This is identity at the center. If it has anything to do with I am this is the go-to podcast. Now your host Jim McDonald and Jeff Stedman Welcome to the idea of Center podcast I'm Jeff. And that's Jim. Hey, Jim. Hey, Jeff, how are you? Oh no, that's bad yourself doing great, man. The keynote sessions were great this morning. Healthy dose of passkeys with our friend. Andrew shaky are from the Fido Alliance. I did want to mention, we are at
identity versus recording. So the month of June is pretty much going to be the sessions that we record here this week and yeah, let's get it going, man. Yeah, so the first of these, Relations that were actually second, I should say. We're, we did our open Fest it opening festivities, kind of thing last night. Turned out pretty well. I'm kind of Happy the way that worked out. And now we have a conversation with fine gentleman from one Cosmos.
We've got Jose finale of who's the chief operating officer for one Cosmo. So we've got old friend of the show. Not that, he's old Mike Engel Chief strategy officer for one Cosmos. Welcome back to the show. Mike and welcome to the show for the first time because Ava, how are you? How are you doing today? It was Ava. Thank you. Thanks for inviting. This is my first time longtime listener first-time on the show so I'm excited, right? I did my little happy dance as
well. Well we're excited to have you here for sure. We're going to get your origin story. Mike, you've been here before you were with us and episode. Well, a few episodes, this point, there was one that I think Jim you wanted to highlight was episode number 96, is that right? Yeah. Absolute 96 you know Mike was on the just talking about kind of pastoralists and identity
proofing. There's another episode where you were talking about your role on 1414 Ventures, but do want to highlight that because we're going to go back to past for Alyssa and identity verification and talk about that as kind of our main topic today. Yeah and so we're having a conversation Mike we already know your origin story. Will Point people back to that episode so we can get right to.
It has a flaw you're on the hot seat now because it's your first time here tradition is that we learn people's identity origin story when they join us with the first time. So what is your origin story when it Comes to I am. Is it something that you chose, or did it Choose You? So I did choose I am and but I have to be honest, I didn't know the extent of what I was choosing. So my first job was out of college and I was employed as an admin. I was running back jobs.
Running endpoint management software that time. CEOs, pretty big right on endpoint management. So I was, you know, for about a year, I was doing that. And then there was an opportunity that came in with the great socks for for compliance and said, don't worry about these batch scripts. All you have to do is get these reports of access for users, you know, you circulate it with different managers and tell them that you know, do you is it right? Is it not wrong?
Is it that sounds easy? That sounds exciting and that was my first foray into it so I chose and then you know, one thing led to another and how do you get the access? How do you manage the access? And now look back then. So I've never heard the words, great and socks in the same sentence before and your Chief Operating Officer. One of the things that fascinates me about this business are titles and I'm curious. What does a chief operating officer do for an identity
company? Like one Cosmos, nutshell, right hand box to the left hand but mainly making sure that you know, as organizations and especially startups, we tend to grow pretty rapidly and Sometimes our most of the time. So there's a lot of chaos right in rapidly growing organizations. So how do you try to keep that
in order? How do you make sure that every function, every department is going towards the overall vision of the company and making sure that that particular vision is also very clear with, you know, every Department, every member Mike. I think, for people who aren't familiar with one Cosmos, I know you have kind of given the should be able for, but what's the like the 30 second or maybe Give you 60 seconds to give us the elevator pitch. What is one Cosmos do? What's the problem you guys
self? Yeah, well, starting with the Genesis story and including the name Cosmos is Greek for universe, and idea is someday, we will have one identity in the entire universe, right? So when Ilan lands that spaceship on Mars, you'll use your identity to prove who you are and get into the little bubble that he builds. And so, there's a couple standards that we all know and love that we've talked about on the show quite a bit and We're going to talk about those here today, but that was the
principal. The company is, let's figure out one way to prove who you are and use that everywhere you have to engage online. Does a great analogy, Mike this week we're focusing on the future of identity and we came up with this term goes to Adamas week, right? We want to talk about how things are going to be in the future and one of the topics that you're hearing a lot about it. I Denver's this week, Andre brought it up in his keynote
yesterday. Was this idea of like user-centric user managed identity is going to replace the corporate ID P managed identity in the future, right? So people are going to have control over their identity, that's going to change the game. So mix that in with kind of the buzz terms of the industry self Sovereign identity and decentralized. Identity from the tip of everyone's tongue and kind of want to get your ideas. Diaz and your thoughts on, you know, how reality how real is
that? What's it going to be like, in the future? Where we at today to start us off, but where do you see it for five years down the road? Well, I'll answer your question with a question when you get pulled over by a State Trooper, not that you ever have but hypothetically or you go up to the TSA checkpoint. How do you prove who you are today?
TSA checkpoint. Yeah it's both of the plastic card as guards a credential And they look at your face and look at the credential and say they match and we know that we can do that online. And I'd like to spend some time diving into the mechanics of that and the privacy of that. As we as we have this discussion today but the future of identity must involve Biometrics and I'm not just talking about Touch ID
and face ID, right? I could have five fingerprints on my iPhone 8 that could be long to anybody but real Biometrics so that state trooper. Looks you in the face. You need to do that digitally as well and there's ways to do it that are safe. But of course, we have had a number of setbacks from a PR perspective with State legislation like Peppa if you're familiar with the Illinois law suits that are going on, that are setting us back things that happen with the IRS etcetera.
So the future is a combination of privacy Biometrics and you mentioned self, Sovereign the terms getting a little old these, you know, it's like nobody knew really knew what it meant when it came out at you, Really, creating your own identity. Well, it's user managed does the term that I like to really use. If you're in control of it, nobody else can use it. So, that brings up wallets and the ability to put a credential somewhere. Safe that we'll talk about here today as well.
Do you think three, four, five, maybe ten years down the road. We don't carry physical will. You know, wallets are pocket anymore and I meant have, you know, plastic, driver's licenses that Everything is smart enabled and put on phones, is that only for people who are, you know, modern and use smartphones? Where do you see us? Where is it? What's the evolution look like? Yeah, as the older generation is not the primary user of Technology anymore.
I'll try to say it nicely, right, you'll see. Now everybody will have a device or be comfortable with using Biometrics, right? If I tried getting my dad, you know, he's a 80 years old to use his phone to do something. It's really hard for him. So that generation will be less and less of the of the majority online. And I think it must go to a digital form. We can't then plastic is copyable, Right. Forge documents are really hard to detect.
You have a, i that can now spoof all kinds of things. So we have a lot of challenges we have to work with but it has to go digital because of the bad guys know how to digitally manipulate everything as well. So who's the father this questions for you? What's it going to take to make this happen? You know what is it is just time that it has to kind of percolate. And then what are the big challenges order? The big enemies to this happening.
Maybe it's what Mike brought up there with, you know, just generational not ready. I mean, my father doesn't have a smartphone, you know, he's still using his flip phone. So what's it going to take to make this happen? Happen. You know, that Vision that Mike just painted and what are the roadblocks or stumbles? So in some areas in some geographies, it's already happening. Maybe not to the entire extent
of the population. But for example, you mentioned, you need to carry a wallet and in a lot of other geographies, everything is on your smartphone now, including a driver's license. So one, big proponent of that has I mean the government's so I know that there are certain European countries India where you get a driver's license and a copy of that onto your phone, you have your payments on to
your wallet as well. So one big proponent of that is even your government issuing your credentials that is consumable into your smart device and then over a period of time that's going to be more encompassing. Now. And then, if you look at it, you have to look at it with the, with the, with keeping your customer identity, use cases. And then your Enterprise, I think, Enterprise will be a little bit slower to it out, just because there's more control that I need.
I need, you know, to have energy or credential, or a nadie credential that I want to use to provision and account. But if I'm shopping online, if I am, you know, signing up for any kind of a government service, I want the ease of, you know, signing to go through the identity verification once,
right? And then use my wallet to sign up for multiple different services and then as a service provider on the consumer side, I also don't want to take on the liability of managing millions of different, you know, identities or counts. So if there is More of a common framework that is available. May be ready to essentially use that help. You understand the walls a
little bit. So on my iPhone I've got a wallet is part of the IOS operating system organizes, you know, that you have got credit cards in it, so I can do Apple pay. I've also got all kinds of like boarding passes and other stuff that ends up in the wall. I've got Starbucks card in there. Is that the same wallet that we're talking about? Or is it going to be some proprietary software that I run, you know, download from the App Store and that's where I put my
digital credentials. Yeah, so today it is mode of proprietary software but the industry is going towards, you know, much more of an open wallet that you can use, which is your wallet app into your iPhone. And the idea is that every credential that you have, which has been verified and the whole concept of a verifiable credential that gets captured, Into your iPhone wallet, you can
then essentially use. So for an end user, the whole notion needs to be that there is a in a credential that's been assigned to me that goes into my wallet. Let's say that's the driver's license or my certificate from a university, my employee record. And then I can use that I want to touch on this wallet subject, because I don't know if it is the same wallet because we have vendor lock-in now. So if I want to change my identity, if I'm stuck, On iOS.
How do I move to Android? If my wallet is a Apple wallet, for example, and the same thing for vice versa, right? With and Andrea whether it's Google pay or something similar to that or Samsung pay is, this may be a role where some of the password manager type Solutions, might be out there where they're creating their own wallets is it a separate Financial backed wallet, for example, how do you see this wallet thing? Kind of playing out? Because I think it gets
confusing, it's okay. Well, We're talking about getting rid of our physical wallet, but how many virtual or digital wallets in my gonna start carrying around? Is that an app for each one? I guess. And maybe we grow into something or maybe we grow out of something. I'm not sure, but I'm curious. Michael start with. Uh, where do you see wallets? Just, as a general going from a digital perspective. Is it am, I am I going crazy here?
Thinking like, oh my gosh, I'm going to have like, eight different wallets for eight different things. No, it is messy from a standards perspective. So Apple has Created a way to digitize mobile, driver's license in a couple States. But the only place you can use it is I think at the TSA and then you have Banks starting to create their own digital identity like you mentioned. So the viable players today that I see creating wallets globally.
We have sing paths and some government-sponsored ones that are just amazing. When you see how well the apps are done and how extensible they are here in the US. It's we're 20 years, we're going to be Is behind just like we were for the adoption of chip-and-pin. How long did it take us to use a trusted credit card for in-person transactions that took Target getting hacked and they were doing it everywhere else around the world for ten years and they're looking at us around the world.
Be like, you guys are still using magstripe. I can program that with a five dollar piece of equipment. So in my my opinion, the only entity that can issue a credential reliably about who you are in. The physical world, is the government. That's why we have driver's licenses and passports.
And until they figure out what they want to do, you're going to have all these tactical Solutions if Apple could digitize my driver's license and let it be used to open a new Saks Fifth Avenue shopping account. I'd do it in a heartbeat. So what everybody else? I don't know if they're not ready to tap into the states to verify that and they don't want to take on the liability. I would think and how that's pretty slippery slope.
So it's very messy right now. You have the mdl standard and in a verifiable credentials which are two. Credential standards that are out there and it's just going to take time and market adoption timing is everything as they say. So let's get into a little bit about. I think the most important part behind the wallet is, how do you actually get the credential there and identity proofing in the first place?
So, if I'm going to have a digital identity, some organization needs to say, okay, we are giving you, this is a credential and is a few mentioned in India, for example, right there. There is a couple versions sounds like there's a physical document and a digital document goes along with that. So let's talk about identity proofing. Where do you see this going in? The future is it multiple credential providers doing this? Do you see something like Bank of America?
Does one thing Capital One does another US Bank doesn't other, do you see maybe Consortium of financial services has like their provider versus government has other Education or medical and things like that. I'd like to get into that a little bit and just kind of understand like where do you see that? That identity proofing concept going and maybe if we if you want to have anything else, you want to add to that feel free. So I'll tell you today.
The identity proofing is, is primarily meant to check the authenticity of the user as well as your physical, the car, the plastic card, this will evolve more. We're in this lot of friction. The user has to stand in front of a Camera your disk and whose documents the more this becomes digitized. Let's say there's an mdl in place. All I need to do is to verify with the state in u.s. that this particular mdl has been issued
by them, right? And there's a lot of cryptographic ways to essentially do that. So identity proofing is the means to create your credential in the wallet. I know that's a mouthful, right?
And multiple bunch of different terms but the the what is, Is what is required today is to essentially go through the proofing Journey so that now I can trust the credential that is coming in and and and the path in the future would be that I may have to still do proofing, but I just need to prove you know, if it's actually Jeff who is using this particular wallet and and the credentials are coming from multiple different
sources. They coming from government agencies and I'm just verifying with them. What do you think is going to be the accelerator where it's like you hit that point and it's like oh yeah this is the killer app or can't really use case or whatever maybe that really drives adoption because I think Mike pointed to you know unfortunately we tend to be rather slow on some of the
stuff, right. We're behind in some areas at least in the US but other than time budgets I feel like we have the technology everyone for the most part has a smartphone. Lots of services have been digitized. And what is the thing that is going to? Or maybe a couple things that really say, oh okay, we've hit this inflection point and, you know, it starts to see exponential growth versus kind of a slower path.
So saving dollars fraud reduction in fraud as the common tribal bit, which every Industries are adopting it. Some of the leading Industries are on the financial side because repeated cost and Cave. I see Canada has a good model in
place. There are other Was a TI see those two weeks back I guess and they're the discussions of proofing is about five years ahead of what we're talking about now they're talking about verifiable credentials how they can essentially use it as well but yeah to answer your questions industry wise. There are multiple different use cases and examples kyc here in US. Healthcare is come to an inflection point. There is deaf cow. There are in other standards in
place. Which essentially say, I need to be interoperable with my different networks with my different providers and for that, I need to have an identity wallet with a proof of identity in place as well, and then maybe they're a couple more Industries.
Yeah, the healthcare use case is probably the most advanced that I've seen in the United States. So there's an organization called the Karen Alliance. Then I'm sure you've seen it to some of the shows that we all travel together and Karen is spelled c-- a Rin. It's not some lady's name. It stands for creating access to real-time information.
Now and what it means is you are obligated as certain types of providers of platforms, for example, Epic Systems must allow you to download and access your own Healthcare records. That's great. So, you whip out your Apple or Google Wallet today. Right now today and go to health and say, get my data. If the hospital you're going to is an epic, and there's a couple other providers epic required by
law. Now, to give you access to your Our own data, the next stage of that is to, then, to let that data flow from one doctor to another or one provider to another. You now, painful that is now when you go to a new hospital in Timbuktu and they're faxing papers or just you know they can't find you whatever. So this Alliance Karen has brought together about 40 different, payers providers, and Technology providers, like us to improve a Concepts and put out a big white paper about this.
It's real, it's actually happening today, so that's exciting. The you Case was there protect my data HIPAA that those types of principles digitized and allow me to access it and then share it in a privacy-preserving way. So that's exciting. And when we see, maybe they'll be a mandate that requires this in the banking industry. Well, now you're going to have some things starting to happen that's one way that the path could be accelerated. Money usually drives stuff.
That wouldn't surprise me at all because for every regulation. Yeah. Regulations which you could argue, could be driven by money. Let's talk a little about pastoralist because I think this is something that I've been bullish it on for a few years. Now, this is a space. You guys definitely playing as well. If we go by Bill, Gates is calendar. The password died in 2006. I know about you but I've already typed in three passwords today, alone to get in different
things. So, we're behind there as well. Perhaps, where do we see password list going in the next three to five years, is it did. You know, obviously the Fido Alliance and getting Apple Google Microsoft kind of all on the same page from a browser. And a mobile perspective was a big win, we're starting to see, passkey support roll out. I just set up passkey, I my Google account the other day and it's great. Fantastic. When are we going to see more of that out there and really get
into this pastor Lewis base? Michael start with you. And then I want to hear who say, for your thoughts, from, from your perspective, how you see it going? Yeah, spaz wordless is here and there's a quote by Reid, Hoffman, who founded LinkedIn. And, you know, I think he's part of the PayPal Mafia. But he says, if you're not embarrassed by your first release, you waited too long. Well, that did not happen with passkeys, it's out. There it works. Sometimes it works.
A lot of the times depending who you are your environment this or that. So I see it breaking and lots of places but it's here and to your point when it works works. Well, it is the future. The Fido Alliance has really Made this this a reality. And now the reason it's possible it was not possible eight years ago because we didn't have a place to keep it private key. All right, the phone's didn't have TPMS and and the standards weren't in browsers to interface it. So that's all here.
Now now it's a matter of working out the edge cases to make it really a part of our day-to-day. But password list is a tool. It is a way for you, to present a secure credential that secure credential needs to be linked back to a real-world identity to really prevent fraud. So what if you have a passkey but you don't know who's presenting it.
Alright, so a lot of times the fallback comes username password and I when you have to set up, or re buying or go back to your cloud provider to go fetch the passkey, so I'm going to will see a linking of the identity proofing, which we spend a few minutes on here. With the issuance of password list, Fido, passkeys that together something we refer to
as identity. Based authentication without those two together, you have H ba instead of IBA HP, a stands for Hope based authentication and we don't we don't like that. So I had to get that one in there so I'll yeah it's here and every organization is talking about it. Now the path to get there, the adoption is where we see companies differentiating in their A Journeys and on the Enterprise side that is a much stronger adoption for password
list. Number one, they controlling the users they control the systems and the need is just reducing costs to. I have 100 applications on a thousand applications. Right? How many password reset cost that I can eliminate. So definitely from that perspective. On the Enterprise side, we have seen in the last two years that every organization has some effort of password list. When it comes to on, on your customer site, that's where there has to be a little bit more adoption and place some
more edge cases. I don't have a SmartPhone. I have a flip phone. Right? How do I get those users into the mix as well? So we can provide much more of a standardized experience, is there a point where we say, You must be this tall to ride. You must have a smartphone of this level of capability, TPM, chip, or some other secure, Enclave, whatever it may be.
And you know, if we keep designing for things that can't support it, I feel like this is where I right now is we're not moving because we're still kind of holding on to the past so Jeff I have the mindset that it's not black or white you have to give the option to the user and that's what we preach to organization that we talked to that. Don't approach any password less initiative as I was with passwords yesterday and I'm password list tomorrow.
I would rather have it as you introduce it and then you have your adoption curve towards it. You incentivize them, you tell them that you sign up for my for my password less, right? You don't have to do XYZ, right? So I believe that's the approach that organization especially on the consumer, the customer facing sides. Have to adopt, give both the options to the users, right? I think it's a really important thing is, I think that sometimes gets lost in the messaging.
It's this binary thing, either your past. So so you're not only the Sith deals in absolutes. I think it's just another arrow in the quiver of an identity professional to say. Hey this is a good use case rapacity. Let's give that option to people. Some people take a management, some people won't especially think right now. I think we're in this adoption cycle, right?
The Technology's there, the things are there but people may not be comfortable, whatever reason, or maybe there are different methods for delivery of that information, but if we start providing at least as an option, great To your point, should not be the only option. Maybe maybe it is, maybe it's not a good option. Maybe I'll put you guys in a spot. Is there a spot today that you guys can think of where Pastor Willis?
Just doesn't make sense. Take every other factor out of this cost technology political ramifications within the organization where that looks like. But can you think of any scenario where password list just is not a good solution today? Well, the definition of pastoralists is One Challenge, as I'm doing a talk in about two hours and it's the five either things to consider as you go password list or the five
pitfalls to avoid. And one of them is defining, what your password is calls are, right? Is it, if you Google? I did a little slider. It says, here's G Petey's definition of password. Listen, here's claude's right there. That one of the competitors they're completely different and Merriam Webster says to be without passwords, right? So, so it's so vague. I mean, there's no.
Cuse that in any industry. Where you couldn't as an example if you do it right have a webcam and just walk in front of it, Minority Report style and boom. You're either through a choke point or logged into a terminal and you're good to go. Like on a manufacturing floor, wearing gloves I got a helmet on like there's all these edge cases that you do need to handle and I think we can get there 80-85 percent.
Pretty quickly. That 15% will be you'll need like four or five different options to be able to handle them. I don't know specifically of a Example, but like the manufacturing floor if you're full get up and you got to do stuff is not a good way to interface with any technology. It took a while for the iPhone to catch up with wearing masks. Yeah. You know who couldn't do the face idea unless you brought the mass down depending on your setting that was acceptable or
not acceptable. So what I wanted to bring up was the user experience because it you know, I'm I'm pretty hot to trot on the passkey. I think it's a major step forward. I think that The user experience committee over at Fido alliances doing yeoman's work to get commonality in terms of how registration for passkeys goes and things like that. But also if you sit through a demo the four of us are all like wow that's really not that hard.
But then you know, my lens which is I think could my dad do this. Yeah. He he would say forget this, I'm not once he hit A wall he be done. And so, I think that it's the Catch-22, which is it got kind as to get to ubiquity the Catch-22. Part being you can't get ubiquity until it's like everywhere. But it's hard for it to become commonplace in easy for people until it gets to that point.
So you have that that uncomfortable transition, which I think we're just in the beginning of now to get to the Point where her people are comfortable using the past keys, and registering for it, and understand what's going on or not having to understand what's going on. But if you are going in as like, okay, use your Microsoft authenticator and do this and do that.
And it only works within this realm, I mean that's going to be confusing and I use my dad as an example, but even for other people in my life, my life who are not technology people. It's they don't want to understand and all what's going on, they just want to get into their service. Of course, they don't want to have their information compromised, nobody wants that, but they don't have to jump through hurdles. So that's where we have to get.
And I sort this transitions all about one important thing an analyst told me and he said that we always look at the problems, you know, from a first-world perspective. And if you look at Latin America, if you look at Asia, there's a large volume of users. You cannot expect them to have a password less experienced similar to what we have. So, it's important to understand, you know what, their challenges are phones, Etc, and they have MFA requirements.
They just introducing the government's introducing that, so they may still go with the Legacy. Third of a username password and an OTP, you introduce more friction for them. And then in those geography, is if, you know, for this more users, would more tech savvy. You lessen, the friction you don't have to do it three times just to send hundred dollars from one user to the other. But you have to understand the audience, all right?
And introduce it. And they will get to the adoption curve just based on more technology, adoption Etc. But Knowing knowing the user knowing the geography that you play in as important as well. Yeah, I think, you know, in terms of the transition, hopefully, it doesn't take as
long as this. But, you know, think about how people did banking when we were kids, you know, a long long time ago, they went to the bank, they stood in line, they went to the teller and now banks have discouraged that so much. Right. You might even have to pay a fee to go see her tell her, right? They want you to use the ATM or bank. Online.
The people that are parents, you know many of them are still around and they just had to adopt adapt but their parents are no longer around but you know so I think it hopefully doesn't take as long to transition for password says it has from physical Bank visits but I kind of see the analogy has to be indistinct indistinguishable from Magic. Really for them to be able to do it like you walk up and you do that first time of Apple pay your a little leery.
Oh yeah. And then all the sudden you're like holy crap, this is I'm doing this. Every time I think that'll happen with every generation eventually, I might be able to leave my wallet at home and that would be a great thing just carry my phone. I have to pay for everything and I get pulled over all my documents are on my, my wallet on my phone. Yeah, that'd be fantastic. Who wouldn't want that? Well, where am I going to keep my Mary's Mountain?
Cookie punch card. So I get my six punch card. Tell them to go verifiable credentials for crying out loud. You exactly, right. For probably one more app on your phone. Yeah. There you go. Mike, even John about a bunch of notes. Do we hit everything that you wanted to cover today? Well, there's I mentioned Biometrics, right? It really is an enabler when done, right? And I want to point out something that not too many people know about yet.
In March of this year, the White House put out a paper, it's called the national strategy, to advance privacy-preserving data and sharing analytics be pdsa, another acronym. That we need and in this 45-page report they talk about what it's going to take for the government to use Biometrics in a safe way, and they mentioned two concepts privacy enhancing techniques are pets and privacy, preserving data, sharing and analytics.
So how do you collect Biometrics or use Biometrics in a way that lets you prove who somebody is without storing a bunch of photos in a database right where bad things could happen because when you go to the IRS to pay our taxes, do you trust that? That face isn't going to be used against you in? Court of law because you I don't know, look like somebody else who got, you know, committed a crime in New York City.
Nobody is this good looking? That's right, that's right, and indistinguishable from from the real Jeff. So these are there's a couple Technologies now. Like there's concept of something called homomorphic encryption. Neural networks in these types of things, the word homomorphic encryption is mentioned as paper over 20 times. We are rolling out a technology that lets you look into a camera and within one second.
At the edge can tell you if it's Jeff yes or no and send back, basically the equivalent of a public key to a server and I could do all this cryptographic stuff without any server-side image is being captured. So imagine, you know, it's kind of Minority Report. But if you knew the bit that the good guys couldn't use your face. All there was was a bunch of jumbled numbers in a that they couldn't do anything with. That would be a game-changing.
I'm way to think about it and the reason that's important we're talking about wallets and we're talking about past keys and private keys. Coveri we didn't talk about account recovery. What happens when you lose your wallet, my house burned down my Android, my USB you because all these things are gone. How do you start from scratch?
If your private keys are gone. Well, there's, there's technologies that will allow us to potentially recover that using multi-party Computing and using your Biometrics to be able to recover your identity. And it's going to be a cat and mouse game with things like defects and AI. We didn't talk about AI either. There's a place for that and in the in the world. Maybe that's a whole separate episode, right? So I'm really bullish on
Biometrics and age. Verification to is really hard and dealing with minors identity. We didn't talk about that. How do you prove that somebody's 15 and not 13 to get in online and use Facebook? There's new legislation that came out there. Trying to pass a law that says you can't use Facebook if you're under 18. All right. Yeah. Like, that's pretty, it's pretty serious. It's another 18 actually using Facebook, though. Yeah, right. Exactly too late. Maybe for the old people now.
So, yeah. These things of the Privacy preserving, the Biometrics age verification were, and also we didn't talk about diversity equity and inclusion who's ever touched on a bit with, like, you know, the ability for everybody to be able to use these Technologies. So these are things were working on that Cantera has has a whole D EI working group. Like, how do we do nist, 160, 3-3 with somebody who has no records? Well, that's hard. But we have to figure it out on
the internet. Everybody knows you're a dog. That's right. I actually think just as you were talking about those White House paper and talking about these different privacy initiatives. I think that could be one of the biggest stumbling blocks to, you know, self Sovereign identity and a lot of these things overall. What I don't look. I'm not like a extreme privacy Hawk, but I also see what's happened with like this cookie thing, right? You had every website, throws up a bars.
Like do you want to block cookies or accept cookies? You click block cookies, forget about it. Nothing on that website is going to work. So if it just becomes like, hey do you give us the right to take all your data from your digital Identity or you want blocked and you can't use our service, you can't pay for your utility bill online or check your usage or whatever.
So to me, privacy has the greatest potential to become stumbling block because what happens is when the needle goes too far in terms of you know not Respecting privacy. Then the regulations tried to come back and they end up overcompensating. Sometimes they become ineffective, like this thing with the with the cookies. Yeah, whoo. It's receive that in the
Enterprise as well. You know, you have this amazing password list tool, you got a phone, it's secure and you used your MDM to deploy it. And then some employees are allowed to say, I don't want to use my phone, make me have a corporate phone or they don't you don't have to make them do that. And I don't know, I'm kind of old school. Like, the way you raise kids today versus yesterday or whatever, but don't work here, but you can't do that, right? It's not the culture you want to
create. So, yeah, there's, there's people that won't turn Face. I'd be on their phone and then Fido doesn't work. They'll face idea, I don't think you can use phyto. Passkeys with a 6-digit pin. Can you? I think that's one of the devil's one details claimants. Yeah, so people won't why won't people use face ID? Because they're afraid. Cops going to pull them over or they go to the other country and they're going to wave the phone in front of their face and
unlock their data. And I mean it's pretty tinfoil hat, kind of stuff. If but to each their own. So yeah. It's these Technologies. People can say no to them and sometimes you have to let them operate anyway. Wasn't that just progress though? I mean people were against cars, right? And the phone lights? Yeah. I mean, everything. Yeah. It's the great cycle. I think of human and inventions. That's right. There's always changes heart, right?
You're changing up something. We see it all the time. That guy kind of deep. So why do we end on a while? No, we're in Vegas we're at a diverse and I feel like if you've been here maybe more than a handful of times a couple times three times, maybe you have like a secret spot that you just kind of like go to maybe not a lot of people know about it or it's just, you know, a safe place that you can go to and cry over your losses right? Or celebrate your winnings.
I'm curious. If you guys have any sort of kind of secret Vegas pot knowing that it might not be a secret for too much longer after it gets out, has a faux. What do you when you come to Vegas? Do you have like a spot that you like to go Chang out? Chill food drink show comes from Vegas.
The the spot I really want to chill is in my hotel room because there's underwriting but if you want to spot this is not a secret but Heart Attack Grill just for the experience which Grill Heart Attack Grill. I don't know that one. Oh, Okay. All right. Try the secret. Yeah, so tell me about it. You can eat whatever you like the portion sizes are huge so just from an experience standpoint, go there that and or anything on the menu usually works, right?
If you had a few drinks as well, good. Hopefully hangover putting the heart attack Into the Heart Attack Grill. All right, I'll check that one out. Mike you got a secret spot for us. Well there's a there's one that's been on my list for ever but But you go to these shows and you're running 18 hours a day and don't get to go out. So we end up going to the steakhouse in the lobby, right? But and I love a good steak, but there's one that I hope to try
tonight or tomorrow night. It's called other Mama, Asian fusion. And I was just looking this up before the show, it's out on Sahara Avenue. It's in a strip mall along with two other Chinese restaurants and it's Asian fusion and it's so hard to find that they give a description of look for a little set of chopsticks on a sign that can across right. And that's how you find it at you. You will try to find in, can't find it and it supposedly has an amazing menu.
And something they said here that I'm curious about is Mongolian beef cheek bow, right? So, just one of those things if you're sorry, if you're vegetarian. But bujji, yeah, exactly. So yeah, I'm hoping to get to there. And I'll toot about it. If I if I happen to get there it sounds like it's almost like a speakeasy. I have to look for the symbol or whatever. Exactly Jim. What's your Secret spot. I've gotta go with one with secret in the name. It's called secret Pizza.
A new, you're going to pick that one. Yeah that's a pizza place over at the cosmo and even if you know where it is where it's supposed to be, you have a hard time finding it right? Because it's like, it's not marked. There's a long hallway. That is more like an Alleyway that you used to get back there. Once you're inside, it feels like a real New York City Pizzeria. And the pizza is exactly that
style. So as somebody who lived in the New York Metro and got actually New Jersey and got great new york-style pizza all the time. But move down south, and it's really hard to come by. Now, that's one spot that I always said, you can get the full 16-inch pizza. Bring it back to your room. Get a two liter of, you know, your favorite sugary soda and just feel like the good old days. Feel like you're a teenager wolfing down a pizza again. Nice And what's yours Jeff?
Yeah. What are you Jeff? You know, I got a few. I think it's my new toy. It's probably my new favorite spot and I talked about in our last episode was that place in the a turn Hotel on the North End of the strip, there's no Casino. So it was totally dead inside when it was in there Monday night. My brother introduced it, to me, it's called atomo, Gourmet Kitchen, and Pizzeria. I talked about the chicken, which was fantastic, best chicken I've ever had, but porkchop was amazing.
There was a Rib eye. That was fantastic. We had a month. Margherita pizza was fantastic. And it's just, it's kind of a newish place, I guess. But not many people know about it. So so you've been there once and there once you've had a steak a chicken, well we can piece right?
So I got chicken. My brother got a pork chop, we had a rib eye and then as an appetizer we had a margarita pizza, a small one because we kind of got there that weird time where it's like in between I mean, lunch and dinner so they have like an all-day menu and then they had a dinner menu, and so we had half an hour to kill basically, before dinner starts. I was just get a pizza and I had just flown in from Atlanta.
That was starting that point. So, but for me, I was already three hours ahead into the future. So, we sat there and connected, and having, you know, had a good old time, but it's just a little place and because there's no Casino, there's no foot traffic. You just kinda have to know about it, and it was fantastic. Definitely recommend it. Amazing. Yeah, that's good. That's that's what That's what Vegas is good for using this kind of little spots. All right, let's go ahead and
wrap it up for this one. Mike has a flow. Thanks for joining us. I'll have links to your guys's LinkedIn profile on our show notes, as well as one Cosmos, one Cosmos.com. That's one k0 smos.com. You can find us on the web as I get all choked up here. Just talking about password list. Idac podcast.com we're on Twitter at idea, see podcasts. Run Mastodon at idac podcast at infosec dot exchange and of course you can always connect with Jim.
And I here at LinkedIn, it's been great connect with a lot of listeners, have kind of come up and said, hello, and so thank you for bringing back the guitar. Riff people like the guitar riff. So we'll roll with it until the next one. So yeah. So don't forget to like, subscribe, do all that stuff to help us out, get the word out that people can listen to the sultry dulcet, tones of I sweet identity, talk here Iran, add any of the center. So we're going to leave it there for this week.
Thanks everyone for listening and we'll talk to you in the next one. You've been listening to Identity at the center. We hope you've enjoyed the show, make sure to like rate and review and we'll be back soon, but in the meantime, hit the website at identity at the center.com and find us on Twitter at ivac podcast. See you next time on identity. At the center.