This is identity at the center. If it has anything to do with IAM, this is the go to podcast now your hosts Jim McDonald and Jeff Stedman. Welcome to the Identity at the Center podcast. I'm Jeff and that's Jim. Hey, Jim. Hey, Jeff, how are you? Not so bad yourself. I'm doing great man, but I'm wanting just like I'm sure the rest of the identity at the center community is wondering, can we get an update on the
Apple Vision Pro? Because for the rest of us regular folk we can't afford such things. But you, my friend, have one. I do. It arrived yesterday, so I've had it for roughly 24 hours, of which most of it has been either working or sleeping. But I have had a couple of hours now to play around with it and my wife too, which is a very important part of this. There is a lot to cover here. I don't know if we have time for it, but I will say this, it is very expensive and it is very
impressive. The hard part about it is it's very difficult to demo and share with someone else. It is a very personal device, so anytime like my wife and I were trading off last night, kind of showing different things and how it worked, you have to do an eye calibration for the eye tracking. You have to turn off pass passwords and pins, right, and all that stuff so you can easily swap heads right there in the mask. So it is very difficult to share with other people.
But my gosh man, this thing is the best ARVVR experience I've ever tried. And it's not even close to anything else that I've seen. For me, the killer feature has been actually the MacBook pairing and using it as like a a larger screen. So I was actually playing around with it and like trying to edit the podcast on the Apple Pro in like a giant mirrored, not mirrored, but it's like basically like a virtual display. And it was, it's it's pretty useful, Definitely first Gen.
it's heavy, it's expensive. Do I recommend it? For most people, no. But it is extremely cool and I am really excited about where this is going. And this is coming from a guy you've had several VR headsets. So I mean, like you're not just like some newbie who's impressed by whatever fell off the shelf. No. And it actually came in earlier than I thought it would. So, you know, a couple weeks earlier than I thought it would be. And it's pretty cool.
I mean, there's some pretty neat features, some cool apps. It's just kind of the very beginning of it. It's crazy expensive. It's really hard to recommend, but for most people. But if you get the chance, go to a store, try it out. If you know someone, try it out. I I I think you would be blown away with how good it already is. And if this is the worst that it's going to be, I can only imagine the future. I mean, it's going to get so much better after, you know, 234
iterations. The phone was like this, the iPad was like this, the watch was like that. I mean, it's it's crazy good. I am still torn at this moment whether or not I'm going to keep it. I'm definitely going to take advantage of the 14 days for the return. But it's it's pretty cool, man. I'm digging it. So you're so happy and there's only two days after you're crying in your your Coke 0, right? I mean, you seem pretty
recovered over that. Not only did your team that you've always loved lose the Super Bowl, but you went public on the Identity Center podcast and predicted a win and told Todd and me and Steve that we were all wrong thinking the Chiefs would come back. And I did say the Chiefs would come back because of Patrick Mahomes and yeah. That's not going on a limb. It's always going to be Patrick Mahomes. It wasn't really going on a
limb, that's true. Well, This is why you don't tune into identity at the Center for football picks. I am over 2 on the season. I picked the Bears opening, opening week. I drank the Bears kool-aid. I immediately threw up the Bears kool-aid after that first game, he said. Nope, they still suck. Forget it. The Niners I am disappointed in. I feel like they had so many chances to win that game and they literally fumble it away twice, three times.
You cannot give Patrick Mahomes and that offense that many tries. You get it. And they held them the four field goals which is crazy. They've lost one of their best offenders by tearing his Achilles, just jumping, getting ready to go on to the field, non contact injury. It was just it was disappointing. I had some questionable coaching. I think a couple of overthrown passes that could have been touchdowns. It's just I feel like. I feel like the 49ers lost it.
Not to take away from the from the Chiefs because they definitely, you know, deserve the win, but I feel like it was not the greatest outing for the Niners. Yeah, well, the my biggest take away was first, the hilarious commercials. I'd love to know what your favorite commercial was. Mine was. I don't think a lot of people pick this one out, but it was like Chris Pratt doing a Pringles can commercial, right.
And young girl who's working on the counters, like, you know, you look like the guy on the Pringles can, right? And then everybody starts saying it to him. And what I thought was the most hilarious part of the commercial was he does Face ID on his iPhone, but it's pointed at the Pringles can that lets a man. So I don't know, I I for for me, I was just cracking up over that. But I also thought to myself, man, Las Vegas is a really cool
city. It keeps getting cooler every year and now they've got that sphere with it looks like a marble rolling around. I mean mind blowing stuff. And you can see it from, you know, from the sky as you fly in. So I was just there a couple weeks ago and I'm flying in at night and there's this giant yellow :) spinning as we're, you know, landing it at the airport there. And it's, it's very cool.
I think what I'm most impressed by is how high quality the images It's very high, you know, dynamic resolution, right? Things like that. But also the frame rate is crazy. It looks super smooth, super fluid, not janky at all. It's it's really cool. I'm looking forward to someday maybe getting closer to it and maybe even getting inside to see a show and what that looks like. Well, you know, I mean, we're going to be back there in Las Vegas for Identiverse. We should have the discount code
on the next episode. I'm really going out on a limb with that because I know we don't have it in hand in the. Next few episodes. How about that? There you go. We'll have the discount code. So anybody who's planning on registering, come on back to your favorite podcast. You should have. We should have that code here very shortly. Should be the best code available publicly. So we got that conference coming up other other conferences on
the agenda. Identity week which is in Europe, America and Asia. So we have a discount code for that as well and it works for any of the locations. So the Europe one Identity Week Europe is in Amsterdam, June 11th through 12th. Identity Week America, which you and I will be at, is in Washington DC September 11th and 12th. And Identity Week Asia is in Singapore, October 22nd and 23rd.
I think if anybody wants to pick up our airfare first class, of course we'd be more than happy to be there as well. Again, IDAC 30 gets you 30% off registration. Yeah. And we'll have the link in our show notes to make it easy for people to find. But yeah, we'll be at the America One. And yeah, if you want to fly us out to Amsterdam or Singapore, I've never been to either. I have a bag and I will travel.
Maybe. Maybe we'll bring my Apple Vision Pro if I still have it. At that point, who knows? It would offer. It is. I I don't know. I I can't wear it in public, man. I just I'm not that guy yet. When I see a a bunch of other people doing it maybe, but not yet. Another cool thing was we saw a recent Apple podcast review and they were commenting about the episode that we did with Ryan Galuzzo from NIST and so I
thought that was very cool. So definitely appreciate the folks who take the time to review us on the podcast platforms. It definitely helps us and it you know continues motive us. The other thing is they like the the person like the hockey talk and totally agrees with me. So I'm totally bringing up this review because they agree with me on playoff hockey. So there you go, I'm.
Going to guess that it was Ken Myers from GSA who's been a a friend of the show and been on the podcast a few times. And the reason I'm going to guess that is that he put a post on LinkedIn that read very similar to this. So if I got that right, Ken send me a message. If I get it wrong, send me a message too. I'd be OK with that. There's lots of people who think I'm right, so you never know. It could be any number of people out there. So today's main topic, we're
going to talk about passkeys. We've got somebody from San Francisco who may have also been crying in his beverage of choice on Sunday. I'm not sure, but I'd like to find out. Why don't you introduce our our? Latest guest Yeah, so we've got Daniel Grube again, Product manager at TikTok. He was with us on stage at Authenticate last year as part of our kind of live keynotes extravaganza, we'll call it. Welcome back to the show, Daniel. Yeah.
Thanks for having me guys. So are you a Niners fan? I have to ask. You know, I was born in San Francisco, so I feel some sort of loyalty, but actually my dad's from Detroit, so he grew up in a Lions household, so he was not too happy with the 49ers knocking out his favorite team. It was supposed to be somewhat of a Cinderella stories for him, I think after many, many years of just disappointment. So yeah, our our household was sadly watching the Super Bowl.
It has been a while, you know. I would not have been upset if Detroit had beat the 49ers. I'm glad they didn't, don't get me wrong. But I feel like it's time. I think it's been like 40 some years and I feel like they're also a little bit ahead of schedule, which is good because I think the NFC North is up for grabs. But now we're talking NFL. What we want to do is talk about
identity and access management. We didn't really get a chance to really get into your background on stage, and we kind of had of a shortened show just based on timing and things like that. So why don't we start fresh in this episode? So tell us a little bit about your background. How did you get into the identity space? Is it something that you chose or did it choose you? Yeah, that's a an interesting question. I think it kind of chose me to be honest.
So interestingly enough I I have a technical background but it was mainly applied to social sciences, especially in grad school. I analyzed social networks to look at how they evolved over time and if we could predict the evolution of social and economic networks to better understand where we think those types of things are going to be going.
So a lot of that type of modeling that I did applied really well to social networks and things like that, not only in the real world but obviously online. I actually also started my career as a private investigator, which was pretty interesting. I think that this set me up very well for understanding identity in a way. I got that job just through a few random languages that I speak.
That can be very useful in private investigations, especially for the people who go into that field and the places that they previously worked at. And so for me, I think it was really interesting because a lot of that job was about taking a ton, a ton of information given to you by clients and then having to dissect it, pair it down and tell a story with it. And for me, it was all about figuring out who are these people, Who are these, you know, where are the, where are they,
What are they doing? Why did they do it? Understanding identity and then motivation from that and telling a story. And for me, I think that was very, very interesting. And I did that, you know, in a lot of languages, with a lot of people from a lot of countries.
It was super cool and really led me nicely into using kind of my technical background, my investigations background into employing this in a more product focused way where I can actually build things that are, you know, using identity for security and and understanding the intersection between the two. And so you work on, I guess I interested you as a product manager at TikTok, you got to help me understand what does that even mean? Like what would you say you do here? Yeah, of course.
I think being a product manager at TikTok is similar to being a product manager at most tech companies, right. What you're doing is identifying opportunities for the space that you work in. I primarily work in security, identity access management and so essentially figuring out where are opportunities using, you know, certain data or user research that you can get from interviews, things like that. And then building features that will help users based on the
needs that you've identified. And you know, writing those documents, working with engineers, designers, things like that to build these things, testing them, understanding if they work and then launching them on your app so they can be used by people worldwide. So everything you see on your TikTok app is built by some team. You know who's trying to understand that this is something our users would like to use the constant. You know, March of progress, right, and how to improve
things. I think most people are probably familiar with what TikTok is. If you, if you're not, I guess just get out from under the rock right and go online. What is a feature that you think is underutilized when it comes to TikTok something maybe that you like to use and maybe not like needs more commercial promotion, right? Or something like that. So for me, one of my favorite features at TikTok that I use a lot I would say is a collections
feature. So I I find myself, I love using TikTok and the 4U page and stuff. I feel like I always get entertaining content. I especially love it for recipes, to be honest. So for me, I I love cooking and I kind of, you know, use a lot of the recipes I see in my 4U page and try to copy them at home. But collections is something I use to put them all together, essentially, and after I bookmark them. So bookmarks can kind of get, you know, there's a lot of them, things like that.
This just helps me to kind of organize them and then share them with people as well, which is cool and I don't know how many people are using it, but I find it very useful for me and kind of how I use the app. Seems kind of like the the a new spin on like the bookmark, right? I think everybody's familiar with like, the bookmark in a browser. It's like, hey, how do we pull this collection? Clever name, by the way. Building on the library theme, yeah.
I would imagine that your role has a lot, a lot of interaction with sort of you know that growth and that user experience that that happens. There are those things competing interests, can they be complimentary like how do you see your role sort of a driving and and affecting those areas? Yeah, the team that I work on TikTok, from the product side, we do not only experiences on the app like signing up, logging in and security, but we we do all of them you know as a team.
And so for me Task Keys has been a great way of providing users with more security but a frictionless experience as well, meaning that it's just much easier to you know log in things like that which can kind of show you how you can utilize good user experiences that are also secure to make the process
faster for users and easier. So I I think that that's a great answer in the sense that we have found ways especially with new technology to make if these experiences, especially security experiences much easier and much better for users. Daniel, I'm wondering what was the hot topic in Identity at the time that you joined Tiktok. Yeah, again like what was interesting is when I when I joined it, I was approached by one of the engineering teams to basically talk to me about
passkeys. It was especially discoverable credential which we use at Tiktok with pass keys right where you just show it up, show the pass keys automatically to the user that are saved on their device. It was all very new at the time when I joined and they had already they, they were a team internally that had already focused pretty heavily on Fido technology and how this can be used especially for employees to secure their accounts, things
like that. And so they approached me saying this is also something that could be used in a consumer context. And so it was a very hot topic from an identity perspective as something that we had already invested in to increase security for employees and why not use that technology to increase security for our users also. So for me, that was kind of one of the first conversations I had when I joined about a cool opportunity that we had in our
identity and security space. Yeah, I I feel like Pesky's is kind of the best of the user experience and also, you know, improving security and there's so few things you can do in the identity space that do that. I, you know, so I think this is kind of a story that anybody who's dealing with an external user population can really take from it. I mean, you guys have also experienced a lot of growth in the past few years. That's a challenge as well as an
opportunity. What are some of the challenges and opportunities that you've experienced? Yeah, I think that having new users is definitely an opportunity for security because it gives you the ability to help users and guide them to the, you know, most secure option possible for them to use, right? So for us, this is an opportunity to, you know, allow users to create a pass key earlier in the user experience when they're creating an
account. I know that for a lot of companies or a lot of, you know people, adoption or creating a passkey might be a bit of a tricky or user experience or a challenge, right? Whenever you have new technology or something you have to add to your account, it can be difficult to figure out how to ask users to do it. And so when you have more users who are joining or signing up, you have an opportunity earlier in the user journey to give them
better security. So I view this as an opportunity for us to help users secure their account at an earlier stage in their journey on TikTok. Yeah, I think that makes a lot of sense. I mean when you're when you guys got on past, he's just really new, right. And so there's kind of like you almost had to kind of break the barrier of like people don't even know what you're talking about. Now it's becoming more at least within our within our industry like kind of the common parlance but.
Let's say outside of our industry, people generally still are just coming up that learning curve. So, you know, I think being that early adopter kind of hints to me this innovative culture, you know, and I think the opportunity to improve the UX in the innovative culture probably gives you the opportunity to take some, take some more challenges or make make some more risks. Does that make sense? Yeah, it does. I think it has afforded us the opportunity to understand where
we can improve, right. We have embraced passkeys at Tiktok. So we know that this is a cure way and a frictionless way for users to log in. And so we I also understand where there I think is opportunity to grow or challenges that we noticed with some of the technology initially as it's provided by Apple, Google, Microsoft or you know people who are providing the technology to relying parties. For us a lot of it is you know, making it more flexible for user experience, right.
Not only is this a product that you can use to sign in, but also to authenticate your identity in various scenarios across a platform or across the user journey as well as signing up for a new account. So we're looking at other ways that we can, you know, utilize the technology that's provided to us in different scenarios. And I think the biggest opportunity there is a more flexible way of, you know, messaging to users, the difference in the different
scenarios. Right now we have the sign in with passkey prompt, but maybe in the future we'll have other versions of that that will allow us to more easily communicate with users without extra steps that they could also, you know, authenticate with a passkey or they could sign up with a passkey, things like that. So I think that for us noticing that using, you know, the technology we're given helps users to more quickly understand it, especially if it's from the
native OS that they have. But also we'd love you know to see more flexibility of what users are seeing to address more scenarios so. Here's a challenge for the Tik tokers out there. How do you make passkeys go viral in a way that it becomes trending of like, you know, sign up with passkey, right? I mean, is that like, am I? Am I too much of an I am nerd to think about in that perspective, Like, you know, what's the communication marketing plan?
You know, what is? How do we roll this out from a communication standpoint? TikTok video man. Why not? I know. Yeah. I I would love to do a TikTok video about passkeys. That sounds awesome for me. Yeah, I I wanted to go viral also on our platform. That would be so cool. I have no idea how to get there. That would be really fun. I feel like that's something that we maybe you guys could make the video.
Oh, there we go. We can carve up part of this and make, I don't know, funny faces, put weird filters on us and then talk, you know, some sort of pass key prop type thing. I don't know. Yeah, there's something there. I feel it. I feel like this is something that everybody wants and frankly probably should be using in the age of sort of getting away from the password which we everyone knows and hates. But is 100% adoption really the goal? Is it?
Is that even realistic to think about from AI guess from like a authentication standpoint? Yeah. And I guess when we talk about this, it's probably just around everyone, right? Like can all all people who are using passkeys across all different platforms using the technology that's provided to the relying parties, can relying parties expect their apps to have all users with this? I I'm not sure, I guess from a practical perspective, right.
There are requirements for a passkeys, so you have to have screen lock enabled, you have to have Bluetooth turned on, you know, you have to have your biometrics enabled or I guess you can use like a passcode, things like that. But not everyone has a passcode or a you know, a pattern or something on their device depending on you like Android or
iOS. So I think that there are just certain conditions that are required by Apple, Google, Microsoft to create a passkey that will probably just naturally you know make some users ineligible as well as like the OS version, right? It's only available for iOS 16 plus Android 9 plus. So right now I I don't think so. Simply based on the conditions that are given to relying parties, you know that it's probably not realistic to have
100% based on that. But over time as more people meet these conditions than than it is a possibility for sure. But I think it's just a matter of time more so than anything else. I feel the same way because I think there's still, you know, accessibility concerns. We want to make sure that it's available right for everybody and you certainly bring up a lot of a lot of the things that I think a lot of people think about is OK, sounds cool, that's
great. But there's you know, there are certain use cases or scenarios where it's just it's just not going to work. So what is the fall back mechanism? So I'm with you on that one. I I guess from a feedback perspective and maybe this is a weird question to ask, but has anybody like have users commented like hey this is great that you have it on here? Is it just I dent to Roddy that are like hey you've got passkeys
right? Or are normal people in quotation marks also getting feedback on it? Yeah, I think this is interesting. I definitely, I'm not going to lie, definitely Google like Tiktok and Passkeys. I want to see what people are saying, all kinds of stuff. Based on just what I've seen, it seems like we've gotten positive reception, which is great. I don't think I I've seen any specific feedback like you're
saying around that. But I think generally when we looked at the response after announcing that we were going to be doing passkeys in July of 2023, there was positive response. I think people have seen us as embracing the technology and have welcomed that. And we've seen other relying parties adopt the technology also after that and even before. Obviously, we weren't the only ones at the time. So I think that generally, yeah, we're seeing a positive response for this.
We know users are using it. So I think that that indicates to us that people like it. Yeah. One of the things we like to do on the podcast, Daniel, is make sure that we don't lose people, right. And we're talking about pass keys and we're halfway through the episode. But I think it's important to maybe level set on what pass keys are obviously. I think well, may I ask a question?
Pass keys, replace passwords? Yeah I think that's the intention right, to create a password less experience for users. So it's to me this is my own you know thought but that that was the naming convention right. Instead of a password it's a passkey I think the the naming even sounds like it's it was intended to replace a password. So yeah, I I it feels it feels intentional from the way that
it's been branded as a product. What did the What does a normal end user have to do to start using passkeys? Is there any kind of like special signs that they have to do? You mean just in general? I mean, not really. I mean, we talked about like their eligibility conditions, but for the most part you just have to create it. Right now it looks like most apps are using passkeys just to log in for users. So you would just create the passkeys so that you can log
back into your account. I haven't seen anyone, you know, removing passwords or anything like that. So I guess if we're talking about creating a passwordless experience, that's still something in the future for pass keys and relying parties, especially as passwords seem to be, you know, they've been around a long time. You know, it's always hard to get rid of something that's like
hold reliable. So I think that, yeah, I think that's probably what what I've seen is just the the login scenario being tackled primarily by all the the lion parties adopting passkeys right now. So it seems like that's kind of where we are at this stage. Now, if I'm a practitioner, I'm thinking, OK, maybe passkeys would be the right thing to
provide to my users, right? Maybe we're looking at multi factor authentication, which seems like a baby step in the right direction when pesky's are out there as an option, but I'm not sure about how much money I'd need to spend. You know, from your standpoint, did you need to invest money into hardware or additional software in order to make this work? Yeah.
That's a great question. So as we talked about before, I think there was actually a A-Team that's dedicated to exploring, developing, understanding phytotechnology that we have at Tiktok. And so they had actually already created an SDK to be used in the enterprise scenario, you know, to create passkeys, things like that. What was great for us is that we could use some of the technology that we had already developed at Tiktok to be able to then make
it available for consumers also. So there's no new, no new hardware, you know, obviously software. But yeah, it it made it great, 'cause, you know, it's something we as a company had already invested in to increase security. And so we were able to use that to also make our consumers more secure as well, the people that use Tiktok who want to have more security on their account. Yeah. If I'm thinking about rolling this out, I mean is it do I have to do all Big Bang for all of my
users at once or can I pilot it? I've been trying to get an idea of like how big is the roll out? Is the effort A lot of, you know, mostly focus on just putting the technical pieces in place or is there kind of a change management of like letting people know it's coming, be here tomorrow, it's here, here's what you need to do? Yeah, that that's a really good question, right. I think with any new technology, adoption is going to be a challenge, right?
Like we talked about, it's new. So education, right? Do people know what a passkey is? So if they see this, are they going to do it? If they don't know what it is, they might be confused, which can change your decision. If you want to invest a lot in it or not a lot, it can also change your decision. Do I need to educate users on what this technology is before they create it so that they understand things like that?
There's there definitely enters a lot of these questions when you're trying to roll out past keys on your platform, especially because it is a new technology. I think that what's great what we found especially working with things like the Credential Manager API that Google provides, it actually is it's a it's very efficient, you know, as a platform to provide this technology to our users.
So I think if you're questioning about whether or not you want to adopt it, I think recognizing that there are tools that you can use provided by, you know, Apple, Google, things like that, that make it an efficient technology to integrate onto your platform that that's great maintenance is going to be you know, easier potentially than other things. And so I think that's one big benefit.
But yeah, again, I think adoption is probably the biggest challenge with any new technology, especially with something like passkeys. If people are on an app to, you know, talk to their friends or watch content or something like that, you know, are they really interested in interrupting that experience to create a passkey? I don't know. And I I hope they are, I I hope that they want to.
But of course, I think it is important to start small if you can, and make it available to your users. I think that we should always make security available when it's when possible. So there's ways that you can start out small, offer it in settings right to start with and see if people naturally are going to try to go do it. Try to ask them to do it in user experiences where it makes sense, right? Like account recovery, logging in, things like that so that next time they can use it,
things like that. So there's probably ways to do it slowly and just test out where it works best for your user base depending on the app that you have and and what the app is meant to do. Yeah. One of the things, so Jeff mentioned, we met at the Authenticate conference and I was thinking one of the things that I think has made this so possible and so successful is what the Fido Alliance has done with passkeys overall.
And I'll tell you, we were at the universe and like the amount of universal appreciation, acceptance for Fido 2 and passkeys, it's like it's really like nothing I've ever seen. There's always seems to be maybe not polarization, but there seems to be, you know, some percentage of people who think, OK, that's not good, but it it doesn't feel that way with 502.
I mean the investment that they're making to build a community around the investment they're making to build standards like user interface standard contributes a lot to it's kind of become ubiquitous, right. It's kind of like nobody has to explain to you how you do one time passwords with an SMS text, right. It's like we've gotten so many of them it's ubiquitous pesky's has to get like that till to get to the kind of the adoption
level where it belongs. But maybe you could talk about your interfacing with the Fido Alliance in terms of how they've supported the community at large and you? Yeah, the Fight Alliance has been, you know, one of the biggest, biggest, I think supporters for us in getting this out there and also connecting us with teams at Google and Apple to ensure that our adoption and integration of passkeys is the best experience possible for our users.
So we definitely owe a lot to them in the sense that they have helped us to, you know, roll this out to our users as fast as possible by, you know, connecting us to the right teams, the right people where we can ask questions, solve problems quickly, things like that. So definitely has been huge for us in in making this happen at TikTok. And also excitingly enough if you look at the website, TikTok is now on the Board of Directors for the Fido Alliance, which is awesome.
So we're we're getting to be a bigger part of the conversation which is really exciting talking about you know the user experience, things like that and just being you know a bigger part of the alliance itself and contributing to the future of 502 in this technology. And they have great documentation too on the website with the they do user guides and sort of not deployment guides but you know implementation and
and kind of things like that. I know that our friend Andrew Shikiar who's over there, you know spent a lot of time getting it up and running and it I think it definitely shows. I think it's, you know, top of class, 1st class, whatever you want to call it, right. But from a documentation standpoint that put it right up there with what I've seen from
other organizations. So definitely, I would imagine probably pretty helpful to have something like that to fall back on and say, OK, well, how does this work? But then also like the big brains that you're also interfacing with say, oh, you know, how do we challenge, you know, how do we satisfy this use case or whatever this challenge may be? Can I talk a little bit about
the security side of things? Because they feel like this is an area that, you know, we want to make sure that people are secure, they're using things. Passkey's a big step towards that for sure. I'm totally on record as being a big fan of AI. You know, I I'm a fan of it. I am not afraid to admit that I subscribe to a couple of very specific AI services. Right, Exploring and testing with it. One of the things that I've kind of tested with is this idea of impersonation.
And at some point I feel like I'm going to be at the stage where I can actually do an entire Identity Center podcast with all the voice samples that Jim and I have put together over the years, and I wonder if anyone would notice. I have to imagine, you know, there's lots of companies that are, you know, encountering this. There was one in the news, I think it was last week aboard. You know, somebody got tricked for $25 million using deepfakes
and video on a team's call. I mean, it's crazy how easy it has become and I think it will continue to get easy. That seems like it's a pretty big threat. I guess what are some of the challenges or concerns that you see and how do you kind of stay ahead of that sort of thing? Yeah, and and based on what you said in your example, it sounds almost like people were impersonating other people to
fish the person. Essentially, yeah, it was I'll, I'll, I'll butcher it. Someone will definitely correct me I'm sure. But the the idea was people are on a teams call and they were using deep fake video to pretend to be different members of the board and having conversations and essentially tricked this more junior member into wiring a whole lot of money to an account. And you know, next thing you know 20, some $1,000,000 I think it was or I think it was 25,000,000 something like that
was gone. And it was predicated on this idea of, I even know what we would call it, It's it's fishing, but it was a very elaborate, you know, fishing exercise to do it with deep fake video, deep fake audio, multiple cameras and sessions running, right, to be all that. I mean, it sounds pretty sophisticated to me, but it's just going to get easier. And it it, it's something that I've been thinking about for a long time is how do we protect
against that sort of thing? Do you have any ideas, thoughts? Does it keep you up at night like it does for me? Like what are your What are your feelings there? Yeah, I mean, I think anyone is is probably afraid of the ways that technology, especially new technology can be used for, you know, malicious purposes like you said, using things like AI to trick someone into doing something. It sounds very scary, right for me.
I think when we talk about passkeys, and this is something that you can see the vital lights talks about a lot, it's just so you said you had someone from Nest as well on the podcast. I think the reason why people endorse passkeys so much is because it is phishing resistant, right. It's been cited in, you know, the White House memorandums. Nest, like a lot of organizations at the governmental level have endorsed
it for this precise reason. And so I think that passkeys is a great way to provide more security to users in these scenarios where there might be some malicious use of new technology to try to get people to do things that they probably shouldn't do. And so I I think that there are new, like you said, not only maybe are there new technologies that can be used for bad purposes, but new technologies that can be used for good purposes.
And so what's great is I think that we are focusing on giving people the defenses that they need to protect against this. Yeah, and I looked it up. It was 25,000,000 deep fake with the Chief Financial Officer and I feel like if there was a phishing resistant mechanism where I say that's fine right? Let the person do the initiate the transaction. But if the CFO had had to use a a phishing resistant mechanism to have the transaction go forward, it would have gotten
stopped at that point. Or at least the chances of it progressing would have been lower it seems like. Yeah, it definitely seems like it would have been more complicated. I I know that I'd authenticate. There was a presentation that demonstrated this kind of scenario, right? And I remember the woman who presented it was showing how you could take someone's voice and, you know, get the code from someone.
Things like that. Showing how even if we think sending text messages or OTP codes to your e-mail, you know is is a good way of, you know, authenticating identity, that there are other things that someone might do if they have enough motivation to get that information from someone.
And and she showed in her video how she did that, which was, I thought really interesting and kind of what you're talking about here, I think and and how Huskies or other fishing resistance technology can help to prevent that. I mean how it would have stopped her in that, you know, fictitious scenario. So we've had a pretty exciting
conversation. I'm glad we're able to reconnect after our Authenticate show and kind of bring you back and have a little more, you know, deeper conversation into it. I want to end the show on a lighter note as we normally do and we're all travelers. So I came up with the ultimate question that is going to cause controversy upon controversy window seat or aisle seat, which do you take on a plane? Yeah, definitely controversial for me because I have, I think
the minority opinion here. I'm an aisle seat person, which I think people are really against, but this is only me. OK, yeah, defend yourself here. OK, let me defend. OK, so maybe on like a long haul flight I'll choose like a window seat, right? Because I want to sleep, but I'm so bad at sleeping on flights. Like, unimaginably bad. I went to Tokyo in December, and I'm not going to lie to you, I played my Switch the entire time on that flight. Embarrassing. That's like 10 hours, Zelda.
Yeah, exactly. I blast like tears of the Kingdom. Yeah, I love Zelda more than anything. It's just so fun to just run around like I'm just, I'm just looking at things. I'm not even playing the game. I'm just, I'm on a safari. So. But I I don't know. I like the Isle because I like to have control of this situation and I like to be able to choose when I get up and like go to the bathroom, things like that, blah blah, blah. I'm the gatekeeper of the bathroom for my row.
I'm I'm the leader of the row, you know, So I I want to. Get past you. Yeah, exactly. Yeah. You have to pay the toll to get through, you know. Show me your TikTok account. Do you have passkeys enabled? OK, you can pass. This is our adoption strategy. No, I'm just kidding. But yeah, I don't know. I I feel like that's a controversial opinion, but that's. Definitely, Jim, what's your controversial stance on this?
I think I know. What yours is, but I'm unapologetically aisle seat and I kind of have wide shoulders. I'm not saying that in a bragging way, but I kind of have to lean out of the aisle. If I'm in a window seat, I'm very cramped. What I think is controversial, if you were to say middle seat and I've actually met someone who said I like the middle seat, why? Because if yours here is her mentality and she was a smaller
frame person, so that helps. But she said if she's got the window seat, she gets too claustrophobic. She feels like she's trapped because there's two people keeping her penned in. But on the aisle seat, you know I've run into this. I've been kind of a road warrior for a long time is if you're hanging out into the aisle, it it seems like the flight attendants like ramming the the beverage cart into your shoulder and it's like I'm not hanging
out because I'm a bad person. I'm hanging out to give the person next to me some extra room. You're supposed. To say you're hanging out because you're so swollen jacked you don't fit into your one seat. Yeah, yeah, What was the the Super Bowl commercial with Arnold Schwarzenegger, neighbor? Neighbor. Hey neighbor, don't run that luggage cart into me. Yeah, that wasn't funny. Anyway, I'm. Going to isolate that and use that for something. Yeah, go make it a song.
Make it a viral. There we go. We just went viral. That's our pasty video. We've just made it. My only exception I'm I'm taking way too long to answer this question, but my only exception would be that if I have like a super early morning flight, I do like the window seat because then I'll put my head against the side of the plane and kind of sleep. What about you, Jeff? I used to be aisle and now I'm window, but I don't care so much.
So what's the most important for me is to have under seat storage because I always like to have my bag near me. I generally do not check any baggage so I'm usually on carry on only. Like everybody I've talked about it, right? I like one bag travel as much as I can, have stuff underneath me and have to worry about overhead space and just kind of go. But I am a Danny.
I'm pretty similar to you. I am terrible sleeper on fly, on fly Flyers can't talk today on planes and I'm getting better at it but I still have challenge trying to like do a long haul sleep flight even if it's like a lie flat sleeper. It's just it's not happening for me.
So I'm the same way. I will either be playing a game, watching movies, doing whatever it may be right to kill the time, but I am window now, purely for the facts, for the most part, is when you're boarding the plane, everyone is banging it to you in the aisle, in the aisle, in the aisle, there. Every time someone, someone comes and goes, they're getting you. I'm actually the opposite of you, Daniel, though. So for most flights I'll be window.
But for a long haul, I actually prefer the aisle because I want to have more direct access to getting up to go to the bathroom, stretch legs, you know, whatever it might be. I'm kind of a little flip flop there and I'm sure you know there are strong opinions either way, but that's kind of my take on it is what's most important for me is under seat storage. Generally speaking, the aisles or the. I'm sorry, the window seat has pretty consistent under seat
space. Sometimes you get those really lame aisle seats that have like the power box or whatever like sticking halfway in and you can't get your bag even under there. I hate that. So it's generally safer for me to pick a window seat. That's a hill I'll die on and I'll fight anyone who who wants to come at me at that. All right. I think that's probably a good way where we can leave it for this week. Daniel, thank you so much for taking the time again to be with us.
Hopefully we'll see you at a conference in in the future. Maybe identiverse, maybe authenticate, maybe Identity week. America, we've got discount codes galore, so hopefully you take advantage of that. But yeah, appreciate you take your time. Yeah. Thank you. Yeah. We'll go ahead and wrap it there. For this week. We're on the web, idacpodcast.com. We're on Twitter or X or whatever it's called.
By the time you listen to this at IDAC Podcast, we're on Macedon at IDAC Podcast at infosec dot exchange. Connect with us on LinkedIn. I'll have a link to Daniel's LinkedIn profile if you want to ask him questions maybe about his past key experience or you know, in a polite and nice way. Disagree or agree on the aisle or window seat choice?
And I'll have links in our show notes as well for all the discount stuff that we mentioned for the conferences and obviously can connect with Jim and I. We love it when you hear from folks. It's great with people leave reviews. So whoever left that review, you know, talk about how great the show was and especially if you're agreeing with me on the hockey talk, you know, 100% Gold Star for that person and keep those reviews coming. So we'll leave it there.
Thanks everyone for listening and we'll talk with everyone in the next one. You've been listening to Identity at the Center. We hope you've enjoyed the show. Make sure to like, rate and review and we'll be back soon. But in the meantime, hit the website at identity@thecenter.com and find us on Twitter at IDAC Podcast. See you next time on Identity at the Center.