Newsletter

open source and cybersecurity news

April 27, 2023

Live at RSAC, Passwordless, Google Authenticator

In this Episode:

Kadi Grigg with Curtis Yanko live at RSAC

?? Kadi Grigg, San Francisco, CA

Trac Bannon live at RSAC – A Starting Definition for Passwordless

?? Tracy (Trac) Bannon, San Francisco , California

https://www.secureauth.com/
https://www.rsaconference.com/usa

Google Authenticator to Get End to End Encryption Following Security Concerns

?? Edwin Kwan, Sydney, Australia ↗

Google will add End-to-End encryption to Google Authenticator

This Day in Tech History

?? Marcel Brown, St. Louis, Missouri ↗
http://thisdayintechhistory.com/04/27

 

Episode Transcription:

[00:00:00] Pokie Huang: 

Hey, it’s 5:05 on Thursday, April 27th, 2023. From The Sourced Podcast Network in New York City, this is your host, Pokie Huang. We will start our episode today with Kadi Grigg and Trac Bannon reporting live from RSAC in San Francisco and followed by segments from Edwin Kwan in Sydney, Australia, Marcel Brown in St. Louis, Missouri. 

Let’s get to it.

[00:00:30] Kadi Grigg: 

Hi, this is Katie Grigg reporting from the RSA floor here with Curtis Yanko. Curtis, it’s great seeing you again. It’s been a minute. 

[00:00:39] Curtis Yanko: 

It has been. Kadi. It’s great to see you too. 

[00:00:41] Kadi Grigg: 

So, Curtis, I wanted to pick your brain today. You’re an RSA veteran, so what are some of the biggest differences you’ve noticed this year versus other years you’ve attended?

[00:00:50] Curtis Yanko: 

Well, I think like all years RSA is a little overwhelming for me. There’s so much here. I think the biggest difference is how I’m seeing things, because in the past I always thought all these AI powered solutions were a little bit of a reach and marketing words more so than substance. And now we live in a world where ChatGPT is real and all of a sudden AI seems legit. So I’m looking at all these companies very differently this year. 

[00:01:19] Kadi Grigg: 

Yeah, it’s definitely like a fresh eye approach this year where you’re believing more in the, the AI approach, huh? 

[00:01:24] Curtis Yanko: 

Yeah. Yeah. It, it went from something I was very skeptical of to now I’m like, Oh my God, that’s actually, could be legit.

[00:01:32] Kadi Grigg: 

So are there anything that you’re hoping to see next year when you come back? Any maybe growth with some of that AI or… 

[00:01:40] Curtis Yanko: 

Yeah, that’s what we’ll see, what other tools, spaces, the idioms around here are going to just get invaded by AI. And how many more companies are gonna add AI. Who knows, maybe we’ll add AI by next year. I have no idea. I do think that will be a massive trend because it can be a super powerful tool, Let’s, let’s face it… now that it feels legit, it feels powerful. 

[00:02:00] Kadi Grigg: 

and that’s the truth. Yeah. Well, thank you so much, Curtis. It’s great seeing you. 

This is Katie Grigg reporting from the RSA floor.

 

[00:02:16] Tracy Bannon: 

Is RSA questionable? You bet it is when you’re looking to get questions answered. I’ve been super curious about this Passwordless future, so I sought out award-winning SecureAuth and talked to Mandeep Khera about Arulix. What award did they win? They won the Global InfoSec Award by Cyber Defense Magazine for NextGen Identity and Access Management and for NextGen Passwordless authentication.

Hey there guys. It’s Trace Bannon live at RSAC. I’m here talking to SecureAuth. This is Mandeep Khera. He’s going to tell us a little bit about password authentication, or maybe we should say lack of password authentication. Tell me a little bit about this new product. 

[00:02:59] Mandeep Khera: 

Absolutely. Thanks, Trace. The company is called SecureAuth, the product is called Arculix, and the whole focus is passwordless, but it goes beyond passwordless. It’s passwordless continuous authentication.

What does that mean? That means that we are doing authentication behind the scenes, invisible multifactor authentication instead of sending through text or emails, which can be hijacked, the man in the middle attacks, and all kinds of MFA bombing issues.

So we are reducing friction. So it’s a frictionless experience for users while improving security. 

[00:03:27] Tracy Bannon: 

So really what you’re doing is, everything that we’ve been doing already, but you’re not depending on me to remember what my password is. You’re not depending on me for a token. You’re not depending on me personally.

But there’s still what? Is there an agent on the local machine or how are you…

[00:03:41] Mandeep Khera: 

We have a device trust that sits on your laptop and windows or Mac or, so it’s heterogeneous, right? And then we have a risk engine that’s, that has behavior and geo and other variables. We tie both of those things together and follow your user journey so we know who you are, where you logged from, what’s your pattern. Why would we want to a friction when we know who you are? 

But if you wanted to, let’s say you go to Bahamas now all of a sudden, instead of San Francisco and start accessing from there, we know there’s something wrong. Now you can create friction, right? So it’s in your customer’s hands, making it frictionless completely.

Excellent. 

[00:04:11] Tracy Bannon: 

Hey, I appreciate you talking with me about this. I’m gonna check out some of the other vendors that are doing some of the same things, and I’m gonna tag back with you and tell you what I find. That sounds great. Thanks again. Thank you very much. Bye-bye. Bye-bye 

For Arulix, passwordless means invisible MFA. They are doing all of the heavy lifting, removing you from the loop and protect you from any of the type of hijacking that happens with MFA. 

Hopefully this gave you something to noodle on.

[00:04:37] Edwin Kwan: 

This is Edwin Kwan from Sydney, Australia. 

Yesterday I reported that the Google Authenticator app for Android and iOS added a data synchronization feature. This is a long awaited feature that helps make it easier to manage one-time access codes or OTP across different devices and services. 

I also reported that security researchers had raised concerns over the lack of end-to-end and encryption with the synchronization feature, meaning that unauthorized users could potentially access the data on Google’s servers such as through a Google breach. 

Google has since responded saying that they have heard users concerns and will add end to end encryption to a future version of Google Authenticator. They also say that they currently encrypt data in transit and at rest across all products, including the Google Authenticator app. 

As there is a possibility of users getting locked out of their own data with end-to-end encryption. They will be rolling out this feature carefully.

[00:06:28] Marcel Brown: 

This is Marcel Brown, the most trusted name in technology delivering your technology history for April 27th. 

April 27th, 1981. Xerox introduces the Xerox 8010 Star information System, the first commercial system utilizing a computer mouse, among other now commonplace technologies. The 8010 was geared towards business and was not a commercial success. Therefore, the mouse remained in relative obscurity until the Apple Lisa. But more prominently, the Apple Macintosh brought the mouse into the mainstream. 

April 27th, 1995. The US Justice Department sues Microsoft to block its acquisition of Intuit Incorporated. In October of 2014, Microsoft and Intuit had agreed to a 1.5 billion stock swap, where Microsoft would acquire the maker of the popular Quicken personal Finance software. It would’ve been the largest software company merger in history at the time. 

Quicken had approximately 75% of the personal money management software market. Microsoft’s money software only had about five to 10%. Microsoft had intended to sell money to rival Novell in order to avoid antitrust accusations, given that Microsoft had only recently settled a four year government investigation into harmful business practices. However, the Justice Department was not satisfied with this arrangement and claimed that the combined Microsoft and Intuit would hold too much power over the personal finance market. 

While initially Microsoft and Intuit remained committed to the deal and vowed to fight in court, less than a month later, Microsoft announced it was walking away from the merger. 

It is interesting to consider what may have happened if Microsoft had bought out Intuit.

Certainly Microsoft would’ve been a significantly stronger company in the short term. Clearly into its Quicken and QuickBooks combo of software became the defacto standard for finance software for many years, and it would’ve had, in theory only become more entrenched had it been under the umbrella of Microsoft.

As it stands, Microsoft eventually discontinued Money in 2009. 

That’s your technology history. For more, tune in tomorrow and visit my website ThisDayInTechHistory.com.

[00:08:53] Pokie Huang: 

That’s it for today’s open source and cybersecurity updates. For direct links to all stories and resources mentioned in today’s episode, go to 505Updates.com, where you can listen to our growing library of over 100 episodes. You can also download the transcript of all episodes for easy reference.

5:05 is a Sourced Networks Production with updates available Monday through Friday on your favorite audio streaming platform. Just search for “It’s 5:05!”. And please consider subscribing while you’re there. 

Thank you to Kadi Grigg, Trac Bannon, Edwin Kwan and Marcel Brown for today’s contributions. The Executive Producer is Mark Miller. The editor and the sound engineer is Pokie Huang. Music for today’s episode is by Blue Dot Sessions. We use Descript for spoken text editing and Audacity to layer in the soundscapes. The show distribution platform is provided by Captivate.fm. This is Pokie Huang. See you tomorrow… at 5:05.

Contributors:

Comments:

Leave the first comment

Newsletter