#302 - Authenticate 2024 Preview with Andrew Shikiar

There are a lot of new ones to authentication and I was just trying to think of the analogy. What's this saying? Like so Eskimo incentives, like 85 different terms for snow. They know they're coming from Seattle. Like I knew like 13 different types of rain. You know, a lot of people are not that deep into authentication. I think it's just authentication. Just get someone signed in. But no, there's a lot of new ones, right? Are you talking about workforce? Are you talking about consumer?

Are you talking about regulated? Are you talking about non regulated? Are you talking about business partners? You know, we're talking about global. Like there's so many nuances to it that are important to understand. All right, So everyone needs to know the top level. We provide that top level information about authentication, about where it fits in your identity stack.

But for those who want to dig into the nuances and get deeper and deeper down, you know we'll have content and experts on site to help them grab those as well. Well, there's no nuance. Obviously passwords suck, so. That's true. What's there we don't want there? Yes, exactly. Well, there's. Yeah, use pass keys, Yes. This is identity at the center if it has anything to do with IAM. This is the go to podcast now your hosts Jim McDonald and Jeff Steadman. Welcome to the Identity at the

Center podcast. I'm Jeff, and that's Jim. Hey, Jim. Hey, Jeff, how are you? Oh, not so bad yourself. I'm. So great, man. I mean, you know the we're in a new era, Jeff. That's what I wanted to say.

So we're in the three hundreds in terms of episodes. It's going to be a long time between now and episode 400, probably almost two years before we get there, and we're also in our fifth year, so this is exciting times for the Identity at the Center podcast. Yeah, exactly. I, I, I'd probably say we're like 9098 episodes away or

roundabouts there. So yeah, about a year, two years, I'd say somewhere between two years and maybe a year and a half, depending on how aggressive we get with conferences in the in in the meantime. Yeah, I, I think the, the most important thing everyone needs to know is that we drop episodes every Monday. We take a A2 to three-week break over the course of the holidays. But every Monday we have an episode.

It's available on any podcast platform just about that, you know, people have heard of. Now there might be some ones out there that I'm not aware of, but. On it, it doesn't matter that that platform is dead to you and us. Exactly, and we also are doing video podcasts now. So if you've been enjoying the

audio podcast, you can continue to join it. You can still go out once in a while if you want to see these mugs, even for just one episode, so that if you see us at a conference, you know who we are. You can come up, introduce yourself. You know, the engagement from our audience, our listening audience, which I think is pretty loyal too. I really love hearing from

people just saying them. They're getting a lot out of the podcast, whether they've been in the industry for a long time or they're brand new to the industry. And that's what we try to do with the podcast is, you know, bring up topics get pretty advanced, but not go so deep right in the beginning of the of the show that we lose people, right? So our we've been calling this like edutainment for a long time, right?

We want the podcast to be educational for everyone, whether you're new to the space or whether you've been in for a long time. And we also want it to be entertaining, right? We don't want it to be like the run-of-the-mill, like just, you know, we're just going to throw like technical terms at you for the next half hour 'cause that would be pretty boring. So we try to keep things light. We got personality right. Put some personality on this pig. Yeah, hey, Mr. Ed had

personality, right? Yeah, exactly. Yeah, it's a lot of fun. We do it because we enjoy doing it. But you know, the byproduct is hopefully people also enjoy what we do. If you are listening, do us a favor, hop over to the YouTube channel and give us a like and subscribe. We're definitely trying to grow that Channel. If you're if you're a super fan, just throw our videos on repeat

and play them overnight. That'll help us from a from a metric standpoint, you know, if you want to fall asleep, you know, or if you want to frighten people, maybe around Halloween, you know, throw our videos up on on a big screen somewhere and you know, have a point and laugh at whatever maybe.

But why don't we get to our guest today? We've got Andrew Shikiar. He's the Executive Director and CEO of the Fido Alliance. Welcome back to the show, Andrew. Jeff, Jim, thanks so much for having me and speak to be here as always. As always and and you say always because it basically is this is

your eighth time on the podcast. The the current IDAC world record holder, Jim has promised a used Sport coat, jacket, whatever you want to call it when when we hit 10 episodes with a hastily applied IDAC sticker right slapped on it just to show it's worth. And so I think I think Jim's probably planning on bringing something over to authenticate for that. He described it as Jeff.

Your your description made it sound like it was like some old T-shirt with armpit stains and they're like there's going to be a good jacket. They've only worn it probably a couple times. You brought her shoulders on me. But if you can narrow that down to like a 46 regular, I'll be. I'll wear it with prey, I assure you that. All right? That sounds good. Yeah. So Andrew, you've been with us a bunch of time. Definitely. We're early on supporter and here we are.

I think it was like in the 50s the last time, the first time you're on an hour in the three hundreds. So definitely appreciate you being willing to kind of jump on and you know, certainly partnering up with the Authenticate conference, which is really what today's episode is going to be all about. Authenticate 2024. It's coming up pretty soon. It it would be, it would behoove me to notice that you're wearing a Pass Keys shirt right now. People can see that. Where do I get one of those?

Because I feel like the more people wearing it, the more people understand what it is and ask questions. You know, it's fun. We opened up a, a Fido store with a bunch of passkey swag earlier this year. So you can go to shop.fidoalliance.org and there's a store there and you can buy all, all sorts of passkey stuff. We're, we're seeing a decent flow of commerce. So it's great to see the enthusiasm. Awesome to see people are actually doing this and probably at industry shows and things

like that. I'll tell you what, how about we do a discount code for IDAC listeners, Let's call IDAC 10. All right, So you go to shop@fightalliance.org and then at check out to IDAC 10 and with 10% off and then when you show up to authenticate, you'll be all decked out in your passkey gear. Yeah, there you go. That's cool. So we'll have a link in our show notes for people to check that out. Yeah, one caveat is like, I actually don't know how to do

discount codes. So I'm going to call it IDAC 10. So check the discount, check, check, check the show notes in case I screw that up. But we'll make sure that we have the the proper discount code in the show notes. But as of now it's IDAC 10. Yeah, So we'll have a link in our show notes. I'll try to remember to put it on the screen somewhere once we got it confirmed.

But we'll, we'll, we'll beg forgiveness from Megan or Adrian or whoever from the Fido team is going to help us out with that, right? Yeah, they've done amazing work with this, so yeah. Well, that's pretty cool. So, you know, if you're not familiar with Fido and I, I, I ask you this question every time, but I feel like it's an important one because we always have new listeners.

What is the Fido Alliance? Can you just kind of give us a summary of what the mission is? Yeah, absolutely. Fido Alliance is an industry body. We were launched around 12 years ago focused on reducing reliance on passwords. As all your listeners know, passwords cause all sorts of problems, arranging for usability to, you know, security to hacks and data breaches and things like that. So Fido Alliance is creating open standards to replace passwords.

Notably, it includes pass keys. Pass keys are a password alternative that are built into just about every device that allows a user to sign in to sites and applications basically with the same action they take to unlock their device. So typically a, you know, biometric, you know, face, you know, built into your handset or your PC. It can be a security key or anything like that.

So not only does that provide better usability for consumers, but most importantly, it allows the service providers to get rid of the passwords on the back end, which starts to, you know, a change the threat factor for attackers because attackers love passwords and if they love phishing, they like taking over credentials, stuffing credentials. All that goes away with passkeys once you have eliminated the

password on the back end. Plus, if you're, you know, in the e-commerce space, it allows for easier access to your site. So this year I was honored to do a keynote at Identiverse where I sat on stage with some companies that have deployed pass queues and the Amazon is one of them. Amazon talked about a 14% increase in sign in success rate, meaning that 14% of, you know, like 14% more users were able to sign into Amazon.com to

make purchases. So you think about what that translates into from A at bottom line standpoint, you start to see the benefit of Passkey's not just from a security standpoint, but really Passkey's, you know, turn the sign in into a revenue Center for for e-commerce vendors.

It's interesting, Andrew, I was working on a client PowerPoint presentation and I went back to a presentation I created about 10 years ago and it was, you know, I was looking for a slide, a slide template that I could work from. And it talked about, you know, kind of a down the road project or do later project implement MFA. I'd say we passed the milestone a couple years ago now where MFA became like, if you haven't already done that, you better

get that in place. Now we're shifting into this

password less world where, you know, we've been talking about password less for many years and now it's it's a reality and pesky's a big part of that. You know, I really love this authenticate conference. I've been going for a few years now and I consider myself more of a identity generalist, if you will. But and you talk about Identiverse, right? You get a, you get that I identity generalist perspective at Identiverse. They cover just about everything.

The authenticate conference really focuses on authentication and it's a big driver to pass through this. So like you said, you get brought it into Identiverse and you come in with kind of like the consolidated message. But if you want to get the real scoop and you really want to understand that space, and it's not like it's not like a light switch. It's not like you go one year and you're all of a sudden going to be an authentication guru.

But this is where the the thought leadership is happening. This is where you can make contact and start building your network of the people who are really behind setting these standards. What are your thoughts? No, I think you're exactly right. It is a deeper dive in authentication. It's the name authenticate and we've also enjoyed a nice partnership with the folks at Identiverse. In a lot of ways, it's a carry on.

You know, the community you'll see at Identiverse in the spring, you'll you'll find in the in the fall at Authenticate, but with a, you know, a deeper focus on all things authentication. You know, user authentication is, is critical component without the most critical component to your broader IM step. And so it's really important to understand how people are are signing into your site, into your service, into your network. And that's what we look at at authenticate.

And I mean, Jo, Joan, I think your, your historical perspective on this, you know, talking about MSA is really on point. You know, I mentioned before I was talking about what Fido does and, and how we're reducing reliance on passwords. It's not just that it's actually changing the way that people think about authentication. You know, we've known, we collectively have known for decades that passwords are insufficient, right?

And for the past 20 years or so, the answer has been, well, let's layer on another factor on top of, you know, passwords is a primary factor. The questions always been, the question hasn't been, are passwords enough? The questions been, how do you make them suck less, right? And so the answer is being let's add a layer, you know, let's add SMSOTP on top of this. Let's do TOTP, let's do an app,

let's do a push notification. The problem is most of these approaches for MFA are flawed in their own right, right? They still rely on human actions, which leads to fallibility, which leads to account takeovers and bypasses and things like that. So what passes actually do, what Fido does, it actually introduces a, the true password replacement or no longer are you working on thinking about

factors like MFA? Yes, use MFA, but ultimately, you know, a passkey that provides the same difficulties in a single gesture and a single action. And, and you know, takes away this, this, this activity of counting factors. And instead, he really thinks about what the the actual threat model is today, which is phishing, like phishing, social engineering, that is a threat model. How do you attack that threat

model? You know, you make your authentication unfishable, which is what pass cues do, which then ties back into, you know, your broader identity strategy and everything else. We start looking at, well, you know, how am I considering, you know, account onboarding, account recovery and, and authorization and all the other things that go into, you know, an identity set.

You know, you really need to start with, you know, the, the secure method of getting people into your system, into your network with user authentication. And that's like that is what we dig deeper into at Authenticate. So, Andrew, I feel like there is a opportunity here to craft a new shirt for your shop and it's something along the lines of like Fido Alliance established, you know, whatever year making passwords suck less or something like that.

You know, since whatever date that might that might be something like that I think would be a lot of fun. I think that is great, but I should. You know, when we talk about the the founding of Fido Alliance, it's actually really important to note that the goal wasn't to get rid of passwords. The goal is to, you know, turn the time of data breaches, but passwords are the tip of that spear, right? And so our, our real goal is to stop, you know, online fraud or identity related fraud.

But passwords are the source of most of those problems, right? So if you address a password problem, you're you're addressing scalable tax, you're you're addressing data breaches, you're addressing credential stuff and all all those all those things associated with dependence on knowledge based credentials. So Andrew, one of the things I hear clients talk about a lot, you know with when it's like you talk about password list, right? So you're talking about really

getting rid of the password. If the client doesn't need to know the password or the, I'm sorry, the end user doesn't need to know the password versus MFA where it's two factors. So let's assume that they're using some kind of strong authenticator biometric or something like that. Then they'll challenge me and say well it isn't adding a password, just strengthening things because now I'm using two

factors rather than one. So doesn't the the password actually strengthen the authentication? Yeah. So the second factor will will strengthen the authentication, but the primary factor is still incredibly weak, right. So I think there's also a misconception out there that, you know, forcing people to have very complex passwords, the unique character strings or even, you know, generated passwords is secure in and of itself. So any password can be fished,

any password can be stolen. But also there's a huge, you know, backdoor account recovery, which pertains to a variety of sign the methods actually, where someone is social engineers, an account recovery process from a help desk or support desk, you know, calling in, pretending to be somebody, you know, getting that note that that account regenerated to a fake or to to an attacker, which allows them to take over that account.

So again, relying on passwords as a primary factor is inherently flawed and it's always going to put you down a path towards account takeovers. Now backing up a password. So, you know, that being said, I understand that a lot of people have legacy. Infrastructure. And want to get to, you know, past the future, but need to,

you know, have a migration path. You know, having MFA system where you have a hardware backed second factor like a security key where someone needs to, you know, pre possession of a credential to sign in and to trigger, even trigger every process. That is a, you know, much better approach than using legacy forms 2FA based on a fundamentally flawed primary factor of a password.

Right, Yeah. And I mean, it's, it's a very complex topic in terms of there's so many, it depends on some of the use case scenario that you're talking about as well. So there's that recovery aspect, that kind of the unhappy fact that could be exploited.

There's the use case, like if you're going out to millions of users and kind of a CIM perspective, you know, the same reasons why MFA is hard to roll out to the large population is the same reason why, you know, having people who lose their password and can't log in or lose their second credential get a new phone. They have problems with the

recovery process. So I, I guess why I brought up that whole topic, it's very nuanced and there's the kind of conversations that happened at the Authenticate conference.

I love Ideniverse, right? But it's it, it covers so many different topics, whereas the Authenticate conference just focuses on authentication and you can have time for these kind of conversations, I think as the IM practitioner. You know, within. Your company, you're expected to be the expert and be able to talk about and handle these

types of questions, right? And the way you do that is to sink yourself into these topics, interact with the experts in the world who are the deepest thinkers on these topics and they're in authenticate. So to me, that's like the value, like if you've never gone to the conference before and you're thinking, well, my job doesn't just focus on authentication. So I'm going to go broad brush and I understand that.

And I think, you know, the other angle to it is like not everybody can go to every conference that they want to. But even if you just get to authenticate like one time for me, I'd highly encourage it because I just feel like, you know, diving into the deep end in a topic, you know, you can get a lot of benefit from that. You know, I think that the there are a lot of new ones as to authentication. And I was just trying to think of the analogy.

What's the saying like, so Eskimos out of like 85 different terms for snow, they know they're coming from Seattle. Like I knew like 13 different types of rain. You know, a lot of people are not that deep into authentication things else's user, it's just authentication. Just get someone signed in. But no, there's a lot of nuance, right? Are you talking about workforce? Are you talking about consumer? Are you talking about regulated? Are you talking about non regulated?

Are you talking about business partners? You know, we're talking about global. There's so many nuances to it that are important to understand, right? So everyone needs to know the top level. We provide that top level information about authentication about where it fits in your identity stack. But for those who want to dig into the nuances and get deeper and deeper down, you know we'll have content and experts on site to help them grab those as well.

Well, there's no nuance. Obviously passwords suck, so. There's the nuance there. We don't want that there, right? Yes, exactly. Well, there's yeah, use pass keys, yes, so. Obviously the experts in the industry are going to be there. Who else should be there? Who else is the conference for? It's for, it's for anyone interested in authentication and identity, frankly, right. So last year we had, I think around, you know, 40% of the

people. So they were New Newark to Passkies, Newark to Fido, which is awesome, right? So we, we, and then we also had, you know, probably, you know, 30 plus percent who are pros, you know, who really got into the these, these nooks and crannies of authentication. So, and we tailor the content with Taylor Taylor, the flow of the show to cater to to anyone interested in user authentication, anyone interested in pass keys and the adjacent topics they're in should come at this conference.

But I think, you know, we should probably have, we should have over 600 people this year, well over 600 people. Everyone brings their own perspectives, your own background of their own, their own, you know, learning agenda into the three days that we have at Authenticate.

Yeah. And I can speak from personal experience going to this past year, the environment of the conference gives you time to really reflect really to and, and the size of the conference gives you the opportunity to engage with people, including the experts. I found that, you know, it's just like people are very approachable. You can just go sit down at a table with a bunch of people and network and you know, some of

the top minds in the field now. So if we've got people interested, which hopefully now they're like, OK, I'm, I'm sold.

I want to go, we're in like this critical period, right? So this episode's going to drop on September 2nd. We've got a discount code that we've had out there for a while. It's IDAC 15 gives you 15% off your registration fees, but it's also the last week of early bird pricing for the conference, right? So if you're going to go make that decision this week and get registered before what is the

September 9th? I don't have a calendar in front of me. It would be that Friday, the Friday after Labor Day in the US Yeah, I think that would be September somewhere. Single digits. Single digits. Well, OK. Register early and often. That's the message, right? Don't miss out on that. It's a Friday and so I want to say September 6th or 9th or something like that. Anyways, as soon as you hear this, go, go, go register. So no, the conference itself is, is great, Jim, I appreciate you

saying that. I mean, you know what one of the obviously ideal we we have for this is I should feel like you're going to a retreat and not just your typical hotel conference, right? So the venue itself is fantastic. It's a, it's a resort setting in Carlsbad, CA. If you haven't been to Southern California in mid-october, you're missing out. It's a really nice grounds. One thing I, I really loved seeing last year is this people, if you're saying this kind of

strolling around and mingling. I was calling all the authenticate tours, you know, kind of taking over the grounds of this beautiful resort and you'd see people sitting in these little these tables around palm trees by that pool, like talking about authentication. So it's a really neat venue that does have the kind of retreat type mentality to it.

We want people to feel like that, you know, for those who are inclined to do things outside of the conference, there's, you know, world class golf there, there's surfing at the beach nearby. It's just, it's a, it's a great place to come and dig deeper into authentication and really to lean into the, the, the broader Fido and authentication community. I say this every year and I'm starting to get, get rimmed for this actually, but there's a sense of community here is quite strong.

You know, there's kind of a missionary feel to what we're doing at Fido Alliance and, and authenticate because no one thinks that what we're doing is a bad idea, right? Everyone understands that we're trying to make passwords suck and really suck less and, and do away with those and everyone understands the importance of that. So as an attendee, if you're trying to learn and you have a use case, you know, go to the sessions, the experts will take

time to talk to you, right? Everyone wants you to be successful because there's a, there's a sense of joint opportunity and joint responsibility, understanding that, you know, the integrity of the Internet itself is only as

strong as the weakest link. So the more sites and the more enterprises, the more companies that start hardening their authentication systems and architectures, the better half everyone is. It allows everyone to move forward into a, you know, a more secure future and and more, you know, seamless and usable Internet experience once people are using pass keys instead of relying on passwords. Yeah, I'm looking forward to this conference. I it's it's October 14th through the 16th.

It's in Carlsbad, CA Couldn't ask for generally a better weather experience, at least in the US. Yeah I I it's one of my favorite conferences for sure. And I and I like the environment. It seems like it's a very social. Casual is probably not the word, but I feel like there's a lot of conversation and discussion. It's not so much presentation, right? It's hey, you know, let's sit

down. Last year there were food trucks and, you know, a bunch of us kind of sat around the table just talked identity or different things and things like that. And it was a very open and fun kind of conference, which I really appreciate because they think sometimes we get into these other conferences, which are also great, but they're huge, right? And it's, you're shuffling from like one session to another. And it's not sometimes even time to breathe.

You know, I, I like to have time to breathe and I want to sit down and talk with people. And if I can do it under a palm tree in Southern California weather in October, sign me up. I am totally in. Yeah, bring sunscreen.

No, we, we, we, we, we, we do build an extra networking time, but the presentations are great. And there is a challenge, you know, putting on a conference like this because there's so much time to. We want to get out there. We had hundreds of submissions this year and I think we have 93 sessions or something like that. So it's a manageable number, but

it's built across 4 tracks. And so people, you know, we have tracks covering, you know, different types of, you know, pass key roll outs, usability, different sort of sectors specific, you know, things like looking at identity verification, payments, government, automotive and all sorts of things that get a little deeper into specific use cases. And so it's a chance to, to, to attend those and learn about them. One thing I will note is that we do actually have remote

participation. We, we, we, we video everything. So we have a live stream for those who cannot attend in person, but significantly for those who are on site who have a track conflict, you can go back and watch all the content too. So we make that available to attendees. Find yourself OK. Yeah, thank you so much. Because there's always a conflict. And I was like, all right, how do I split time between these two 3-4 sessions all taking place at the same time?

I can always go back and review it. Yeah, I mean to be clear, we're we're, you know, we're very grateful for and we care about our remote attendees. But I'm, you know, we're most interested in actually archiving this content and making it available for Aid 1st for conference attendees and eventually to the general public

because the content is gold. There's so much being conveyed, you know, from experts that we want to make sure that this is captured and shared and really, you know, helping educate the industry at large. I know we talked a lot about authenticate here, right? The one in October in Carlsbad, but you're actually going to be at an APEC conference in Kuala

Lumpur. That's is that also a Fido event? It is the Fido APEC Summit similar to authenticate actually in some ways, but it's it's a 2 day conference, their second one week jump. It's amazing show on its own right.

So for anyone listening in Asia Pacific, it's not too late to book flights to go to KL. It's the following week, September 9th, 10th, 11th in Kuala Lumpur, whichever in 300 people attending that conference over over 2 1/2 days learning you know all about Fido, Fido authentication. Look at some region, you know, region dependent activities. We have expert speakers from, you know, different case studies, different sectors in, in, in APAC.

And it's been really interesting to watch the Asian market evolve. I mean, a lot of the earliest Fido supporters and deployments were from Asia, but we've seen a particular amount of innovation in Southeast Asia, which is where we've we've, you know, launched this conference.

So last year we had it in Vietnam, this year it's in Malaysia because there's so much happening in in this corner of Asia Pacific, this corner of the world, that it's important to try to harness it. And again, you know, create a forum where people can, you know, meet each other and share best practices and learn in advance their own authentication objectives. So Phyto AIPAC Summit is the is the events that people should be looking to attend in Southeast Asia. Yeah, not a bad gig for you

either. You get to see all all over the world, which is pretty cool. But back on this conference in

the US, so the Authenticate conference, he talked to us a little bit about the types of content that are going to be in store. You know, what are some of the highlights that people should be aware of that you know, you think there's going to be a big draw? Yeah, I think backing up a little bit, you know, one of those common questions I get from the people who reach out to Fido Alliance as well. Can you give me an example of someone who's done this? Give me an example of someone

who's done that. Give me, you know, tell me about someone who has deployed, you know, five O 4 payments payment authentication. Tell me about the workforce setting or are there examples of governments who have deployed this to for interagency authentication get a lot of use case requests? And So what we focus on that authenticate is kind of use use case driven content.

So getting practitioners to come speak and share their experiences and it's incredibly powerful because typically it's either spot on to what someone you know, has on their own agenda, their own, you know, professional agenda, or it's adjacent enough where someone could learn from that. And then like you mentioned, go engage with the speaker afterwards to just pick their brain and learn more about how they can apply that to their own learnings.

So in general, I'd say it's kind of practitioner centric content and the and the and the breakout tracks for practitioners to use in in their daily lives if I can. Erupt it there Andrew, does that feel the same way like the practitioner content to me the most impactful over the last two years just seeing oh wow, this isn't just Apple, Microsoft and Google that are doing this. This is regular companies, non tech companies that are using pass keys and going password

lists. It's not just exciting from a philosophical perspective, but in the real world, this stuff is is taking root. Yeah, Yeah, that's it. And one thing that's been really cool to see is how the content has evolved, right? As this industry has matured, our content has matured as well, right? So it's not just like we, we have this content like building a case for getting rid of passwords. But it's not just that it's not theoretical, it's, it's actual,

right? So it's actual, it's practical and it's getting into again, the, the more and more nuance understanding it's very specific scenarios for deployment, you know, for, for user authentication today. But also, you know, we're looking at these adjacent spaces as well, like looking forward. So there's adjacent technologies. And we had a big push actually

Identiverse this year, we launched our identity verification certification program. So we have a big focus on identity verification because we talk about again, the strength model. So you have authentication as a primary threat model, but there's a giant back door. And if you're, if you're for, you know, in the cat recovery that can be exposed if you are still on boarding people with knowledge based credentials,

right. So we have a certification program now that encourages utilization of technologies, identity verification technologies that are doing what I'll call possession based onboarding and possession based recovery, you know, leveraging, you know, the ability to, to recognize someone's face, right. So face verification. So we have a whole breakout track on identity verification, how that ties into your user authentication strategy.

We have breakout tracks on like I mentioned before on, on, on payments, government use cases, you know, again, looking at kind of the, the consumer versus workforce authentication, other complementary technologies and standards that are emerging around, you know, verifiable credentials and things like that. So and so we we touched on all aspects of identity with the deepest focus of course on on easier authentication. Yeah, that's fantastic.

The other thing I'll mention, Andrew, I mean this could be a major draw for the conference is that Jeff and I will be there. You know, we're talking about we're we're work shopping right now on kind of being the transition between the keynote and dinner. The funny thing is like Jeff and I are going to be competing with food the entire time. We're always. Competing with food. Let's be honest here. It's true. It's true. So we're, you know, expecting to

do that. We're workshopping because the idea is that we're going to have a Family Feud game. So we have to figure out how to do that. But it's kind of a, a fun way to transition from the keynotes, which are, you know, heavy and impactful to something that's a little bit lighter before we go out and network and have dinner.

And then we'll also be podcasting. So, you know, we've got several podcasts lined up. One of them is the DIAF. They've got a scholarship winner from the Victorio Bertucci Award, you know, one annual winner comes to authenticate. So we'll be interviewing that person along with Ian Glazer, I think is going to help moderate.

And then all of our podcasts are going to have seating available, so people who are interested in hearing the show be recorded live and maybe picking up the microphone and asking a question or to themselves, that's going to be an option. And I think right now what Adrian and Megan have in the works is that it's going to be in the Expo hall, kind of situated in a corner, and it's going to take place during the lunch hour or during food time so that we're not competing with

other sessions. So if people want to go session to podcast the session, it's possible, but we're going to be eating the food. I had a lot of fun doing your live podcast on Universe. That was a new experience for me as an audience. As an audience, I'm like, oh God, you know, I can't. It's live. So now it's a lot of fun doing that. And and we're we're thrilled to have you guys there and I think

you'll compete well with dinner. We're looking forward to the family feud, whatever that may bring. It'll be a fun way to to engage the audience and engage the community we're talking about. And then, yeah, then we should

talk about even the activities because we want authenticate to be fun and it is fun, right. And so we, you know, we'll have at last we had this food truck set up outside the Expo hall. By the way, we have an amazing Expo hall this year. So it's it's almost sold out great vendors who have a lot of things you planned it to share with with the attendees. But you can segue from that on the opening night into the kind of the food trap area, which is good networking.

The second night we're going to have our blowout party again, which exceeded my expectations. It was a lot of fun and people, people carried on into the wee hours of the evening or the wee hours of the morning evening. Like there's there were some people lingering in the pools, I understand until until after midnight both nights. So you're leading that cool person. This is a place for you as well. What happens in Carlsbad stays in Carlsbad to some degree.

It was not in names. It's a fun conference, right? And I, I think that's probably hopefully what people get on this and, and hopefully we'll see a lot of people there. You know, the three of us will be there as a whole bunch of other people. It's just a good time and really good, interesting conversations, which is a great mix. So there's a, there's definitely a lot going on.

I'm, I'm particularly excited about the Stanley feud idea because I've had ideas for shows that we've been Jim and I've been trying to figure out how to kind of work some, some of this stuff, especially kind of like live events and stuff as they're starting to do more of that. So things may change, right? We never know, but we are trying to figure out how that works. I'm particularly excited to, you know, see how see how we can pull this off and continue to iterate on these kind of things

in the future. I'd still like to do a hot Wings style that's been on my bucket list for like 2 to three years. Now. A hot one style where we do spicy food throughout. So if you're familiar with hot ones on YouTube, it's an interview that somebody does with somebody else, usually celebrities, and they're both eating progressively spicier chicken wings or you know, vegan wings, things like that. And something like that I think

would be a lot of fun. I'm not a spicy food person, so I'm sure be people get a riot out of me turning red and maybe dying on the show. But stuff like that, I think, you know, could be interesting, but. We'll see. We'll start staying with you and see where it goes. If you haven't seen Hot Ones before, Andrew, it's like the concept really gets, you know, it's like usually the 6th or 7th wing is up to 10 and like the 10th wing is just inedible. Right.

So then you're having to answer your questions while you're physically suffering. If you're the celebrity who's being interviewed, it's pretty hilarious. Yeah, it's a good time. It's a really good interview. Like it's, it's basically, what's the guy's name? Sean Something Can't remember his last name, and he interviews celebrities. And it's been really interesting to see how the show has grown on YouTube over the years.

I mean, it's a whole thing now. It used to be like, you know, D list celebrities, and now they're getting A list celebrities. No kidding. Putting them through the gauntlet of these spicy wings. And yeah, some people can handle it better than others. If you haven't checked it out, it's a lot of fun. And the one thing that really strikes me is the interview is really good. It's not just there's hot hot sauce and that's like the only thing to it.

The questions go really deep and everybody who is interviewed always comments about like, wow, how did you, how did you know that's a good question? Nobody's ever asked me about that. So it's a really good also, you know, if you're looking at doing this type of of interview type stuff is it's a it's a good model to follow. So we'd be geeking out on authentication while slowly melting down from. Right. Yeah, into a into a puddle of sweat and tears in a corner of

the room. Sounds like there's potential there for a future authenticate 2829 maybe, yeah. Build up a tolerance over the next couple years and just, you know, do like your training hot sauce a day, every day.

All right, let's try to wrap things up here because you're very gesture time. You're on the West Coast. I know it's earlier for you. I want to put you on the spot because usually we'll end the show on a wider note and we didn't discuss this before. Usually just to kind of, you know, peek behind the curtain of how we do this is I'll come up with something that's like a wider note question at the end

for the end of the show. But I'll share it just before we hit record so that at least, you know, our guest has a little bit of time to think about this. In this case, that is not what happened here. I came up with one before the show, forgot to mention it, and then I came up with another one while we were talking here. So you can feel. Free answer. I did not get the question I noted. I was wondering about this, but

it's always kind of a thing. I was like, maybe they didn't do it this maybe like now they're over 300 shows, they don't do this anymore. They're all buttoned up now. Or I didn't think that maybe they're going to totally surprise me without. So definitely the latter. I have, I have two questions you can answer or not. We'll give you the the opportunity to pass. So the first question is pass key related, if you had to rank regions of the world in pass key adoption, who is 1st and who is

last? So what I mean by that is there in a particular area of the world that is really like embrace pass keys and you're seeing a lot of adoption. And then the opposite of that is where is it still slow and we need to drive more awareness or or whatever it may be.

That's a tough one to quantify. So there's so many companies that are deploying this at scale are global, you know, Amazon's global, Tik Tok's global, Google global, Apple's global, Microsoft's global eBay, Walmart, the list goes on. So that's really a tough one to answer. If we're talking about consumer implementations, we think there's, you know, over 13 or 15 billion user accounts that have a pass key now. So it's, it's tough to quantify.

And I'll, I'll tell you some things I've seen though that are really exciting over the past, you know, several months, we've seen a ton of activity in Australia and you know, it's, it's a meaningful market, but we've seen the government with your mygov implementation allow passkeys for sign in there. I just saw a Telstra allow sign in for their, your Telstra mobile account. U Bank, which is a neo bank is

supporting passkeys for banking. And so I'm seeing a lot of, it's interesting to see some of these regions start building momentum within them. And it really does, you know, build upon itself because it does a couple of things. One, once you see a lead service provider or government supporting pass keys makes it easier for the next one to follow suit because if you point to that, it's an exemplar. And so it gives, it makes it easier. But also I believe there's consumer demand, right?

Consumers are starting to understand what pass keys are and they want to use pass keys, right? So the survey we did earlier this year showed that over half the consumers have been offered a passkey and, and have chosen to use one. And so you're starting to see consumer awareness, consumer demand for this. So once you get some momentum going in the region, more and more, you know, lead for on the consumer side, service providers will support them. So hope that answers your

question. I don't have a last 'cause I'm never going to name anyone last. I figured I'd try. We're seeing global growth, but it, but it's, it's really cool to see certain regions, you know, explode onto the scene. And we're, and we're seeing hints of that in, in certain areas of South America as well. And that'll be an area to watch as we move forward, you know, between 2024 and 2025.

OK, Now something not identity related, but related to you were going to be out with us on a show a couple weeks ago and you had some flight difficulties which I think we've all been there and understand it. So here's my question to the to the three of us and definitely gut, gut reaction here. What's the worst thing you've ever seen on an airplane? Seen on an airplane or the worst like travel delay seen on.

The worst, worst thing you've seen or experienced maybe, let's say on an airplane, I'll give you an example. Like for me, I've seen people with like their shoes off, like up on top of people's seats behind them. And the person in front of them is totally oblivious that their head is like mere, you know, inches away from somebody's gross foot. You know, things like that is kind of what I'm I'm thinking about.

Bare feet, stinky food, you know, it just general inconsiderateness is sort of things that, that I, I see every now and then and I, I kind of try to block them out and put blinders on and, and, or, or mentally forgotten it because I, I, I, you're so scholar, you know, like I'm a father of two lovely kids and I, they were small at one point. So like the crying baby thing doesn't bother me as much

anymore. Although I was on a flight recently with one of my kids and I had like the cryingest baby ever. I forget where we were going, but it was, oh, just up to Seattle from LA. And this child was, was going nonstop from like take off the landing. So that that's unavoidable. Like the more time you spend on planes, the more of the stuff you're going to see. And just try not to let it get to me too much. Jim, about yourself. What's the worst thing you've seen on a plane?

OK. First thing, Jeff, you'd like me to not complain, right? But then you bring this. Question up, I'm giving this to you. Man, this is a golden ticket for me. Right? OK. Second off, I thought Andrew might say Antarctica as a region that there's not much pass key adoption? I'd be surprised. You'd be surprised, yeah. There's fewer, there's fewer operations, but maybe they'll have it. Maybe they're leading the pack.

We don't know that. It could be 100% OK in terms of best of on airplanes, I've seen some vomiting, turbulence, people freaking out. Those are all bad. But I had one happen to me recently so I can tell more of a detailed story where I was on the phone with Denise and there I was in the the waiting area, the terminal, and there's a baby just going off. And like Andrew, I've had young kids, I've traveled with them. So I tried to, I've learned to be extra patient and understanding.

And Denise says to me, like, what's up with that baby? Like she could hear it through my, my Bluetooth. And I said, well, I should be fine. I got upgraded to 1st class Jeff, I, I texted you, do you ever regret being upgraded to 1st class? You're like, no Netflix. So I get on into first class. I'm in row four. Row 3 happens to be this mother and the baby and the baby's going off. And I'm like, all right, well, I'm just going to put my music on extra loud. And I did that.

The worst part, the most inconsiderate part was, and we, we, it was only like a 45 minute flight, but we got delayed on the runway. So we're sitting there for like 45 minutes. So the captain says, OK, you can get up and go to the bathroom. Well, this baby when #2 in her diaper, she wasn't really a baby, she's more of a toddler. And we're sitting there and I'm thinking, OK, thank goodness she can get up now and and take her to the bathroom and change the diaper. Well, she doesn't.

And here, like everybody in the whole area is like holding their nose and like grumbling and stuff. And including me. I was like, come on, you have to smell that. You have to smell that. And it was just like, what's? And like the entire flight, I could smell it. And I was just like this is not good. What's the thing right? It's like smells are probably the worst thing because sometimes they linger. Food is, is always bad.

I I'm a McDonald's fan. I love McDonald's, but on a plane, like it just kind of like lingers and someone will bring on fries and then what? One, one thing, a couple things might happen. One, I'll be hungry for a McDonald's fries. That's just going to happen. Two, is it just kind of sits there and it's like, you know, like, what are we going to do with that? You know, greasy kind of smell, whatever it may be. So those are pet peeves for me. The other one for me is the sun

shade on windows. People who fly with it open where it's like a 6:00 AM flight and the light just shines through the entire cabin to people who are trying to sleep. And I don't know what the, you know, what the the etiquette is around this, but I feel like if you're sitting next to a window and it is very bright outside and sun is literally shining into the cabin, take a look around you. Is it hitting someone in the face? Is it hit them right in the eyes they can't see?

Maybe just lower it a little bit to help them out. That would be great. There's an obligation there. It's an, it's an active role the, the, the window person in a, a morning or a twilight flight. So you can't just take that casually. It's almost like the emergency exit questions you get should be very prepared to, you know, be aware of the well-being of the people around you. You know, what's your window shade? So that's a fair question.

None of these things will happen to people who fly to authenticate. By the way, all my stuff indicator are followed free, they smell great and there's no crying. So please book your flights. I'll be driving, not much. Crying. Jim and I will be there, so there might be some crying. Yeah, but not on the way to or free. So don't just dissuade anybody from coming, please. Now, you know, I think everybody has these experiences, right? They on a plane for the most part.

You know, I travel a lot. I fly a lot. For the most part, things are fine. But every once in a while you just get that thing. And, you know, fortunately we have things like noise cancelling earbuds that can, you know, drown out babies or other noises or whatever it may be. But yeah, every once in a while there's this thing. It's just like, and it really strikes me as sort of like, these are first world problems.

Like if this is what I'm complaining about, I'm probably doing OK. Right in the yeah, no, it's, it's fun flying. It's not fun, but it's, it's, it's, it's a necessary thing. And we're looking forward to seeing people get on planes and land in San Diego or Orange County and we'll see them at Authenticate, which we yes. Come off to authenticate, join the three of us. Really looking forward to it. October 14th, the 16th. Use our discount code IDAC 15. You get 15% off.

Stack it on top of the soon to expire Earlybird discounts, things like that. So we'll have links in our show notes for people to check out all that stuff and hopefully people take advantage of it. So we're going to go ahead and leave it there for this episode. You can visit us on the web, IDC podcast.com. We'll have a link to Fido Alliance website as well and the Fido Shop. You can get yourself a cool T-shirt as well and show

support. Andrew will have a link to your LinkedIn profile as well for people who want to reach out and connect that way. Let's see what else we're on Twitter or X or whatever might be called at IDAC podcast. Again, if you give us a like and subscribe and YouTube, that would be fantastic. idacpodcast.tv. We'll take your rate to our channel.

And yeah, connect with Jim and I, send us ideas for shows, send us comments, criticisms, concerns, all that good stuff, and we'll take that under advisement. Won't promise anything, but we'll read it. All right, let's go ahead and leave it there. Thanks everyone for watching. We're listening and we'll talk with everyone in the next one. You've been listening to Identity at the Center. We hope you've enjoyed the show. Make sure to like, rate and review, and we'll be back soon.

But in the meantime, hit the website at identity@thecenter.com. See you next time on Identity at the Center.