of their career doing all different things, but guess what? I did not meet a single person who likes the password, not one at a password list. Basically thing that's that's we go. Imagine. Well, why do we kind of pivot into our conversations tape up before I get too far along? I do want to again. Thank and Russia are in the Fido team.
For hosting us this week and giving us a spot to record and just the support that they've given us a true friends of the show. So we hopefully are paid it back there with some exposure on the podcast. And also thanks to our SM for sponsoring our trip out here. They are our day job, and the podcast is our night and weekend job. So they've been very supportive of that. So thanks to both Andrew and our SM and let's go ahead and introduce Our Guest.
His name is Kevin Goldman, he's a chief design officer, a true Sona and chair of the user. Experience committee and a board member for the fight Alliance. Welcome, Kevin thanks for having me. Yeah. Glad to be here, that sounds like a real mouthful. So we want to get into that a little bit here, so I second that. Yeah. So before we get too far along its first time you were on the show. We like to find out more about the identity origin story for people.
How did you get into the identity space itself? Is it something that you chose or did it choose you or maybe something else? Yeah, a little bit of both. You know, most of my career was spent in Consulting as user experience Consulting and I met the founder of the company that I'm at now and was just intrigued and eight months later. I joined the company. So that was about seven years ago. So I've been in the authentication cyber identity
space for about seven years. And you know, the funny thing is I I really feel at this point. I'm going to be in this industry for the rest of my career. There's just so room so much room for design to make impact in. This space another way to say it is there's just a really low bar design and say we have something like crappy design, you know, I am space that he worked on which I would agree with.
Yeah, lots of room for impact. So I was also thinking there's also a difference between user experience and user interface, right? I mean it's the the user interface is kind of the thing that we can all think of but it's everything that goes into it, right? That's it. Yeah expert. You have in your you bring to the table? Yeah, thanks for pointing that out. You know, it can be an alphabet soup of, you know, ux/ui HCI all these different, human-computer interaction?
All these different things that the design space calls it. But you made a important distinction. Yes, there is the digital stuff you interact with on screen which is the user interface. But the user the user experience is more broad. It's it takes into account all the different contexts that somebody might be in and the full Journey that they might go through. So let's it might be some of it might be in the digital space. Some of it might be in the physical space and it
incorporates all of that. So yeah, you hit the nail on the head, it's both. So I know that true Sona has been here for years really, part of the alliance. And I remember hearing I think was already speak last year, for those who aren't familiar Tristana, which is where you're at right now. Tell us a little bit about that. Give us a like, a 30 second elevator pitch. Yeah. Keep it very, very simple. So to Sona is in this space of identity and access management.
We provide a password list solution that allows people brands that to deploy passkeys and and Fido based credential authentication for their consumers. In a very, very simple way so that they're don't require a lot of Technical know-how and they don't they get all this stuff that I bring with user experience. It's and they get all the goodness of the security that Fido has allowed and put that together into a SAS base Cloud
solution. Interesting. So, I got to ask, how did, how did, how did you get engaged with Fido? And, you know, become part of this user experience committees. It something that you got you sought out on your own. Did they come to you just tell me about the origin there? Yeah, you know, there's actually it's been many, many years. So we've Fido has been our true. Owner has been a member of Phi, do want to save four five six
years. But in the early days, we weren't we weren't really involved. Very closely. It was started about three years
ago. We said, hey, we want to get involved more, you know, we did look at some of the usability issues of Fido and we went to one of the plenaries and were welcomed in and and really well Embrace it to be heard of what our, what our thoughts were you fast forward a little bit and it would really was you mentioned, and Russia, are is really and Russia care that took time and reconnected with, with me and said, hey, you know what are these, some of these usability
issues you're seeing, we started talking about about what they are and we sort of both thought. Hey, it could be great for Fido to sponsor. Some user experience research, and the output of that research could help relying. In parties Brands ensure that there are phyto, deployment is usable. So, that's really when I started to become quite involved, and this was just nights and weekends work, you know, we were thinking about what's the scope of This ux research? Who do we get involved?
Andrew formalize that into a ux task force. That was about, I don't know, is two or two and a half years ago or so through that ux, task force Fido published its first user experience guidelines and they were for platform authenticators for regulated Industries. If you're an RP, a brand that matches that Persona, then you can use these guidelines to kind of Ensure good usability for
your end users. And, you know, it's the first time that fight has done something like this and a lot of magical things happen one, we got participation from a lot of different vital companies designers within companies that are on the final board or other parts of Fido and it was a really diverse group global. So designers from around the world that were giving their expertise to help create this used to this research for the first time.
Another interesting thing happened which was, you know, people read the guidelines and found something helpful in them, you know. So you don't know the first time out of the gate, a new if it's really going to resonate. But we found that RPS like, hey, we really like this. We want more, we want more ux. We want me to produce more ux guidelines, so we did it again. We did a second round of ux
research this time. Focus on Hardware security Keys again for regulated Industries. And by the way, the research it's called research, the ux research, the listeners may or may not have ever participated in a ux research project. The outcome is what's important not necessarily that it was just research, the outcome is are just best practices that are easy to use. So that's really the outcome.
If you don't have ux designers on your team, you're a project manager, you're an engineer, you're an IT admin. Are looking for ux guidance, you might not have those people on your team, you can go to these guidelines and get some good advice. We published that second set of ux guidelines at identifiers just a few months ago and a
couple of other things happened. Late last year, I became a board member of Fido Alliance and then really work with the board to figure out how do we do more around. Ux at Fido and we looked at a lot of different ways to fit in with the governance structure of Fido, ultimately, we created a ux committee, so that committee now has the numbers grew significantly this week. We added maybe six or seven people, but I think it's about 28 people now that are part of
the ux committee. That are providing their expertise to create more and more of this content that people are saying they find helpful. And that committee has been established about six months, we had some big goals for this year, three big goals and one of those was launched just a few days ago here at authenticate, we created a Fido Alliance
design system. So, if you're again, if you're not a designer, if you're not a product manager, you might not know what a design system is, but there really are the essential building blocks of the user experience design. Most companies have designed systems already Problem is there's a big gap, they don't have design system components for authentication, for password, less authentication,
and Fido authentication. They have design component design system, components for username password, but not for the password list, so stop right there. So you see user design components. What is that? So component could be as simple as a button or an input field or a Piece of Copy Text. That's a sentence long. That describes. What an experience might be this new password, this experience, but a component could also be the holding my hands out.
Those listening could be the end-to-end Journey of an authentication identity authentication experience. So, you're talking about like when you're like, mocking this up with your mocking up the screens and what that flow looks. Is it that? They're sure companies, their tool does even has been created. It doesn't even understand a world where Fido exists. It's just yes, username password and a submit button.
Yes as yeah. Funny the person who is on day one keynote from Google. Starting about Eric Schmidt introduced. This idea that we're going to have a page with just the username and then put the passer on the second page of people freaked out I was thinking of the exact same. Same thing. It's like you just broke the system, right? Yeah, for what people are used to. Yeah, actually, one dash is quite. I hope it's a good question, but it's around, you know, the the
idea around user experience. So when I think of Fido and phyto to traditionally, like the first thing that came to my mind was security break getting away from the password and a password sucks, but the pastor sucks because it's so insecure. But there's also, of course, the user experience components of that witch and, you know, in some ways drives, the secure, the lack of security around the pasture.
Right? Is that the user experience is so hard that people take short cuts, etc, etc. But still so, so that take that in context because they think user experiences like a major Focus this week but I don't know that it's always been a strong as of a focus as it is now. And then I had this other realization or sense that when you're sitting in these conferences like we're right in the middle like Fighters. Come now 10 years.
Fighting Alliance has been around for 10 years. and, you know, we're probably like, halfway through the Journey, you know. It's like the the password is still ubiquitous, but you feel like it's almost at the inflection point when you start hearing about these major rollouts. And it's got a ways to go. So, so that was my realization. So now, here's my question is, where are we at in terms of the user experience?
Are we also halfway in terms of taking this concept that the user experience is just as Important as security or we halfway or we just in the kind of the early infancy of that and you know it's got its still yet to reach its inflection point. And I'm also doing a budget arm movements that nobody seeing hard to quantify if we let you know 50% or but. But it's similar to that, you know, in some ways designs never
done. So it's always going to be iterated upon and and improved, but there is a growing awareness. In the ux and design Community around the importance of security and privacy and that there are other authentication modalities available. I think that's just a big step to just that there is an alternative for the people that are designing these systems.
What you what you mentioned earlier in in as you were describing the question, you're mentioning, the relationship between Usability and security and they actually affect each other. So this is a very, very well known very well respected person in the ux community. His name is Jared spool and he corn sort of he, what he says is. If it's not usable, it's not secure. And he does what he does a very long talk on this 60. 90 minutes are.
In fact, your son hired him one year to talk at our Summit but it's it goes like this. If you have a security experience that's hard to use. Regular people will find ways to work around that security. They just will in ways that you would not imagine. So when you work around the security just makes the system less secure.
So there's a there's a symbiotic relationship between usability and security and I think that's becoming more well understood that when we talk about usability it's not just oh make it simple for the e-commerce check out you know make it For the lowest recurrence use cases. It's also for the most secure
use cases. You also need security, because I knew you'd need usability because otherwise people are going to work around it. The way that I've always heard, it described to me, that always paid sense. Of my feeble brain is, you've got a river, which is a security or it is the people die. Haven't heard this one. So yeah, drop a rock in the middle of it and if it's bad security, the river just flows around it.
So you need to design it in a way that people can't flow around that rock, whatever that gate is right. Whatever that checkpoint is that you want to pass people through, and it was thought that, that was made sense to me, but it's clear and style in the desert is how I've heard at how to her to call. That's another go ahead. Yeah. Exactly. Or like, you know, you see the images where it's like, you know, the gate is here and yes. So it's just like a pet walk
around. Get you just walk around the cake. Yeah. And and that usability is a direct impact. Until how secure system has because people will find a way around it. I am guilty of that myself. I don't look for ways to make my life easier. If that means that I'm circumventing security, my non-security Personnel, Ona will go ahead and do it.
Yeah. I'm taking a risk in doing that and I feel like you know maybe that's a good rest maybe it's not a good risk, not saying that I'm doing that in a particular circumstance but people will find a way to make their life easier and insecurity. Puts these owners burdens on top of people they will find a way around it or they A just won't use it. I'll give you a real pragmatic. Example of the idioms are awesome, the river and The Rock
and the turnstile. So in the context of the hotel are not a hotel but a hospital HIPPA laws privacy. Lot of secure data, there's a system where it will log you out of the system if they don't see mouth movements activity on that machine. Within 90 seconds. So well got documented case, where the staff.
You know from 9 p.m. until 5 a.m. had somebody whose job it was to wake up, not wake up but not let that computer fall asleep and even if they weren't using it would constantly keep that machine open because it was so difficult. It's a log into that machine with the multi-factor authentication that they use. They would rather have Somebody dedicated to walk over to it and make sure that they tap them
out, push the mouth. Oh, every minute, you know, or every couple minutes to make sure that it didn't fall asleep. Now did that make the system less secure? Probably, because anybody walking by that computer can be that admin on that computer. It's clear, they didn't watch The Simpsons and see the opening intro, where they have the, you know, the they call a little water thing with like the you know, the beak that presses the keys for Homer when he's doing
the auto to been good. The automation right could have. Yeah, yeah. So what I've also had some conversation some hallway conversations this week and I found myself talking about, you know, my dad because I think we as security people. Like I yeah, you just popped open and And boom, you're on your way and I think about my dad or people like him, who is it?
Probably just getting caught up to how getting a one-time password over SMS works and they're like, you know, it's ubiquitous now I know that's where we have to get, but I also thought to myself about how differently some of the authenticators work from user experience perspective. So for example, you know, the Microsoft authenticator made Do
something worse. Has I'm going to pop up a number, then you're going to get an authenticator message to your phone and just say what number you, see, for you. Pick a number from a from a list, the Google Authenticator
doesn't work that way. So what I got to wondering was, is part of what you're driving with this ux committee, and maybe we can talk about the ux committee a little bit and what your goals are, is it try to get some ubiquity there because I feel like you Korea's is what's going to make or break the success of more advanced authentication. It's like when people kind of get it and do it and it's simple and they understand it used to do it all the time, but I can
never see my dad downloading. The Google Authenticator and scanning a QR code. It's just like he probably does the stuff on the computer when he has to do it. Mmm. Yeah, I think you hit the nail on the head and Mitch galavan was He's talking about this very eloquently just a half hour ago on the main stage and he's one of the lead ux designer at Google and he was talking about how the move of authentication to the device to their mobile phones is an important inflection point for
authentication. And it really is, I'm trying to paraphrase a little bit of what Mitch was saying, just a few minutes ago. You know, when, when you have billions of people that are used to unlocking their phone every day, a hundred times a day, that's a behavior. That becomes comfortable and well-known and well-understood. So, your dad and you in the example that you gave can likely unlock his phone and he has no problem with that.
And he understands it's a security step understands how to perform I'm that task and gets through that task pretty frictionlessly by moving our authentication with passkey with Fido of moving, that user interaction to be the same way that you unlock your phone that you can now unlock. A website is very, very powerful. So it's not as if there are some new behaviors that were seeking to to make with Fido, but we're really piggybacking on a It already exists and that's the key.
It's well known well understood. It's it's it just works and even with passkey I don't know how much how deep we want to get into it is that there's other there's other parts of the UI with passkey that do the same thing they piggyback on an existing you x pattern that's tried and true. I think that's one of the things that I like to give the Apple credit where credit is due is they have popularized and made it very simple to take advantage of Biometrics.
Absolutely touch Matrix been around for a lot longer than Apple was doing exactly, but they are the ones that that made it ubiquitous. And the way that I think about it too is, you were subtly trained to use these things. Sure it was like, oh, here's how you log in, right?
You've got the prompts on your phone itself and kind of Shows you how to do it but you also see in the commercials oh look how easy it is and you see the face ID and the fun logos and how easy it is and stuff like that. And I think not only is it marketing obviously for the product, but I think subtly somewhere, there is a look how easy this is and you're starting to see these patterns and you
just pick up on, right? You see the same Apple commercial with the Funky Music and whatever it might be, right? And then you see it and I'm starting to see the same thing with Google, right and their pixel phones, and then doing the marketing around, you know, them. I'm launching their various authentication schemes were
Biometrics and things like that. Mmm, in my is that tinfoil hat of me, is it my thinking too hard about it or do you think that actually is a conscious decision as part of marketing, a product to show some of these features in a way that is, is more of a subliminal training to the people who might be interested in it? I mean, I can't speak for. I can't speak for them too but I see it the same way. Okay, great minds. Think alike.
Ha, ha ha, ha, ha. I wonder if You know, some companies are looking at having a different process, helps them lock in their customers. And so what I'd love to see like the, you know, the way like, like streaming TV apps authenticated and everything is kind of the the same, whether it's Google, Microsoft, Apple. So don't feel like, I'm getting locked in or don't know what to do, things like that.
Because I think that really Maps back to what is a good user experience is that people don't have to read instructions in order to authenticate, right? I think the other thing that a good user experience is like, if I lose, or I get my get a new device, I could end the unhappy path is that it's not insecure and it's not like rocket science to figure it out.
It's not different. The way everybody does it, but I'll throw the question back to you, Kevin, like in your mind if somebody wants to know what is a good user experience, how do you explain it and broadly Beyond authentication? First thing that comes to mind is the solves a real neat? You know? And you know, does so in a way that allows somebody to focus on what really matters Authentication, Isn't the tasks that anybody has?
It's not what really matters? In other words, if I need to sign in to deliver a piece of work at work, the authentication isn't the end gold. So what that case is just never the end goal if we can allow to be secure. It's a great experience. If that Fades away and just lets you get to that thing that you want to do, you know? And doesn't get in the way with with all these other hurdles you
have to go through. Yeah, because to me the I don't know, some ways I think the authentication part is the easy part. It's I got a new phone. Oh you're talking about the edge cases is the unhappy PLM? Happy Valley. Yeah, well that's that's frankly. I'll just say I think that's been the you know, it's been a real challenge. Yeah. And that's what past passkey Sol's for a lot of that. No, because if I the whole definition of a passkey, is it survives device loss.
So, if I lose my device, I get a new device. And I, and when I get that new device with that same platform, provider that, that passkey will then be on that new device. That wasn't the case until passkey there had to be other recovery mechanisms. So, you know, account recovery is is the hard is the hard The hard thing to solve for even within passkey, I'm not going to say that.
Passkeys like that, you know, the ultimate Silver Bullet because they're still edge cases with passkey, where you can't recover the keyer, you know, there could there can and will be cases that Brands need to solve for around that. So yeah, account recovery is a big one.
Finally went to ask, like, do we cover pretty much what you covered in your sessions during the conference and then were you sitting through other sessions and did you either hear anything that that challenge your way of thinking or they, you know, it's great. Confirm, your way of thinking or was the new education out there that you picked up a lot.
And I'll just answer the letter question first, which is You know, you know, income in person conference like this, you know, the meetings, the meetings after the meeting is where I've
learned the most. So it has literally been in the lunchroom, you know, at launch and hearing a conversation and saying is it okay if I listen in and that's where I've learned some of the most important you know pieces of advice that I'll take back you know to my work next week and and in some of those larger Keynote speaking tracks. I've learned a lot there as well. One thing we didn't talk about. I do want to let your audience
know about this. Another thing that we launched is the the phyto design system, I might have mentioned it. There were several ux talks one of them at authenticate. This year was launching of the Fido Alliance design system, you can find it. Just tell you where you get it Fido Alliance dot org slash design Dash system. So there's a whole presentation on it, we had about a dozen designers, accessibility specialist ux researchers from around the world that help put that together.
If you're in the authentication space, you're creating new experiences around authentication, you know to go. So go check that out. It's the first version and I will say, the first version does not. Not include passkey, but we're doing passkey ux research now, and that'll be published in the next. We'll say, ER, Q early next year and that will be incorporated into that design system, and I'll drop a link to that in our show notes about. Thank you, hopefully find it.
Yeah, that'd be great. You know, I was just thinking this conversation back and forth, you and Jimmy just happened just now and remember how I said I give Apple credit, and when it's due, I'm so going to dump on Apple, whatever it needs it. Because it got me thinking about this About passkeys, right? And and sharing them, and sinking them between devices and things like that.
And for those who aren't familiar, the new iPhone 14 in the u.s. now uses Isom instead of a physical Sim For someone like me that sucks because I like to change devices all the time and it's very easy for me to pop out my physical SIM card and throw it to New Device. I could no longer do that. Because now I'm on a nice M because I'm using the new
iPhone. If I want to switch to a new device, there's no easy way for me to transfer from an Apple device to a Android device, which I am prone to do is Jim wouldn't, Jim will tell you. For that to work. I actually have to call somebody get on with customer service and say here's what I need to do and then at some point during that call I'm going to get dropped because they're going to transfer my service or not finish it.
You know provisioning the new sim on the on the new lease amount of advice and I think about that usability and all the credit that what into like oh yeah made things very easy. They went ahead and launch this knowing I'm assuming that that
gaps. Still exists and it's basically forcing us to move to the East and least in the u.s. under lock in. It's not vendor lock-in, it's just a poorly design process because I can Port my phone off, an Apple device, whenever I want and I see us very similar to sort of, almost like the passkey experience where we talk about the unhappy path. There are certainly some gaps still in Pass Key implementation.
You talk about hallway conversations and I had one myself and questions of all how do you invalidate a passkey? There doesn't seem to be a way right now and I think that's probably something is going to come up in a couple days around. You know, what does that look like?
From not only like us back perspective but a design perspective because if we're assuming that passkeys are going to, you know, be part of the process that we want people to authenticate to and they're going to share their passwords with somebody else. How are they going to invalidate? That are you asking? I'm not asking, I can't answer. It.
Yeah, I'm just thinking, you know, of, you know, those are the types of usability diving at what I wherever, I'm aware of the discussions, but I am not going to try to answer that right now. Yeah, no, I'm not gonna put you in a spot for. I'm just thinking out loud, right here is what kind of the conversations and, you know, Jim asked the question, what makes for a good user experience and I'm curious, you know, how do you apply some of those principles to the phyto standard?
For example, I know the US has been a big Focus for the last couple of years and I remember Andrew actually talking to us about it. Several, Is back, kind of mentioning it as well. You know, what are some of the principles that are like, you know, Hey Kevin says, we need to do this to make this thing usable, right? No, such as Kevin, right? There's a whole bunch of people doing it. But how much influence does the design and the usability? Go into?
Here's how it's actually going to work in the real world. Yeah, well we the way we've laid it out in the u.s. committee and Fido is there's kind of three levels for usability of Fido. One our best practices that Brands and you know, relying parties. I keep on saying Brands relying parties because some people don't know what relying party means. So that first level of usability is is in the control of the relying party.
They're in control of their website, they're in control of how they present the authentication, their control of what words they put on screen. There are control of what the button looks like, and what the label says on the button there control of all that. That there are best practices around that, and we provide a lot of those best practices.
So that's kind of the Baseline, but if we move up from there, there's another level a second level and that is ecosystem, consistency across browsers across platforms. People have lots of different devices on different platforms. And if the experience is different from one of the other, it creates friction, as how does this work because I, it's not, that's not what I saw previously. Lee. There's an extra step in here.
Something's wrong. So, that's the second tier, which is that ecosystem consistency. The third tier is really usability challenges or opportunities that can only be solved with adjustments to the spec. Perhaps that's probably the most difficult because that requires a tremendous amount of collaboration with very technical people and long thoughtful conversations about the relationship.
Between usability and security. We're starting this is, you know, this is still new for Fido Alliance to formalize. A ux practice or way of way of producing guidelines. We're still really focus on that that bottom line of just helping our peas, do the right thing that's in their control. But I will say, passkey does is A move at that higher level where it's not a change in the spec, is really the spec hasn't
really changed much. There's a some, some, some addition not in addition, but like ancillary adjacent options that you can have to support passkey, but that fundamentally changed changes the usability. So that is an example of where we're getting. And across the three platform providers to make that needed usability change. It seems like usability is a never-ending Journey, when are you done? And it's like, okay, we've got a ship like we're done. It's too hard to answer.
There's no there's no there. There really isn't, there's no single way to answer that because it all depends on the context of what the use case is with the unique business environment that you're in. But I think the bigger point is that it's not, it's not ever done and that you have to iterate. There's one other point. I didn't necessarily get back to, you know, your prior question. What makes a great user
experience? There is something else to consider that's being more and more spoken about and a and accounted for and Fido. And that's accessibility. So accessibility making sure that The best practices that we provide and even the implementation of these Technologies, like passkey, you know, making sure that they're accessible the platform providers. I say, do the best job at that, as a designer, who's been doing this for a long, long time, if you can Base.
A lot of your ux UI framework on what the platform provides, then you have your, you're likely to get the best accessibility out of that platform. Meaning. Yeah, meaning people who have low vision can use the system. People who are blind can use the system people who have cognitive disabilities can use the system. So it's that accessibility It is a is goes hand in glove with usability. That's a fantastic point. No, that was the question.
I was going to ask this, like, what do you mean about accessibility? And I remember working on some design documents for, you know, government websites and like what they have to go through to be, you know, ad a TA TAA compliant, tremendous amount of work and it'd be nice if you could just plug into something that makes your experience. Whatever that is, you're a poor things like that.
And like you said, I guess the answer is if you can leverage something off of the platform, that's the way to go, it really is the amount of it does take a lot of work and we're in a new industry Tech in general, is still just new compared to other Industries, and we're learning how to build accessibility. And from from day one, ultimately, if you make a digital product, Accessible. You're helping everybody. It does help everybody. The same thing in the physical
space. It's Ada law that you have to, you know, a ramp to be able to get into a public facility, that's people in where wheelchairs Etc are, it's accessible, right? But it also helps the person pushing a baby stroller, you know, it helps everybody and the same thing applies to the digital space. There's many examples, Designed for accessibility it, makes it more usable for everybody and I'm and I should give credit where it's due within the ux committee.
There's a woman from VMware, joist Ishita. That is a use of accessibility specialist, that has really contributed, so much to Fido and to the ux guidelines around accessibility. So I have one final question before we start to wrap things up and that is is how much so we're moving towards standardization and specs and things like that were trying to be consistent with things. At what point does. The the I guess the question is is the user experience secret sauce?
For a product, right? If if we're in this space was like, oh yeah, everybody's using passkeys. What's the differentiator to have 40 different Pat companies that provide passkeys is that the user experience or is the user experience. Something that does get contributed to sort of like the public domain. And hey, we were adopting the style of button or image or whatever it, maybe I'm just curious from my own.
It's a really nuanced question that you ask is if you if you're asking it of me. Me, I work for a vendor in this space and so, you know, it's very real, but yet this same vendor is producing all these guidelines that are just available for free. So there's there's so much room to add value as a vendor in this ecosystem and it's just a matter of deeply empathizing with the needs of brands that are seeking to deploy deploy them. So we've been mainly talking about the end user. Experience.
But there's also the developer experience, you know, and there's all kinds of other. There's the there's the legal teams experience. There's this the CFOs experience of show me the numbers, show me the data I want to see the data. How is this new authentic? You said this new authentication was going to affect my bottom line. How is it going to? I want to see the numbers. So there's there's all kinds of ways in which you can build value even If the end user experience has some good
codified, best practices. Now it's the reason I bring it up is because I think Jim earlier was describing, you know, here's how Microsoft does their authenticator app does a different way, right? Apple does it off the last pass? It seems like everybody has just a slightly different version. Yeah, sort of doing the same thing and if we're looking to make it easy it would seem to me like having a same process and having something else be the differential.
Are would make more sense. Yeah and I'm at the I don't ya so you're seeing that in the space, some of the free apps and tools, you know, the probably over time not be needed and they'll be other areas where we have to innovate and it's interesting. It really interested to see where the, you know, where the password manager companies go.
Yeah, I was having a conversation with that too and I think it's interesting where those are positioning but that is a conversation for a Time. I want to start to wrap things up because I know that you're a busy guy. You literally stepped off of the stage and into our room and to do this. So really appreciate, if I want to give your voice a break. But before we go, I was doing some osint and notice something that is unique.
I think to any of the guests that we've ever had on the show and that is it appears to me that you are quite the bladesmith? Am I in fact correct on that you are. Well I wouldn't say. Played but but if I do make knives, yes. Okay. So tell me about this because I'm fascinated about we like to end the show on a lighter note, and Sir, get out from the depth of identity. And I thought this was really interesting.
I mean, I was, I was kind of looking at some of the stuff that was out there and say, wow, this is really cool stuff. And I'm like, how did you get into this like deal, man? Yeah, well, here's the deal. So a lot of those probably five, six years ago. Jim you mentioned it earlier. So, Fortune to fire a show, Go on History Channel if you haven't seen it, go check it out, you'll love it.
But I don't know about every guy had like if I see something that looks interesting, like I want to learn how to do it, you know, as like going to travel to Italy and have all this gelato. It's like when I get home I want to learn how to make gelato, not just buy it. So I want to learn how to make make these knives myself and it's been quite a journey. But most of my hobby, I spend so much time in front of the fragile glowing screen is what I like to call it.
Then I just like my hobbies to be away from the fragile glowing screen. So to work with metal, that's up at 2200 degrees and be hitting it with a hammer that's away from the fragile glowing screen. It's a lot of fun. There's craft there's like metal work, obviously, but they're woodworking. There's all sorts of Metallurgy and Science and how the different steals behave. There's a tremendous amount to that and then we like to cook.
I like to cook with my two boys. My 11 year old, is he loves to cook? So, every couple weeks once a month, I have a new knife. It's like here, Hudson. Here's the knife, be very careful with it because it's extraordinarily sharp. And then we like to cook with him. Yeah. The fortune fire, what I really like is it's kind of like a
historical angle to it as right. So, yeah, the project that they give is usually hey, this was from the Ming Dynasty and it was a special kind of Of, you know, there's what's the difference between a sword and knife? There's probably very technical definition, don't know. There's all these other different types of blades or you know weapons, but there's always that historical angle so I'm wondering to you.
What's your favorite will be, what is your favorite knife and have you done something like that? Like taking a historical bend on any of this? Well, I'm only on my maybe 12 knife so it's not Haven't done dozens or hundreds of them, I am making a sword. I'm on my third, third sword because my son asked me for if I could make him a katana for his 13th birthday. What kind of Sword? Katana is a Japanese speaks Japanese sword. Yeah, so I don't know.
My favorite, you know, there's something called Damascus, which is the pattern steel. It's, when you fold steel, and it creates this amazing pattern, you could have thousands of layers. Of Steel within a sword. And you see that on the edge of the blade. It's very, very beautiful. And I've done some of that integrating copper in it and stuff, but the thing that I really have enjoyed is, it's called Mono steel. So a single steel, but doing a differential, this is going to
get really nerdy quickly. I love it. Keep it, you're good at, but you do a differential heart of heat treat on the knife to produce what's called a hormone, and it is a line that you see on the blade and that It separates the hardened steel from the more softer, see of Steel. And you do that so that the the steel Edge that you're using all the time stays Harden, you don't have to sharpen it every day.
Every week, every month, like when I make my knives, they stay sharp a long time, but then the rest of the blade can be more soft and malleable. If you drop it, it's not going to shatter like glass, you know? So producing that home alone, doing that differential, heat treat is. Man, there's so much science craft like materials. You have to research. I just love it.
Yeah she'll be times when I show where someone thinks they've created the perfect sword and then they have breaks the guy wax it against the you know tree a few times to shatters. Yeah. Yeah. How long does it take to make something like this? Like I should say like I don't know. I don't know what an average knife or blade would be. But how long does it take to put something together? Right well for me I'm you know I'm doing Nights and weekends.
So, you know, at this point, it's like, 34 weeks to correct kitchen knife. I'll make a very large kitchen knife this 34 weeks, but, you know, it's kind of like, what you just asked earlier, is it ever done? I've been trying to force myself, you know, every knife. Don't Be Afraid freshness, just finish it. And then, all the things I screwed up to take to the next one and then try to make that next one better, you know? So I try to just just finish them either way.
Even if the other A bunch of mistakes in them. That's so cool. I wish, you know, people could see this goes like this. Just a smile on Kevin's face right now. He's like a, like a, like a passion and, like, just a real Joy from it, which I think is fantastic. I mean, it's, it's infectious because I got me smiling too. Well, check out Fortune fires. It's a really interesting Community is a lot of people doing it these days. Yeah. And I don't think it's the cheapest hobby either, right?
Oh my God. So yeah, the friend of mine who I use his very large honey. It down power, hammer near where I live. He says common phrase and blacksmithing is why why buy something for 20 bucks when you can make it for two thousand dollars? You know, it's the only like that these knives need of it. They don't. It's a lot of, a lot of tools. Sounds an awful lot like a lot of security. Yeah. Like the Fairly Odd.
Yeah. All right, we're gonna go ahead and let you get on to your crafting, your next Project at some point here before we go any final thoughts. Any takeaways from the conference and I think this is really kind of the last recording that we've been doing here for, you know, for the authenticate conference.
But any final thoughts, just from the moment, I walked into the conference, I was just really impressed how much it's grown since last year and I think if anybody is doing anything and authentication, like they need you mentioned, it might be in San Diego, or it's going to be in Carlsbad or something. They should go next year. There's a great sense of community and yeah, I it's been a good event. Yeah, definitely hats off to the team here, I made it's a fantastic conference.
Can't can't recommend it enough. And I think there's plenty of content where you don't need to necessarily be an expert in. Maybe know the Deep guts of Technology of technology or authentication, there is something for everyone here and I think it's an opportunity to learn stuff like that, which is very cool. So Jim, any final It's this is our last show here from authenticate, right? Yeah I mean final alliances doing a great job pulling.
I think the organization Fido Alliance taking the photo to standard and you know shepherding it through. I think it's like the perfect combination because I think Fighter 2 is something different than the phyto alliance right. The fire lines are so important because it's having conferences like this and running the member plenary and you know, taking this We've been dogging on the password forever, right?
I mean we pull that one article Bill Gates at the passwords going away like overnight and that was like 15 years ago or something and finer lines didn't even exist at that point. So how's it going to get there? It's, this is going to be the main driver, I think. So, I'll of what is being done here. I guess more and more and more. Keep moving the ball. Yeah. Keep Even and hopefully keep driving adoption and organizations things like that. It'll get there over time.
So we'll go ahead and leave it for for this one. I'll have links in our show notes to Kevin to True Sona to the design system document or web page. You referring to. I found your while we're talking. And then for us you can find us on the web where identity the center.com. We're on Twitter at idac. Podcasts and special thanks to the Fido team. And again for our SM, for sponsoring our coverage, And will God leave it for this week and talk with everyone in the next one.
Thanks for listening to the identity at the center podcast. If you like what you heard, don't forget to subscribe and visit us on the web and identity at the center.com.