WEBVTT - What's the Password? 0:00:00.160 --> 0:00:07.200 Brought to you by Toyota. Let's go places. Welcome to 0:00:07.400 --> 0:00:14.720 Forward Thinking. Hey there, and welcome to Forward Thinking, the 0:00:14.880 --> 0:00:17.639 podcast that looks at the future and says they've given 0:00:17.680 --> 0:00:21.080 you a number and taken away your name. I'm Jonathan Strickland, 0:00:21.160 --> 0:00:23.480 I'm Lauren bo and I'm Joe McCormick. And that was 0:00:23.520 --> 0:00:25.400 a good one, Jonathan, thank you. Once in a while, 0:00:25.440 --> 0:00:27.400 I do, I do pick a good one. Well, you 0:00:27.520 --> 0:00:30.840 might have guessed, if you're quite perceptive, from what Jonathan 0:00:30.920 --> 0:00:35.080 just said that today we're going to be talking about passwords. Yeah, 0:00:35.200 --> 0:00:38.120 and not the not the game show password, which is 0:00:38.200 --> 0:00:40.479 unfortunate because I used to love that. I don't know 0:00:40.520 --> 0:00:43.520 what that is. Wow, you well, you're just like from 0:00:43.520 --> 0:00:45.760 the nineteen six Yeah, I was back when I was 0:00:46.159 --> 0:00:50.920 back when I was old, just a lad in the 0:00:51.000 --> 0:00:53.840 year of Our Lord eight hundred and forty two. All right. 0:00:54.000 --> 0:00:58.280 So anyway, oh Joe, now that we've revealed that I am, 0:00:58.320 --> 0:01:02.040 in fact islander and I battle to the end of 0:01:02.080 --> 0:01:04.840 time for the prize, what about passwords did you want 0:01:04.840 --> 0:01:07.240 to bring up? Well, I wanted to look at the 0:01:07.280 --> 0:01:10.080 future of passwords, as we often look at the future 0:01:10.120 --> 0:01:13.800 of things on this show. Because I think the state 0:01:13.880 --> 0:01:18.760 of passwords today is unsustainable. I could not agree with 0:01:18.800 --> 0:01:21.880 you more. Now, the way we typically go about our 0:01:21.920 --> 0:01:24.400 lives today, if we use a lot of online services, 0:01:24.560 --> 0:01:29.759 we use online banking, online credit cards, email, social networking, 0:01:30.800 --> 0:01:37.640 video streaming, you might have, you know, twenty five fifty passwords. 0:01:37.640 --> 0:01:39.720 I mean, who knows how many different things you have 0:01:39.760 --> 0:01:42.880 a password for. Maybe a lot of these things are, uh, 0:01:43.280 --> 0:01:46.360 these kinds of services online where you might only use 0:01:46.480 --> 0:01:49.320 them once a year or even less often. But you 0:01:49.400 --> 0:01:52.680 had to create an account with a password in order 0:01:52.720 --> 0:01:56.640 to do something one time, and so you end up 0:01:56.680 --> 0:02:01.000 with this huge list of accounts and passwords you've created, 0:02:01.320 --> 0:02:04.480 and it is so annoying to remember all these things, 0:02:04.640 --> 0:02:08.720 and sometimes not just annoying but impossible to a certain number. 0:02:08.760 --> 0:02:12.920 And if you are making your passwords sufficiently complex and 0:02:12.919 --> 0:02:14.880 and different from each other, because that's part of the 0:02:14.880 --> 0:02:17.200 thing about passwords, you know, we're not supposed to use 0:02:17.240 --> 0:02:20.400 the same password twice for any of these dozens and 0:02:20.480 --> 0:02:23.000 dozens of accounts. Well you should tell that to the 0:02:23.040 --> 0:02:25.960 millions of people out there who well maybe you're telling 0:02:26.000 --> 0:02:28.520 them right now, So good job, Lauren. The millions of 0:02:28.560 --> 0:02:31.600 people out there who do use the same passwords over 0:02:31.639 --> 0:02:34.120 and over again. And it's worse than that because they're 0:02:34.120 --> 0:02:38.040 not even necessarily using a strong one, right. Most people 0:02:38.120 --> 0:02:44.519 are using really, really sad, horrible weak passwords that are 0:02:44.560 --> 0:02:48.360 super easy to guess. There's actually a digital security company 0:02:48.400 --> 0:02:52.160 called splash Data that releases a list every year of 0:02:52.160 --> 0:02:55.120 what it claims are the twenty five worst passwords of 0:02:55.160 --> 0:02:58.639 that year, and it's gathered from quote files containing millions 0:02:58.639 --> 0:03:01.760 of stolen passwords pos stood online during the previous year. 0:03:02.160 --> 0:03:06.400 That's creepy, That's great, Okay, So obviously a the worst 0:03:06.520 --> 0:03:10.400 password would be probably like the most popular and easiest 0:03:10.440 --> 0:03:14.240 to guess password, the ones that everybody's using. So I 0:03:14.320 --> 0:03:17.320 checked out the list and coming in at the top 0:03:17.320 --> 0:03:22.360 of the pack, where a few winners like one five six, password, 0:03:23.880 --> 0:03:31.320 Quarty six seven, and the highly clever one one one 0:03:31.720 --> 0:03:35.840 one one one. Also making the top twenty five were 0:03:35.920 --> 0:03:42.000 some I thought weirder candidates, such as monkey Shadow and Princess. 0:03:46.320 --> 0:03:49.559 I will I will refrain from commentary about monkey Princesses, 0:03:50.400 --> 0:03:54.200 but now I gotta change my password. Oh no. Another 0:03:54.240 --> 0:03:56.760 one was like let me in. I like that. There's 0:03:56.800 --> 0:04:00.120 this kind of like magical spell kind of quality. Do 0:04:00.200 --> 0:04:01.920 it the thing or it's just the thing you start 0:04:02.000 --> 0:04:04.440 screaming at your computer when you just wanted to work. 0:04:04.520 --> 0:04:07.440 Let me in also has sort of a kind of 0:04:07.480 --> 0:04:09.720 survival horror vibe to it too. There's a lot of 0:04:09.720 --> 0:04:12.640 different ways of looking at this. I started that. So 0:04:12.800 --> 0:04:15.720 the state of password generation when you leave it up 0:04:15.720 --> 0:04:19.400 to the user is really horrible these days. Yeah, and 0:04:19.760 --> 0:04:23.760 this really does manifest in insecurity problems. Well, and even 0:04:23.839 --> 0:04:27.320 if you are diligent, maybe several of our listeners out 0:04:27.360 --> 0:04:31.960 there are really trying very hard to manage really complex 0:04:32.000 --> 0:04:36.680 passwords that don't fall into these simple traps and uh, 0:04:36.960 --> 0:04:40.039 but doing so, they're using different passwords for each one. Yeah, 0:04:40.080 --> 0:04:42.560 this gets hard. I mean it's, first of all, a 0:04:42.600 --> 0:04:47.720 strong password is by definition difficult for you to remember 0:04:47.839 --> 0:04:50.920 because it's complex, al right, It's it's not a single word, 0:04:51.080 --> 0:04:53.520 and any word that's in the dictionary is classically a 0:04:53.600 --> 0:04:58.560 very poor password. It's easy for a computer to guess. Yeah. Yeah, 0:04:58.600 --> 0:05:00.760 it's called a brute force attack. That's when you're just 0:05:00.920 --> 0:05:03.240 essentially or a dictionary attack. That's a specific type of 0:05:03.240 --> 0:05:06.479 brute force attack where you just take a database of 0:05:06.520 --> 0:05:11.000 words which could be simply a dictionary, and you run 0:05:11.040 --> 0:05:14.360 that through when you're trying to crack someone's password, and eventually, 0:05:14.400 --> 0:05:16.960 if you're using a real word, that's gonna pop up. Now, 0:05:17.000 --> 0:05:20.840 a dictionary attack in reality goes well beyond what words 0:05:20.880 --> 0:05:22.800 you're going to find the dictionary. It's gonna come up 0:05:22.839 --> 0:05:25.200 with words that appear on these lists. Like you were 0:05:25.240 --> 0:05:30.200 talking about Joe, those those words, those numbers, whatever, those 0:05:30.320 --> 0:05:33.839 happen to be the worst ones. You can guarantee that 0:05:33.920 --> 0:05:35.960 those are going to be in those kind of databases. 0:05:36.640 --> 0:05:40.240 And so if you are doing everything right, you're probably 0:05:40.440 --> 0:05:43.719 having to rely on some other piece of technology to 0:05:44.240 --> 0:05:48.760 manage all those because we're just not equipped to remember passwords. 0:05:48.800 --> 0:05:50.960 Like a really strong passwords going to be at least 0:05:51.160 --> 0:05:54.200 eight characters long, probably longer than that. It's going to 0:05:54.240 --> 0:05:57.440 incorporate upper and lower case letters, it's going to incorporate numbers, 0:05:57.520 --> 0:06:01.640 and if the system allows you will probably incorporate some symbols. 0:06:01.720 --> 0:06:04.839 Not all do so. In fact, there are strong password 0:06:04.839 --> 0:06:07.240 generators that only work with letters and numbers because not 0:06:07.279 --> 0:06:10.360 all systems will accept ye like an AD symbol or 0:06:10.400 --> 0:06:12.840 hashtag or something like that. Yeah, And there are some 0:06:12.920 --> 0:06:15.559 pieces of software that help people deal with this short. 0:06:15.640 --> 0:06:18.839 Some people have like browser plug ins. I use one, 0:06:19.080 --> 0:06:22.280 for example, because otherwise I wouldn't be able. I do 0:06:22.480 --> 0:06:25.320 have a unique password for every single service I use, 0:06:25.400 --> 0:06:28.719 but only because I have this password manager. If I 0:06:28.760 --> 0:06:32.240 didn't have that, there's no way I could do this, right, 0:06:32.240 --> 0:06:35.440 But of course that has limitations also, right, Like that's 0:06:35.520 --> 0:06:37.359 on your machine, But what if you need to go 0:06:37.480 --> 0:06:40.000 use a different machine. Minds web based, so I can 0:06:40.040 --> 0:06:42.480 actually use it as long as there's a browser to 0:06:42.520 --> 0:06:45.479 log in from from any browser you can, or you 0:06:45.520 --> 0:06:47.680 can also use an app on your phone to get 0:06:47.680 --> 0:06:51.240 around this. But at any rate, Yeah, it's not a 0:06:51.320 --> 0:06:54.159 really great solution to the overall problem. It's a good 0:06:54.160 --> 0:06:56.920 bandage exactly. It is a bandage. It's not a it's 0:06:56.960 --> 0:06:59.800 not a It doesn't fix the underlying issue, which is 0:06:59.839 --> 0:07:03.279 that passwords have these limitations, and we're quickly coming to 0:07:03.320 --> 0:07:07.040 a point where to make a password that's workable requires 0:07:07.400 --> 0:07:10.200 so much effort that it defeats the purpose of having 0:07:10.240 --> 0:07:13.520 a password. No one will want to use the service. Yeah. Well, 0:07:13.560 --> 0:07:15.960 I think we should look at one more aspect of 0:07:16.000 --> 0:07:18.720 the state of passwords before we look at the future 0:07:18.760 --> 0:07:22.280 of passwords. There was a c s I D survey 0:07:22.920 --> 0:07:25.640 as a as a data and security company. Yeah, so 0:07:26.040 --> 0:07:28.760 like the company I mentioned earlier was also a secret company. 0:07:29.160 --> 0:07:32.360 So they have sort of an interest in getting people 0:07:32.480 --> 0:07:36.280 this information about how bad things are. Right. It's an 0:07:36.280 --> 0:07:39.200 interesting report. I read through it. It's actually a very 0:07:39.200 --> 0:07:43.000 short report that that lists what they found. They survey 0:07:43.880 --> 0:07:47.880 US adults, so people eighteen and older. They found that 0:07:47.960 --> 0:07:51.840 six people reuse the same passwords on different sites, which 0:07:51.920 --> 0:07:55.560 is a huge problem because if one password is um 0:07:55.720 --> 0:07:58.760 is caught. Like if if hackers are able to find 0:07:58.800 --> 0:08:01.160 that one password and you're using it for multiple services, 0:08:01.160 --> 0:08:03.040 they have access to all the services to use that 0:08:03.040 --> 0:08:06.720 password for. Yeah, that's a bad, bad scene right there. 0:08:07.280 --> 0:08:11.240 They also found that the age bracket of eighteen to 0:08:11.280 --> 0:08:14.280 twenty four year olds was the most guilty of doing 0:08:14.320 --> 0:08:19.000 this at seventies six percent, which kind of goes against 0:08:19.080 --> 0:08:21.080 what you would think. You know, again, we we have 0:08:21.160 --> 0:08:23.840 this perception, or at least maybe I should say I 0:08:24.000 --> 0:08:26.800 have this perception. I am a member of Generation X, 0:08:27.520 --> 0:08:30.960 and I remember growing up with computers, and so when 0:08:31.000 --> 0:08:34.800 I grew up with computers, I became very educated about 0:08:34.840 --> 0:08:37.319 computers because it was a new thing. It was fascinating 0:08:37.400 --> 0:08:41.000 and I really took to it. But my uh, you know, 0:08:41.160 --> 0:08:44.800 my my savvy, my tech savvy is kind of limited 0:08:44.840 --> 0:08:47.720 to in a way, what I was experiencing when I 0:08:47.720 --> 0:08:49.360 was growing up. You know, I still have to learn 0:08:49.440 --> 0:08:51.559 all this new technology stuff that's coming out that other 0:08:51.600 --> 0:08:55.000 people who are growing up right now, that's their world. 0:08:55.480 --> 0:08:57.959 So I have this perception that people growing up now 0:08:58.600 --> 0:09:02.400 are more savvy at using technology and they use it better, 0:09:02.480 --> 0:09:04.600 and they use it more effectively and more securely than 0:09:04.640 --> 0:09:06.600 I do. But that doesn't seem to be the case. 0:09:07.880 --> 0:09:10.280 I did read a statistic that, um, I think from 0:09:10.280 --> 0:09:13.280 the same report that the eighteen twenty four year old 0:09:13.320 --> 0:09:17.880 demographic is more likely to lock their mobile device. Yeah, 0:09:18.200 --> 0:09:20.080 the next sense because it's something that they have with 0:09:20.120 --> 0:09:22.320 them all the time and they use more frequently than 0:09:22.360 --> 0:09:29.040 a computer. Yeah, I mean, still an issue. It's still problematic. Absolutely. 0:09:29.240 --> 0:09:32.199 Um what else? What else did the study find? They 0:09:32.240 --> 0:09:36.160 found that of people used five or fewer passwords for 0:09:36.200 --> 0:09:39.000 all their stuff. Now, they didn't have a follow up 0:09:39.040 --> 0:09:42.400 to say how many services these people typically use. If 0:09:42.400 --> 0:09:45.640 you're using five services and you have five passwords, congratulations, 0:09:45.640 --> 0:09:48.760 you're doing it right. If you use twenty five services 0:09:48.760 --> 0:09:51.400 and you have five passwords, you need to rethink your 0:09:51.400 --> 0:09:56.720 security approach. Um. But they also set found that only 0:09:56.800 --> 0:10:00.680 six percent had twenty or more passwords of the folks 0:10:00.720 --> 0:10:03.920 they survey. Now, again, without knowing how many services you're using, 0:10:03.960 --> 0:10:06.520 you don't know if those that six percent is like 0:10:06.600 --> 0:10:09.840 the actually most secure. But we can kind of draw 0:10:09.920 --> 0:10:14.600 some general conclusions of the respondents say they change their 0:10:14.600 --> 0:10:18.680 passwords once a year or not at all. So, uh, 0:10:18.920 --> 0:10:22.400 just under half never change their password or only do 0:10:22.440 --> 0:10:24.000 it once a year. You're supposed to do it more 0:10:24.040 --> 0:10:27.640 frequently than that. That's another thing that's really irritating about 0:10:27.640 --> 0:10:30.160 passwords is that a lot of services recommend you do 0:10:30.200 --> 0:10:34.400 this regularly. Fun little peek behind the curtain. This morning, 0:10:34.440 --> 0:10:36.360 when I logged in, I had to change my local 0:10:36.400 --> 0:10:42.840 password on my computer. Were mandated to do that. Princess Monkey, Princess, 0:10:43.480 --> 0:10:45.559 It's not just princess. It's okay, I'm going to change 0:10:45.559 --> 0:10:49.040 it before the end of this podcast. Uh. Now, nine 0:10:49.440 --> 0:10:54.480 of the respondents. Despite despite these findings, respondents, to be fair, 0:10:54.520 --> 0:10:56.280 that they weren't aware of what the findings were yet 0:10:56.600 --> 0:11:00.480 felt that their behaviors were secure. That's the worst artistic 0:11:00.600 --> 0:11:03.440 in here, because it means that they think that what 0:11:03.480 --> 0:11:06.560 they're doing is good enough, and it clearly is not. 0:11:07.480 --> 0:11:10.679 But you know, it's kind of like the the surveys. 0:11:10.679 --> 0:11:12.000 I don't know if you guys have ever looked at 0:11:12.000 --> 0:11:16.600 the ones about the supertaskers, where like the supertaskers, everybody 0:11:16.640 --> 0:11:19.920 thinks that they can multitask. There's like it's like two 0:11:20.480 --> 0:11:24.720 of the population, but believe they are in that two percent, 0:11:24.800 --> 0:11:28.040 which doesn't work. It's kind of like that, I can't 0:11:28.080 --> 0:11:31.760 remember the percentage now, but there's this overwhelming percentage of 0:11:31.840 --> 0:11:36.080 drivers who believe they are above average drivers. Right, it's 0:11:36.080 --> 0:11:37.719 all those other idiots on the road that they are 0:11:37.760 --> 0:11:41.040 the problem. Right. Yeah, Now you might wonder, out of 0:11:41.080 --> 0:11:45.040 these people, how many of them had actually experienced any 0:11:45.200 --> 0:11:54.920 issues with their accounts being compromised, having a security issue. Yeah, 0:11:55.000 --> 0:11:58.920 more than one in five. And now, granted, security issues 0:11:58.960 --> 0:12:02.040 can become a a problem even if you are doing 0:12:02.040 --> 0:12:05.640 everything correctly. If something on the back end is compromised, 0:12:06.040 --> 0:12:08.200 then you know, you don't have any control over that. 0:12:08.240 --> 0:12:11.240 But we're focusing mainly on the stuff that we as 0:12:11.440 --> 0:12:15.640 end users would have some sort of control or some 0:12:15.720 --> 0:12:19.800 sort of interaction in order to unlock our services. Right, 0:12:19.840 --> 0:12:22.160 So I think now we should transition to looking at 0:12:22.200 --> 0:12:25.480 the future of passwords. What is this gonna look like 0:12:25.720 --> 0:12:28.920 for the the user of the future when you log 0:12:29.000 --> 0:12:32.120 onto your machine, or maybe you're not using a computer, 0:12:32.200 --> 0:12:35.160 when you're just trying to get access to some kind 0:12:35.160 --> 0:12:40.880 of sensitive information or private service, what are you gonna do? Well, there, 0:12:41.000 --> 0:12:44.880 we can look at some of the more recent developments, 0:12:44.880 --> 0:12:48.000 some things that are are currently happening, and then kind 0:12:48.000 --> 0:12:49.880 of build out from there. I think that will work. 0:12:50.000 --> 0:12:52.160 And so one of the stories I wanted to mention 0:12:52.360 --> 0:12:55.679 was a guy named Sam Crowther and Australian who came 0:12:55.760 --> 0:12:59.680 up with a clever app that uses pictures for your passwords. 0:12:59.679 --> 0:13:01.560 So if you were to sign up for a web service, 0:13:01.800 --> 0:13:03.600 you would open up this app. You have a collection 0:13:03.640 --> 0:13:06.000 of pictures there, and you think, the picture of a 0:13:06.040 --> 0:13:09.679 hamburger that's gonna be my Gmail password from now on. 0:13:10.000 --> 0:13:12.520 You know, you don't tell people that clearly, but when 0:13:12.520 --> 0:13:16.000 you press the little hamburger picture, it actually generates a 0:13:16.080 --> 0:13:20.600 five hundred and twelve character long password that's so long 0:13:20.720 --> 0:13:26.240 that there is not any you know, foreseeable problem with 0:13:26.320 --> 0:13:29.280 that getting cracked. Unlessquantum computers come online tomorrow, in which 0:13:29.280 --> 0:13:33.240 case it's total different. Yeah, it's a different conversation. But 0:13:33.480 --> 0:13:35.880 at any rate, Uh, you know, behind the scenes, what's 0:13:35.880 --> 0:13:37.960 going on is just a password that's being generated. But 0:13:37.960 --> 0:13:40.200 it's a password that's so strong that there's just no 0:13:40.320 --> 0:13:42.800 human who would be able to learn it. Um, you know, 0:13:43.400 --> 0:13:46.240 at least no, let me say, a very small population 0:13:46.280 --> 0:13:51.640 of humans. Perhaps I shouldn't underestimate human ability, but it 0:13:51.760 --> 0:13:53.680 was I thought it was a really clever and elegant 0:13:53.679 --> 0:13:56.720 solution this idea. And the pictures are going to always 0:13:56.760 --> 0:13:59.080 be displayed in a different layout when you open the app, 0:13:59.280 --> 0:14:01.719 so you're looking for the Hamburger picture, but it's not 0:14:01.760 --> 0:14:03.319 always going to be in the same place. That way, 0:14:03.320 --> 0:14:06.160 if someone sees you use your phone to access a 0:14:06.200 --> 0:14:10.160 web service or whatever, uh, and they see, generally speaking, 0:14:10.200 --> 0:14:12.880 where that person touched the screen, that's not going to 0:14:12.960 --> 0:14:15.959 be useful information the next time that that app is open. 0:14:16.080 --> 0:14:18.160 So if someone does get hold of your phone, they 0:14:18.200 --> 0:14:22.080 won't necessarily be able to access the services. Um. The 0:14:22.080 --> 0:14:24.880 best part about the story was that the guy is 0:14:24.960 --> 0:14:28.040 eighteen years old. He's a young and who came up 0:14:28.040 --> 0:14:31.400 with this idea. Very clever. Wow, And to imagine what 0:14:31.480 --> 0:14:36.440 I was doing, I was creating very weak passwords and 0:14:36.560 --> 0:14:45.400 act when I was When I was eighteen, I didn't 0:14:45.400 --> 0:14:48.440 even know about the world. The World Wide Web didn't 0:14:48.480 --> 0:14:51.480 exist when I was eighteen, and I didn't know much 0:14:51.480 --> 0:14:54.160 about the Internet at all. So I really wasn't making 0:14:54.160 --> 0:14:56.600 weak best words to a couple of years. You hadn't 0:14:56.640 --> 0:14:59.640 had the opportunity to get your identity still, No, no, 0:15:00.000 --> 0:15:01.920 I would take a couple more years. Oh yeah, the 0:15:02.000 --> 0:15:08.520 Industrial Revolution still had to happen. Kay. Sorry, sorry, Ok, 0:15:08.800 --> 0:15:10.920 you guys are so lucky. You took it too far. 0:15:12.760 --> 0:15:14.640 You guys are so lucky. I left my katana at 0:15:14.680 --> 0:15:19.640 my desk, all right. Um, there there are, of course 0:15:19.680 --> 0:15:23.160 services that let you log in UM directly through something 0:15:23.200 --> 0:15:26.080 like Gmail or Facebook. You know, as long as the 0:15:26.120 --> 0:15:28.840 computer that you're on is signed into one of those services, 0:15:28.840 --> 0:15:31.280 the system just checks for that log in and then 0:15:31.400 --> 0:15:34.600 signs you in automatically UM, which is of course less 0:15:34.600 --> 0:15:40.240 secure than entering a separate, awesome password for every website 0:15:40.280 --> 0:15:42.320 that you're on. But but I think that that's kind 0:15:42.320 --> 0:15:44.400 of the direction that a lot of people are thinking 0:15:44.440 --> 0:15:48.000 of going as as we start moving into the future. Yeah, 0:15:48.000 --> 0:15:51.200 I'd say on the opposite end going forward, something that's 0:15:51.240 --> 0:15:54.600 going to be less convenient but more secure is two 0:15:54.600 --> 0:15:59.600 factor verification, which Gmail does have available if you enable it. 0:15:59.800 --> 0:16:04.240 And I haven't enabled online which is Facebook or something, Yes, yeah, 0:16:04.560 --> 0:16:06.680 that's exactly right. Yeah, And and in fact I haven't 0:16:06.760 --> 0:16:08.840 enabled on that too, which means every time I try 0:16:08.880 --> 0:16:11.880 to log into my Gmail or Facebook account from a 0:16:11.920 --> 0:16:14.280 different computer, I also have to make sure I have 0:16:14.360 --> 0:16:16.880 my phone with me, because two factor verification is all 0:16:16.920 --> 0:16:21.800 about sending an extra message on some other medium than 0:16:21.840 --> 0:16:23.600 what you're going through in order for you to be 0:16:23.640 --> 0:16:25.560 able to verify you are who you say you are. 0:16:25.640 --> 0:16:28.480 So if I put in my Gmail password, I try 0:16:28.520 --> 0:16:30.680 and sign into any of the other computers here at 0:16:30.680 --> 0:16:33.120 the office, and I put in my password, I know 0:16:33.200 --> 0:16:36.200 my password. Everything's cool. I hit enter. That doesn't get 0:16:36.240 --> 0:16:39.360 me into my account. What does is Gmail will send 0:16:39.400 --> 0:16:42.120 me a text message onto my phone which will have 0:16:42.120 --> 0:16:44.000 a code in it, and I have to put that 0:16:44.040 --> 0:16:47.320 code in before Gmail will allow me access to my account. 0:16:47.640 --> 0:16:49.320 So the thinking here is that you have to have 0:16:49.360 --> 0:16:52.600 two things, not just something that the person knows the password, 0:16:52.840 --> 0:16:56.920 but something that the person owns smartphone, so it's it's 0:16:56.920 --> 0:17:00.120 an idea that is supposed to increase security because the 0:17:00.200 --> 0:17:02.920 likelihood of someone having both of those things is lower 0:17:02.920 --> 0:17:05.600 than having just access to one or the other. Right, 0:17:05.640 --> 0:17:08.440 So that does address half the problem the security concerns, 0:17:08.480 --> 0:17:12.120 but it doesn't really address the convenience factor, right, And 0:17:12.280 --> 0:17:14.280 that's where Google is starting to play with a few 0:17:14.320 --> 0:17:18.120 automatic versions of two step verification. Their employees, for example, 0:17:18.240 --> 0:17:21.040 use these little USB dongles that, when when they're plugged 0:17:21.040 --> 0:17:24.560 into a computer, will authenticate the user. They've also been 0:17:24.600 --> 0:17:29.520 talking about Android phones ability to to unlock themselves when 0:17:29.560 --> 0:17:33.280 they're in the bluetooth presence of a device that belongs 0:17:33.320 --> 0:17:36.200 to the same owner, like, for example, a smart watch. Cool. 0:17:36.440 --> 0:17:39.920 So well wait a minute, so if someone stole both devices, 0:17:40.240 --> 0:17:44.280 that would suck. That would suck really hard. M However, Well, 0:17:44.320 --> 0:17:47.959 it's really the same thing with with with two step verification, 0:17:48.080 --> 0:17:51.240 Like if if someone has if someone has your address 0:17:51.359 --> 0:17:55.240 or your your your password and your phone, uh and 0:17:55.280 --> 0:17:58.439 the and your phone is unlocked, then it's you forget it. 0:17:58.520 --> 0:18:02.280 I mean it's that this sort of security measures they 0:18:02.320 --> 0:18:05.639 have to work on a baseline, uh uh, you know, 0:18:06.160 --> 0:18:13.520 belief that the physical machines are at least secure. If 0:18:13.600 --> 0:18:16.760 you have had a physical machine stolen, then there are 0:18:16.760 --> 0:18:18.679 a lot of issues here, and it's not you know, 0:18:18.760 --> 0:18:20.800 this is just for we have to make sure that 0:18:20.840 --> 0:18:23.720 the baseline is what is safe, you know, and then 0:18:23.760 --> 0:18:27.120 we can start to look into further issues, like if 0:18:27.160 --> 0:18:29.879 someone takes your phone. A lot of these phones also 0:18:30.000 --> 0:18:32.080 go into a sleep mode that have to you know, 0:18:32.119 --> 0:18:34.320 they require an access code or some other form of 0:18:34.400 --> 0:18:37.679 verification or to wake up. So that's the security measure 0:18:37.760 --> 0:18:41.479 for those devices. Yeah, it helps. It's not necessarily a 0:18:41.480 --> 0:18:46.240 perfect system. Um. As of October, though, you can totally 0:18:46.280 --> 0:18:50.040 buy a US Speaky of the sort that Google's employees use, 0:18:50.200 --> 0:18:52.399 and if you pair it up with Google Chrome on 0:18:52.480 --> 0:18:55.359 your physical computer, you can use it to log into 0:18:55.359 --> 0:18:58.200 your Google account, which which is a pretty nifty little 0:18:58.240 --> 0:19:01.120 piece of technology considering it's running for like eighteen bucks 0:19:01.119 --> 0:19:03.560 retail or something. It's not bad. So is that is 0:19:03.600 --> 0:19:07.600 that only for Google accounts though? Yes? So I wonder 0:19:07.640 --> 0:19:10.399 if something like that would ever be possible to log 0:19:10.440 --> 0:19:13.800 into all your accounts. I'm sure you could get something 0:19:13.920 --> 0:19:16.040 like that. I mean, they're like when I was talking 0:19:16.080 --> 0:19:20.400 about my web based password manager, you could probably get 0:19:20.440 --> 0:19:24.520 a physical us beat stick type thing that essentially follows 0:19:24.520 --> 0:19:27.680 the same same pattern. But then if you lose that, 0:19:27.920 --> 0:19:31.199 then you're in trouble. So it's you know, having a 0:19:31.240 --> 0:19:35.080 physical thing to lose makes it tricky, uh that you know, 0:19:35.400 --> 0:19:37.440 it's not a it's not the ideal solution because again, 0:19:37.480 --> 0:19:39.960 if you if you were to misplace it, like I know, 0:19:40.119 --> 0:19:43.000 my wife has a security dongle that she uses for work, 0:19:43.680 --> 0:19:47.280 and if that gets misplaced, then it becomes fine where 0:19:47.320 --> 0:19:53.080 the dongle went day. Okay, Well, obviously having a device 0:19:53.160 --> 0:19:56.600 on you to unlock all your digital services as convenient 0:19:56.680 --> 0:19:59.399 as long as you don't lose the device. So what 0:19:59.520 --> 0:20:04.239 about having a physical object that you can't lose, like 0:20:04.320 --> 0:20:06.800 say your eyeball or your hand. Well, I mean you 0:20:06.840 --> 0:20:10.320 can lose an eyeball, but but guys try not to write. 0:20:10.359 --> 0:20:13.680 So there's been more likely to lose a hand or 0:20:13.720 --> 0:20:17.800 an eyeball depends. If you're a pirate, it's a shot 0:20:19.680 --> 0:20:22.679 so um. But if you're an though, if you're a ninja, 0:20:22.720 --> 0:20:25.399 it's it's you know, ninja pretty much, it's all or nothing. 0:20:25.680 --> 0:20:27.320 You know, you don't see a lot of one armed 0:20:27.400 --> 0:20:30.760 ninja's running around or ninja I should say, since the 0:20:30.760 --> 0:20:32.960 plural is the same as the singular. But at any rate, 0:20:33.400 --> 0:20:36.600 we're talking about biometrics, right, and we have systems like 0:20:36.640 --> 0:20:40.440 this that are already active, right, like like iOS devices. Um, 0:20:40.520 --> 0:20:45.040 the latest iPhones have actually from the iPhone five s forward, 0:20:45.440 --> 0:20:50.080 they have a sensor that detects uh, finger presence and 0:20:50.119 --> 0:20:52.159 then they scan it to make sure that you are 0:20:52.200 --> 0:20:54.080 who you say you are, so that unlocks the phone. 0:20:54.400 --> 0:20:56.040 So if I pick up my wife's iPhone and I 0:20:56.080 --> 0:20:58.879 put my thumb on that it won't activate because it 0:20:58.960 --> 0:21:02.840 knows I'm not my wife life. Um. So these are 0:21:02.880 --> 0:21:05.119 systems that rely on something that is unique to you 0:21:05.680 --> 0:21:10.119 to act as a verification and authentication. UM. So it 0:21:10.160 --> 0:21:12.600 could be a fingerprint, it could be something a little 0:21:12.640 --> 0:21:16.080 more secure than fingerprints, because you can lift a fingerprint 0:21:16.480 --> 0:21:19.639 and you can recreate it using something like latex. But 0:21:19.720 --> 0:21:22.680 if you are scanning beneath the surface of the skin 0:21:22.760 --> 0:21:25.879 for things like the layout of blood vessels, which is 0:21:25.920 --> 0:21:29.400 the way a lot of these verification devices are working now, uh, 0:21:29.640 --> 0:21:32.720 that's a lot harder to to replicate, right if you 0:21:32.760 --> 0:21:36.399 don't have access to the person's actual figure. Of course, 0:21:36.440 --> 0:21:40.400 there must be something that's preventing this from going all 0:21:40.440 --> 0:21:43.000 over the place, right, I would imagine systems like this 0:21:43.080 --> 0:21:46.639 are kind of expensive and difficult and not worth the 0:21:46.680 --> 0:21:50.280 trouble in a lot of cases. Uh, they're definitely finicky. 0:21:50.400 --> 0:21:52.840 The technology right now is a little bit on on 0:21:52.880 --> 0:21:55.399 the delicate end and comes back with a lot of 0:21:55.440 --> 0:21:58.640 false negatives, right Yeah. Yeah, it's one of those things 0:21:58.640 --> 0:22:01.520 where you want something to just work, and this does 0:22:01.560 --> 0:22:04.959 not always just work. And also it's just it's one 0:22:04.960 --> 0:22:07.800 of those things where depending on the implementation, it may 0:22:07.840 --> 0:22:10.320 be very limiting. Like if it's something like an eye scan, 0:22:10.440 --> 0:22:12.760 then you're working with a camera that you need to 0:22:12.880 --> 0:22:14.959 stare into. Not a lot of people really find that 0:22:15.080 --> 0:22:19.040 particularly enticing. Uh. There are some other implementations that are 0:22:19.080 --> 0:22:22.960 kind of exciting that involved biometrics that aren't you know, 0:22:23.000 --> 0:22:25.159 a physical feature. I mean there's some like the shape 0:22:25.160 --> 0:22:28.440 of your ear has been referenced as a potential way 0:22:28.480 --> 0:22:31.680 of testing, you know, being a way of identifying somebody. 0:22:31.680 --> 0:22:36.280 But there are others like your heartbeat. The actual electrical 0:22:36.320 --> 0:22:39.119 impulses that your heart makes when it's beating, no matter 0:22:39.160 --> 0:22:43.119