1 00:00:05,280 --> 00:00:10,440 This is identity at the center. If it has anything to do with 2 00:00:10,520 --> 00:00:17,960 IAM, this is the go to podcast now your hosts Jim McDonald and 3 00:00:17,960 --> 00:00:23,250 Jeff Stedman. Welcome to the Identity at the 4 00:00:23,250 --> 00:00:24,970 Center podcast. I'm Jeff and that's Jim. 5 00:00:24,970 --> 00:00:25,970 Hey, Jim. Hey, Jeff. 6 00:00:25,970 --> 00:00:27,370 How are you? Not so bad yourself. 7 00:00:27,650 --> 00:00:29,090 I'm doing great. You know, it's good. 8 00:00:29,610 --> 00:00:32,490 Again, we're at the Authenticate conference and it's a really 9 00:00:32,490 --> 00:00:35,090 cool conference. I mean you know it's not one of 10 00:00:35,090 --> 00:00:39,810 the really big conferences we go to like Gardner Eidner Verse or 11 00:00:39,930 --> 00:00:42,210 some of the vendor specific conferences. 12 00:00:42,530 --> 00:00:47,930 However, like you'll see signage that say MFA is so 80s. 13 00:00:48,450 --> 00:00:51,840 And I'm like, I feel like I'm still going around to my clients 14 00:00:51,840 --> 00:00:59,160 saying make sure you have MFAI mean, I know it's old, but it's 15 00:00:59,160 --> 00:01:01,520 kind of like I'm in between, right? 16 00:01:01,520 --> 00:01:06,200 Because you better have MFA. But at the same time, it's this 17 00:01:06,320 --> 00:01:10,400 passerless phenomenon. It's kind of like making it 18 00:01:10,400 --> 00:01:12,440 passe. Well, passkeys are having its 19 00:01:12,440 --> 00:01:15,800 moment in the sun right now, but at the end of the day you still 20 00:01:15,800 --> 00:01:19,320 need to have some factor additional to. 21 00:01:19,840 --> 00:01:22,680 Just a password, right? So MFAI think is still valid. 22 00:01:23,480 --> 00:01:25,680 Lots of companies out there have spent the last couple years 23 00:01:25,680 --> 00:01:28,400 investing in even just getting MFA off the ground, especially 24 00:01:28,400 --> 00:01:31,520 with, you know, the pandemic and people working from home and 25 00:01:31,520 --> 00:01:33,320 needing to do better authentication on that, which is 26 00:01:33,320 --> 00:01:35,240 great. MFA still has a place in the 27 00:01:35,240 --> 00:01:37,720 world. It's better than not having MFA. 28 00:01:38,320 --> 00:01:42,320 But clearly the future is shifting towards passkeys and 29 00:01:42,320 --> 00:01:45,160 Fido authentication. We've seen Google, Microsoft, 30 00:01:45,160 --> 00:01:52,330 Apple. Yeah, so I don't want to poo poo 31 00:01:52,330 --> 00:01:55,490 all over the MFA thing. It definitely feels like it's, I 32 00:01:56,370 --> 00:01:58,130 don't want to say legacy, but we're approaching that. 33 00:01:58,130 --> 00:02:00,130 It's kind of like, OK, SMS, right? 34 00:02:00,130 --> 00:02:02,170 That was top of the line 10 years ago. 35 00:02:02,450 --> 00:02:04,490 SMS is the best thing you can do now. 36 00:02:04,490 --> 00:02:06,610 It's not even recommended. Is it better than nothing? 37 00:02:06,730 --> 00:02:10,530 Yes, of course. But people aren't recommending 38 00:02:10,610 --> 00:02:13,730 that you start with SMS now, They're starting with, hey, you 39 00:02:13,730 --> 00:02:15,610 should be looking at pass keys for your. 40 00:02:17,160 --> 00:02:19,960 I also think there's a difference between enterprise I 41 00:02:19,960 --> 00:02:24,600 am and customer I am. I think that's probably the 42 00:02:24,600 --> 00:02:28,600 biggest dividing line because usually customer I am is focused 43 00:02:28,600 --> 00:02:35,240 on apps and and the web, whereas employee workforces. 44 00:02:36,000 --> 00:02:41,080 I mean it can be anything from legacy green screens to VPNs and 45 00:02:41,880 --> 00:02:46,040 and as well as you know apps that are either desktop apps or 46 00:02:46,040 --> 00:02:48,640 web enabled apps of all generations so. 47 00:02:49,160 --> 00:02:51,600 Those are different. They're captive audiences, 48 00:02:51,840 --> 00:02:54,040 right. I mean your employee, your your 49 00:02:54,040 --> 00:02:57,960 employer can say this is the way you're going to do that, right? 50 00:02:58,200 --> 00:03:01,440 And you don't have generally speaking much of A choice within 51 00:03:01,440 --> 00:03:03,720 those rails consumer side of things. 52 00:03:04,440 --> 00:03:06,710 It's. How easily can I get you to 53 00:03:06,710 --> 00:03:10,350 spend money with me, right, or give me data or whatever The 54 00:03:10,350 --> 00:03:13,590 thing is right? So of course you need to have a 55 00:03:13,590 --> 00:03:19,190 minimum threshold of security, but it is much more open to, 56 00:03:19,550 --> 00:03:21,190 hey, let's look at it easier ways. 57 00:03:21,190 --> 00:03:24,230 You know, the user experience is much more predominant now. 58 00:03:24,230 --> 00:03:27,630 I think that's changing, thankfully, but I think that's 59 00:03:27,630 --> 00:03:29,430 still sort of a general thrust between the two. 60 00:03:29,670 --> 00:03:32,750 Yeah, absolutely. So I think the pesky's are a big 61 00:03:32,750 --> 00:03:34,760 topic. You know how they fit into 62 00:03:34,760 --> 00:03:39,880 authentication, especially customer I am is something that 63 00:03:40,480 --> 00:03:45,040 we ought to explore And to that to that end we have a great 64 00:03:45,040 --> 00:03:46,040 guest today. Yeah. 65 00:03:46,040 --> 00:03:48,640 When you say explore, I think of the cowbell. 66 00:03:48,640 --> 00:03:51,520 Let's explore the space. Let's explore the space of task 67 00:03:51,520 --> 00:03:53,000 keys. Want to welcome to the show 68 00:03:53,000 --> 00:03:55,360 Pedro Martinez. He's a business owner for 69 00:03:55,360 --> 00:03:57,400 Digital Banking Authentication at Tallis Group. 70 00:03:57,400 --> 00:03:59,830 Welcome to the show, Pedro. Thank you very much. 71 00:04:00,030 --> 00:04:01,990 It's a pleasure. Yeah, Thanks for taking the time 72 00:04:01,990 --> 00:04:03,910 with us. One of the things that we like 73 00:04:03,910 --> 00:04:06,350 to do when we have someone on for the first time is to really 74 00:04:06,350 --> 00:04:08,470 kind of learn their identity origin story. 75 00:04:08,990 --> 00:04:12,230 How did you get into the world of identity access management? 76 00:04:12,590 --> 00:04:16,190 Is it something that you chose or did it choose you? 77 00:04:18,350 --> 00:04:22,350 No, basically 25 years ago I went to a job interview knowing 78 00:04:22,350 --> 00:04:25,790 very exactly where I was going and I found myself working into. 79 00:04:27,100 --> 00:04:34,940 And Identity and access company which at the time was called the 80 00:04:34,940 --> 00:04:42,580 Schlumberger and and has been evolving name over time to the 81 00:04:42,580 --> 00:04:46,180 point that today without having changed companies it's talents. 82 00:04:47,900 --> 00:04:51,500 So I didn't know at the at the end but it happened to be a. 83 00:04:51,860 --> 00:04:55,160 Very. A very lucky, I would say a very 84 00:04:55,160 --> 00:04:57,960 lucky situation because it put me in the right place at the 85 00:04:57,960 --> 00:05:02,720 right time because we are talking about this was 1998 when 86 00:05:02,720 --> 00:05:06,160 I joined. And all the sudden it turns out 87 00:05:06,160 --> 00:05:08,480 that this company that I interviewed for and they finally 88 00:05:08,480 --> 00:05:12,520 hired me, their main business was to manufacture smart cards, 89 00:05:13,080 --> 00:05:18,600 smart cards for either banking, so for payment cards at the time 90 00:05:18,600 --> 00:05:21,120 that we were starting with the transition from. 91 00:05:21,890 --> 00:05:26,930 Max drive towards cars with a chip and at the same time we 92 00:05:26,930 --> 00:05:32,330 were having the the big roll out worldwide of GSM technology with 93 00:05:32,530 --> 00:05:39,210 SIM cards and so you there was a point in the where where you 94 00:05:39,250 --> 00:05:41,610 essentially would be walking down the street and you will 95 00:05:41,650 --> 00:05:43,130 heat a stone and you would have a. 96 00:05:45,150 --> 00:05:48,910 A licence for a for a mobile operator popping out, popping 97 00:05:48,910 --> 00:05:50,910 out the floor. It was there were licences 98 00:05:50,910 --> 00:05:54,310 coming out all the time in each country around Europe and later 99 00:05:54,310 --> 00:05:57,710 on it was around here. So it was, it was a boom of 100 00:05:57,710 --> 00:06:01,270 telecom and and it was, it was a happy moment to get into that 101 00:06:01,270 --> 00:06:05,110 kind of market that all the way until now changing a lot over 102 00:06:05,110 --> 00:06:08,790 the years because that was very hardware centric at the time. 103 00:06:09,230 --> 00:06:12,550 Around cars, the manufacturing, the personalization it was, it 104 00:06:12,550 --> 00:06:16,230 was not just manufacturing cars. The the main, the main value 105 00:06:16,230 --> 00:06:20,470 that we were bringing was the fact that every single SIM card 106 00:06:20,550 --> 00:06:25,550 or banking card that was leaving our factory was personalized. 107 00:06:25,550 --> 00:06:29,430 It was charged with a specific unique credentials to be 108 00:06:29,430 --> 00:06:31,630 associated. So that was what was making. 109 00:06:31,630 --> 00:06:35,350 We were making millions, but each of one was coming out as a 110 00:06:35,350 --> 00:06:38,070 different product, already personalized from the factory at 111 00:06:38,070 --> 00:06:40,890 the time. So that evolved a lot and over 112 00:06:40,890 --> 00:06:48,570 time it, it turned more towards software and and back end 113 00:06:48,570 --> 00:06:51,170 services than the actual development. 114 00:06:51,170 --> 00:06:53,850 So today it's a mix. We still do SIM cards, we do 115 00:06:54,170 --> 00:06:58,690 banking cards, but we do a lot of back end solution, server 116 00:06:58,690 --> 00:07:02,170 solution, solutions for securing digital banking, digital 117 00:07:02,170 --> 00:07:05,240 payment, tokenisation. Etcetera, etcetera. 118 00:07:05,240 --> 00:07:07,640 So that that was it was purely by chance. 119 00:07:07,640 --> 00:07:10,760 I didn't know what I was getting into and am I 25 years late? 120 00:07:11,480 --> 00:07:14,080 That's how I feel like a lot of people in the space sort of just 121 00:07:14,080 --> 00:07:18,000 ended up in it. You have a title of business 122 00:07:18,000 --> 00:07:20,320 owner, at least I introduced you as business owner for digital 123 00:07:20,320 --> 00:07:23,120 banking authentication at Tallis Group. 124 00:07:23,200 --> 00:07:26,400 I got two questions. First question is what does 125 00:07:26,400 --> 00:07:28,960 business owner for digital banking authentication mean? 126 00:07:29,400 --> 00:07:31,780 You know, what do you do? And then tell us a little bit 127 00:07:31,780 --> 00:07:34,620 about Telus Group because I think it's it's a large company 128 00:07:34,620 --> 00:07:37,820 that people who prefer maybe people aren't familiar with 129 00:07:38,380 --> 00:07:43,060 bring us up to speed on that. So well, first of all business 130 00:07:43,060 --> 00:07:46,020 owner means that my role today is not technical. 131 00:07:46,820 --> 00:07:50,220 I have a responsibility which is worldwide. 132 00:07:50,740 --> 00:07:55,900 It's not a specific to a region and I I I basically I'm 133 00:07:55,900 --> 00:07:59,860 following all the. Opportunities that we have for 134 00:07:59,860 --> 00:08:03,580 business related to these type of solutions of authentication 135 00:08:03,580 --> 00:08:07,740 for digital banking with customers and with our sales 136 00:08:07,740 --> 00:08:13,220 teams around the world. I am not frontline, not normally 137 00:08:13,220 --> 00:08:15,700 with customers. I am. 138 00:08:16,180 --> 00:08:19,860 I am obviously our sales teams. Our sales teams are. 139 00:08:20,720 --> 00:08:23,760 I am called on occasion to to help, to assist, to have 140 00:08:23,760 --> 00:08:26,160 conversations and particularly with the topic of passkey that 141 00:08:26,160 --> 00:08:30,840 I've been exposed a lot over the last 1618 months. 142 00:08:31,240 --> 00:08:34,080 We have been very proactive in going and talking with customers 143 00:08:34,080 --> 00:08:37,840 and I have been and we wanted to gather as well a lot of feedback 144 00:08:37,840 --> 00:08:41,159 we were sharing with them what we knew and they were they were 145 00:08:41,159 --> 00:08:43,720 coming back. So business owner means that I 146 00:08:43,720 --> 00:08:48,360 follow the business not not at a deep technical, just following 147 00:08:48,360 --> 00:08:49,960 the opportunities and helping our. 148 00:08:50,500 --> 00:08:55,060 Our regional teams to to sell, to sell our stuff, yeah. 149 00:08:55,060 --> 00:08:56,900 And Telus Group is a French company. 150 00:08:56,900 --> 00:09:00,100 I didn't know much about Schlumberger, but I just 151 00:09:00,700 --> 00:09:03,700 pronunciation leads me to believe that was a French 152 00:09:03,700 --> 00:09:07,380 company. Well, nothing to do because they 153 00:09:07,380 --> 00:09:09,140 were completely different companies. 154 00:09:09,380 --> 00:09:12,540 I'll I'll just to as you as you mentioned Schlumberger, 155 00:09:12,540 --> 00:09:15,340 Schlumberger, I don't know if I'm pronouncing it well, I don't 156 00:09:15,340 --> 00:09:18,820 know if I but. The origin of that company is 157 00:09:18,820 --> 00:09:22,700 American, it was a couple of and the name of Lamborghinis 158 00:09:22,700 --> 00:09:28,780 probably is probably I think that it was to German or German 159 00:09:28,780 --> 00:09:33,220 origin brothers that the family name and it's a it's an American 160 00:09:33,220 --> 00:09:36,220 company Oilfield services as the main business. 161 00:09:36,220 --> 00:09:40,140 But they had a division that was working on something completely 162 00:09:40,140 --> 00:09:42,140 different and it was the business that I was talking 163 00:09:42,140 --> 00:09:45,420 about. Smart cars, smart cars, 164 00:09:45,420 --> 00:09:47,790 technology now. And that's what that's what I 165 00:09:47,790 --> 00:09:53,030 joined over time. There was a point where we, we 166 00:09:53,030 --> 00:09:55,710 went through an IPO and we became an independent company. 167 00:09:56,950 --> 00:10:01,270 Just this division, there's so, so much it continues to to work 168 00:10:01,270 --> 00:10:04,070 and do a lot of great business around all field services, 169 00:10:04,070 --> 00:10:06,550 engineering, services, very, very impressive. 170 00:10:07,650 --> 00:10:09,970 And we became an independent company under the name of 171 00:10:09,970 --> 00:10:12,570 Axalto. Then we merged with our first 172 00:10:12,810 --> 00:10:17,210 competitor which was, I'm talking about my my Origin that 173 00:10:17,970 --> 00:10:19,610 we merged with our main competitor. 174 00:10:19,610 --> 00:10:24,570 We became Gemalto at the time as a result of that and and we were 175 00:10:24,570 --> 00:10:28,650 the number one provider for, for all these kind of of products. 176 00:10:28,770 --> 00:10:32,570 So now Talas. And now Talas acquired us about 177 00:10:32,970 --> 00:10:36,300 five years ago. And Talius is a big is a big big 178 00:10:36,300 --> 00:10:41,140 company French multinational with working with divisions 179 00:10:41,140 --> 00:10:48,740 around aerospace, around defence and also around civil services. 180 00:10:48,740 --> 00:10:53,500 And we have joined as a as a as a division within Talius around 181 00:10:53,500 --> 00:10:57,980 cybersecurity. Our the name of our division is 182 00:10:59,660 --> 00:11:03,700 is is DIS Digital Identity and Security. 183 00:11:04,380 --> 00:11:10,380 And yeah, we we we bring that that aspect of for for security 184 00:11:10,380 --> 00:11:13,460 always with the aspect of security but very centre on on 185 00:11:13,460 --> 00:11:16,900 the digital life And so for those who are not very familiar 186 00:11:16,900 --> 00:11:20,500 are is supposed to be the work that you do in Europe. 187 00:11:21,900 --> 00:11:24,460 I'm sorry, are most of your customers in Europe? 188 00:11:24,460 --> 00:11:26,380 No, no, no, no. We we are. 189 00:11:27,180 --> 00:11:32,660 I mean, I if I talk, I. I'm going to talk about the DIS, 190 00:11:32,660 --> 00:11:34,460 the digital identity and security. 191 00:11:34,460 --> 00:11:37,580 We are a very multinational, very multinational company. 192 00:11:37,580 --> 00:11:40,900 Even the part that related to Gemalto, remember that we were, 193 00:11:42,140 --> 00:11:45,500 we were, we were working with banks and with telcos and with 194 00:11:45,500 --> 00:11:48,940 governments, because I talk about banking cards and SIM 195 00:11:48,940 --> 00:11:53,180 cards, but we also were were providing electronic passports 196 00:11:53,180 --> 00:11:57,740 and electronic IDs, for example, as well as equipment for reading 197 00:11:57,740 --> 00:12:02,060 them. To to governments, to telcos, to 198 00:12:02,060 --> 00:12:04,940 banks. All around the world, All around 199 00:12:04,940 --> 00:12:05,620 the world. We are. 200 00:12:05,620 --> 00:12:11,420 So you're working with like some really large clients and this 201 00:12:11,420 --> 00:12:15,540 idea of passwordless. I mean we've relied on the 202 00:12:15,540 --> 00:12:18,300 password for so long and I've heard you make the statement 203 00:12:18,780 --> 00:12:21,300 passkeys will replace the password. 204 00:12:21,700 --> 00:12:25,260 I'm wondering why you say that and what kind of reaction you 205 00:12:25,260 --> 00:12:29,790 get when you say that to these big organisations that you work 206 00:12:29,790 --> 00:12:33,110 with. So that's that's that's actually 207 00:12:33,550 --> 00:12:35,190 it. It it all started well, it all 208 00:12:35,230 --> 00:12:38,950 started last year. We have been working, we have 209 00:12:38,950 --> 00:12:43,470 been members of the Fido alliance since very early on. 210 00:12:43,830 --> 00:12:47,070 We are board members and we have been participating actively 211 00:12:47,430 --> 00:12:51,590 leading leading WAR groups. We have contributing to it and 212 00:12:51,590 --> 00:12:54,150 we have been building products and certifying our own products 213 00:12:54,150 --> 00:12:57,510 as as Fido products. But it is a technology that we. 214 00:12:57,920 --> 00:13:00,000 Always consider that he had promise and we were following 215 00:13:00,000 --> 00:13:01,200 and we were coming with products. 216 00:13:01,200 --> 00:13:09,120 But it was last year in May when Apple, Google and Microsoft did 217 00:13:09,120 --> 00:13:12,520 something that to my knowledge, because I haven't been able to 218 00:13:12,520 --> 00:13:17,600 find any president of that, did something unique, which was to 219 00:13:17,600 --> 00:13:19,960 issue a joint PR. The three of them. 220 00:13:21,240 --> 00:13:25,320 That was the moment where we said, OK, this is even bigger 221 00:13:25,320 --> 00:13:29,030 than. We thought it would be, it was 222 00:13:29,910 --> 00:13:32,030 we, we we really saw that this was going. 223 00:13:32,030 --> 00:13:35,750 We knew that everybody had been working and had been doing all 224 00:13:35,750 --> 00:13:38,950 the plumbing that would be necessary for this technology to 225 00:13:38,950 --> 00:13:41,750 succeed. But sometimes that's not enough. 226 00:13:41,750 --> 00:13:43,710 No. But when we saw that level of 227 00:13:43,710 --> 00:13:46,830 commitment and that level of commitment from the three of 228 00:13:46,830 --> 00:13:49,430 them, we said OK, well, so here there is something big that is 229 00:13:49,430 --> 00:13:52,670 going is, is, is really going to happen and we decided that we 230 00:13:52,670 --> 00:13:56,530 needed to. Start to evangelise a little bit 231 00:13:56,690 --> 00:14:00,210 to take the opportunity. It was, it was, it was not the 232 00:14:00,210 --> 00:14:04,930 time yet to take an action from from customers last year. 233 00:14:05,730 --> 00:14:10,490 But it was an opportunity for us to go see our own customers and 234 00:14:11,090 --> 00:14:15,490 and share information with them that we believe they would find 235 00:14:15,490 --> 00:14:18,570 valuable because what we were convinced is that they weren't, 236 00:14:18,650 --> 00:14:20,290 they didn't know what was coming. 237 00:14:20,730 --> 00:14:22,730 So even if there was this announcement. 238 00:14:25,440 --> 00:14:29,200 People was not processing visa. What is irrational at the time 239 00:14:29,200 --> 00:14:31,720 you read? Sorry, it sounded irrational 240 00:14:31,760 --> 00:14:35,040 because you if you haven't had time to observe the idea. 241 00:14:35,560 --> 00:14:38,680 Yeah, or or or you just don't, you know, I mean, we have been 242 00:14:38,680 --> 00:14:42,320 depending on passwords for as long as there is Internet. 243 00:14:43,520 --> 00:14:46,040 It has come to a point and nobody likes them. 244 00:14:46,620 --> 00:14:50,180 Nobody, Neither the service providers nor the end users. 245 00:14:50,180 --> 00:14:54,980 Nobody likes to use passwords. And yet we have come to accept 246 00:14:55,060 --> 00:14:58,020 that it is what it is. It's always been like this. 247 00:14:58,420 --> 00:15:01,740 It gets to a point, except everybody that is working here 248 00:15:01,740 --> 00:15:03,900 on a solution. Everybody that is out of this 249 00:15:03,900 --> 00:15:06,270 bubble. It has come to a point that they 250 00:15:06,270 --> 00:15:09,950 just accept that they have to manage 50 or 60 or 7 different 251 00:15:09,950 --> 00:15:12,070 passwords, that every time that they are going to a login that 252 00:15:12,070 --> 00:15:15,390 they have not visited in three or four months there a standard 253 00:15:15,390 --> 00:15:18,910 login user experience is going to be going through the password 254 00:15:18,910 --> 00:15:21,590 recovery mechanism. We have come to accept all that 255 00:15:21,590 --> 00:15:26,590 as as just the way things are, no and and even even our 256 00:15:26,590 --> 00:15:29,670 interfaces in companies. Anyway, we we thought that we 257 00:15:29,670 --> 00:15:32,750 needed to go on, we needed to to share information and to see the 258 00:15:32,750 --> 00:15:37,150 reaction as well. And and we started to go out and 259 00:15:37,190 --> 00:15:41,750 we started to plan our most beloved customers and and and to 260 00:15:41,750 --> 00:15:43,950 see them. And when we started to do these 261 00:15:43,950 --> 00:15:48,270 meetings indeed we we said we want to grab their attention and 262 00:15:48,270 --> 00:15:55,310 we are going to start by by by by poking a little bit and and I 263 00:15:55,310 --> 00:15:59,110 will start with a slide that was saying flat out and this is 264 00:15:59,110 --> 00:16:00,870 going at customers that I don't normally see. 265 00:16:00,870 --> 00:16:03,110 It's not like they know me. I mean, they they just see. 266 00:16:03,970 --> 00:16:07,370 A weird guy that is coming with her with her with her the the 267 00:16:07,370 --> 00:16:10,810 typical contact which is the salesperson for that account or 268 00:16:10,810 --> 00:16:15,130 or anyway and and and and along comes these these weird guy you 269 00:16:15,130 --> 00:16:18,290 know and and he sits in the room and and he comes out and comes 270 00:16:18,290 --> 00:16:23,690 out with a slide and start by saying passkeys are going to 271 00:16:23,690 --> 00:16:26,290 kill password. It is inevitable, and it's going 272 00:16:26,290 --> 00:16:30,910 to happen fast. And the reaction was as 273 00:16:30,910 --> 00:16:32,550 expected. You could, you could see it. 274 00:16:32,550 --> 00:16:35,510 I mean you would be in the room and maybe there were 5-6 people 275 00:16:35,510 --> 00:16:38,910 depending on on the gathering and the customer and all the 276 00:16:38,910 --> 00:16:42,830 sudden you would see a one guy typically security architect or 277 00:16:42,830 --> 00:16:45,830 so that would lean back on the chair and cross there and cross 278 00:16:45,830 --> 00:16:46,750 there. They didn't have to. 279 00:16:48,070 --> 00:16:49,430 Say anything. It was the body language. 280 00:16:49,790 --> 00:16:51,350 Yeah, yeah. They didn't say anything. 281 00:16:51,350 --> 00:16:54,910 No, but. But that was somehow intended. 282 00:16:54,910 --> 00:16:57,920 It's a way to be you. It was creating a little bit of 283 00:16:57,920 --> 00:17:00,960 attention and then and then from there you you want. 284 00:17:01,360 --> 00:17:04,880 I wanted them no to to challenge that that statement. 285 00:17:05,359 --> 00:17:09,079 But when you go through it, the question was, OK, I understand 286 00:17:09,079 --> 00:17:11,280 you who you don't believe. Why would you believe it? 287 00:17:11,280 --> 00:17:13,920 I mean you have always seen these and it has never, it has 288 00:17:13,920 --> 00:17:16,240 never happened. When you go through that and you 289 00:17:16,240 --> 00:17:20,480 start to explain them that, well then I was explaining why are 290 00:17:20,480 --> 00:17:23,040 they why it is inevitable that this is going to happen. 291 00:17:23,079 --> 00:17:26,160 And then I was starting with the lamest argument possible. 292 00:17:26,460 --> 00:17:30,740 Which was to tell them because they are great and they were 293 00:17:30,740 --> 00:17:33,100 kind of kind of laughing well, but they are great. 294 00:17:33,100 --> 00:17:34,980 Let's see. They are really great because 295 00:17:34,980 --> 00:17:38,740 they are clearly providing, compared to passwords, they are 296 00:17:38,740 --> 00:17:42,060 clearly providing a much better user experience. 297 00:17:42,420 --> 00:17:45,140 And you could expect rolling their eyes, yeah, the better 298 00:17:45,140 --> 00:17:49,140 user experience, OK. They provide a much better 299 00:17:49,140 --> 00:17:52,100 security and you can get into actions and you can start to 300 00:17:52,100 --> 00:17:55,180 talk there about they cannot be fished. 301 00:17:55,880 --> 00:17:59,640 They cannot be subject to a massive data leaks that begins 302 00:17:59,640 --> 00:18:02,640 to touch ground because they have seen them. 303 00:18:03,040 --> 00:18:06,320 Either they have suffered them themselves or they have seen 304 00:18:06,680 --> 00:18:10,600 nearby bombs dropping to them. And then you can tell them I 305 00:18:10,600 --> 00:18:13,960 need and and as a third argument of why they are great because 306 00:18:13,960 --> 00:18:17,280 they can reduce your cost very significantly. 307 00:18:17,720 --> 00:18:21,600 The cost of the password research represent one of the 308 00:18:21,600 --> 00:18:24,040 biggest 'cause that you have related to customer care, so 309 00:18:24,040 --> 00:18:27,460 that is quantifiable. OK, they are great, but that is 310 00:18:27,460 --> 00:18:30,140 not enough. What is the second big reason 311 00:18:30,140 --> 00:18:35,460 why it's inevitable is because and that's where where you you 312 00:18:35,460 --> 00:18:38,420 come out with APR and you say look at the level of 313 00:18:38,420 --> 00:18:41,980 commitments. This is something unprecedented, 314 00:18:41,980 --> 00:18:47,780 these guys, Microsoft, Google, Apple and the industry behind 315 00:18:47,780 --> 00:18:50,740 them, because the Fido alliance with everything that comes 316 00:18:50,740 --> 00:18:53,900 behind these guys have declared publicly. 317 00:18:54,340 --> 00:18:56,820 That they are committed to end with passwords. 318 00:18:57,140 --> 00:19:01,420 This begins to be this begins to be something you've got to think 319 00:19:02,260 --> 00:19:08,300 if all of your Apple, Microsoft, Google, Amazon services start 320 00:19:08,300 --> 00:19:10,900 using passkeys. It becomes ubiquitous. 321 00:19:10,900 --> 00:19:14,860 Everybody gets used to doing it. Who's listening to this podcast? 322 00:19:14,860 --> 00:19:18,620 Who isn't used to doing MFA? Because at one point in time, 323 00:19:18,620 --> 00:19:22,120 that was almost unheard of. They're going to send me a 324 00:19:22,120 --> 00:19:25,120 message to my phone and I've got to enter that. 325 00:19:25,560 --> 00:19:29,680 You know, it was, it was new. Well, now everybody gets it. 326 00:19:29,920 --> 00:19:33,240 You see that pop up? Check your phone for message or 327 00:19:33,240 --> 00:19:34,880 for a one time password, etcetera. 328 00:19:35,720 --> 00:19:38,760 The same thing's going to happen with passkeys, right? 329 00:19:39,870 --> 00:19:42,390 Yeah we are going to get used because we are going to see it. 330 00:19:42,390 --> 00:19:45,750 But but there are two two aspects and this sometimes is it 331 00:19:45,790 --> 00:19:48,910 it gets especially talking and that's what a different you you 332 00:19:48,910 --> 00:19:52,910 said Microsoft, Google, Apple and Amazon. 333 00:19:53,310 --> 00:19:57,510 Obviously they are big must as as service providers but we have 334 00:19:57,510 --> 00:19:59,550 to make the difference with Microsoft, Google and Apple 335 00:19:59,550 --> 00:20:02,150 because the other reason that brings to say that this is 336 00:20:02,150 --> 00:20:08,630 inevitable is that day three they hold the platforms for all 337 00:20:08,630 --> 00:20:11,900 the. End user communication devices, 338 00:20:11,900 --> 00:20:17,060 whether they are computers, tablets or or or phones that we 339 00:20:17,060 --> 00:20:21,060 all use, you have there practically 100% of the market. 340 00:20:21,300 --> 00:20:25,620 And if they three are telling we are going to make this happen we 341 00:20:25,620 --> 00:20:28,180 are going to do everything that is necessary at the level of our 342 00:20:28,180 --> 00:20:32,140 devices and at the level of the operating systems for this to be 343 00:20:32,140 --> 00:20:34,580 enabled. That is a big thing and indeed 344 00:20:34,580 --> 00:20:37,100 they did the announcement that announcement that told us wait 345 00:20:37,100 --> 00:20:40,980 this is going to happen and over the next that was the 5th of May 346 00:20:40,980 --> 00:20:47,700 actually that's password they of 2022 and over the 5-6 months 347 00:20:47,700 --> 00:20:51,980 that followed they they they were true to their to their 348 00:20:51,980 --> 00:20:58,580 commitment because by the end of 2022 you had you had you had 349 00:20:58,580 --> 00:21:04,070 Windows, you had you had Android, you had iOS you had Mac 350 00:21:04,350 --> 00:21:08,910 OS equipped for passkeys natively. 351 00:21:09,550 --> 00:21:12,190 Yeah, all along. So you're drawing the 352 00:21:12,190 --> 00:21:15,790 distinction on Google, Microsoft, because they have the 353 00:21:15,830 --> 00:21:19,670 devices. Next level down might be Amazon, 354 00:21:19,790 --> 00:21:25,830 eBay, TikTok, you know, does anybody not think this is going 355 00:21:25,830 --> 00:21:29,310 to happen? Is anybody thinking this is not 356 00:21:29,310 --> 00:21:32,090 going to happen? Well, it depends. 357 00:21:32,090 --> 00:21:37,410 I mean if you, if you think well, OK, so so there is, there 358 00:21:37,410 --> 00:21:42,410 is, there is, there is banks, there is certain industries and 359 00:21:42,410 --> 00:21:46,050 in particular the banking industry that because that was 360 00:21:46,050 --> 00:21:48,890 the second part of the conversation that we were having 361 00:21:48,890 --> 00:21:52,450 at that table with those with those customers, no, even with, 362 00:21:52,690 --> 00:21:55,690 with with the person that was leaning back on the table. 363 00:21:56,130 --> 00:21:58,090 The first part of the conversation was to tell them 364 00:21:58,090 --> 00:22:00,930 this is going to happen, this technology is going to thrive. 365 00:22:01,440 --> 00:22:06,000 The second part of the conversation was, well, is this 366 00:22:06,000 --> 00:22:08,720 fitting well for financial institutions? 367 00:22:08,800 --> 00:22:11,800 And there things were getting complicated. 368 00:22:11,800 --> 00:22:15,280 And in part, besides sharing information with them, we also 369 00:22:15,280 --> 00:22:17,680 wanted to get their feedback to see how they see it, because at 370 00:22:17,680 --> 00:22:20,720 the beginning there was quite some, quite some, quite some 371 00:22:20,720 --> 00:22:22,280 doubts. Why is that? 372 00:22:22,600 --> 00:22:25,960 At the same time that Google, Apple and Microsoft said we are 373 00:22:25,960 --> 00:22:29,160 going to we are going to enable this technology and make it 374 00:22:29,160 --> 00:22:34,540 natively, they also came out with a notion of synchronisation 375 00:22:34,740 --> 00:22:37,860 of of pass keys. All the work that had been done 376 00:22:37,860 --> 00:22:42,980 at the Fido Alliance to build the pass keys was always under 377 00:22:42,980 --> 00:22:47,820 the consideration that a passkey was bound to a device. 378 00:22:48,020 --> 00:22:51,140 Passkey is created on one device, you create that 379 00:22:51,140 --> 00:22:55,980 credential and that credential. Once it is created it it creates 380 00:22:55,980 --> 00:23:00,780 a unique link between a service provider, a user and and then a 381 00:23:00,780 --> 00:23:06,540 specific device and so it becomes a possession factor, a 382 00:23:06,540 --> 00:23:09,580 possession factor for a multi factor authentication. 383 00:23:12,220 --> 00:23:15,180 However, the moment that you enable synchronisation, which is 384 00:23:15,180 --> 00:23:20,340 great from for for more than one reason for one side because it 385 00:23:20,340 --> 00:23:23,060 simplifies the user experience, you don't need to create a 386 00:23:23,060 --> 00:23:25,340 passkey for every single device that you have. 387 00:23:26,920 --> 00:23:30,480 You can just create one passkey on one device. 388 00:23:30,480 --> 00:23:35,160 And if you have multiple devices on the same my myself, I I use 389 00:23:35,400 --> 00:23:37,960 Apple devices. I've got to say, I have a Mac, I 390 00:23:37,960 --> 00:23:40,440 have a tablet, I have a. Fanboy. 391 00:23:41,200 --> 00:23:42,800 You're a fanboy. Well done. 392 00:23:42,800 --> 00:23:43,920 Hey, it. Works and they're good. 393 00:23:43,920 --> 00:23:46,560 Device I like we all, we all, we all have our. 394 00:23:46,560 --> 00:23:48,080 He said he stares at his back book. 395 00:23:49,480 --> 00:23:52,990 Anyway, The the The thing is that it's great. 396 00:23:52,990 --> 00:23:55,510 I mean that's synchronisation, it simplifies life and it also 397 00:23:55,510 --> 00:23:58,830 solves an an everlasting issue related to a strong 398 00:23:58,830 --> 00:24:01,990 authentication which is the which is account recovery. 399 00:24:01,990 --> 00:24:05,990 You know if you lose your device then you need to again verify 400 00:24:05,990 --> 00:24:09,070 your identity in order to create on a new device etcetera 401 00:24:09,070 --> 00:24:10,670 etcetera. Having this backup, this is 402 00:24:10,670 --> 00:24:18,430 fantastic, but you have lost the notion of device binding that 403 00:24:18,430 --> 00:24:22,590 when you create a passkey. I create it on one device on my 404 00:24:22,590 --> 00:24:26,990 iPhone, but all the sudden that I that passkey is going to flow 405 00:24:27,390 --> 00:24:32,230 through iCloud and end up available on my iPad and on my 406 00:24:32,230 --> 00:24:36,670 MacBook. Well, it's difficult to claim 407 00:24:36,670 --> 00:24:40,790 that that that is a a possession of it's proving it's it's it the 408 00:24:40,790 --> 00:24:43,270 possession factor. It's proving possession of what? 409 00:24:43,950 --> 00:24:46,850 At most, it's proving possession or control. 410 00:24:46,850 --> 00:24:50,250 It's really that I have control of my iCloud account, but not of 411 00:24:50,490 --> 00:24:53,370 which. Goes back to password which goes 412 00:24:53,370 --> 00:24:56,690 back to password. So, so in in that was something 413 00:24:56,690 --> 00:24:59,770 and as we started discussing with with our banks we're 414 00:24:59,770 --> 00:25:01,730 telling this is going to come, this is something that is 415 00:25:01,730 --> 00:25:05,010 arriving but but what is, what is going to be your position of 416 00:25:05,010 --> 00:25:05,970 that? We're talking about the 417 00:25:05,970 --> 00:25:08,810 second-half of 2022. We're having these conversations 418 00:25:08,810 --> 00:25:11,910 and some were surprised and were saying no, no, this doesn't 419 00:25:11,910 --> 00:25:15,070 happen some and we were trying to form our own opinion and 420 00:25:15,070 --> 00:25:18,110 there were discussings into the Fido alliance as well. 421 00:25:18,110 --> 00:25:26,030 No, in the end, in the end we scratched our head a little bit 422 00:25:26,030 --> 00:25:29,470 for a while. But over time as we had more and 423 00:25:29,470 --> 00:25:32,670 more interviews and we mature our own position it it is not 424 00:25:32,670 --> 00:25:36,110 that that complicated as that at least in our in our view. 425 00:25:38,230 --> 00:25:47,840 We think because there is there is any bank that today is using 426 00:25:48,280 --> 00:25:52,800 passwords even if it's partially because they require something 427 00:25:52,800 --> 00:25:56,160 more than passwords to meet regulation. 428 00:25:56,720 --> 00:26:01,760 But if they are using passwords as part of their authentication 429 00:26:01,760 --> 00:26:08,530 policy, there is in our view, there is absolutely no doubt 430 00:26:08,530 --> 00:26:12,930 that they should jump at the possibility of replacing those 431 00:26:12,930 --> 00:26:18,250 passwords for sync passkies, for the passkies, even if they are 432 00:26:18,250 --> 00:26:20,090 synced. Sometimes when we were having 433 00:26:20,090 --> 00:26:26,250 this conversation, a customer would say no, no, but but no. 434 00:26:26,250 --> 00:26:30,450 I mean this is how, how are we going to accept that the 435 00:26:30,450 --> 00:26:32,930 credential, because the credential is ours, is between 436 00:26:32,930 --> 00:26:37,210 me, the bank and my customer. How am I going to accept that 437 00:26:37,290 --> 00:26:41,330 this credential that is mine now it's going to go on flow to an 438 00:26:41,330 --> 00:26:44,570 iCloud or to a Google password manager and they would have to 439 00:26:44,570 --> 00:26:47,130 tell them And how is this different to what happens today 440 00:26:47,130 --> 00:26:50,250 already with passwords you have no control and that is already 441 00:26:50,250 --> 00:26:54,900 happening because because today when a user is going to a 442 00:26:54,900 --> 00:26:58,020 website on any of these if I go to my iPhone and I'm trying to 443 00:26:58,020 --> 00:27:04,620 log in into into a certain account, I can I can choose to 444 00:27:04,620 --> 00:27:08,170 to to save it into my kitchen. So that is already happening 445 00:27:08,170 --> 00:27:10,970 with your credentials today. So you cannot consider that 446 00:27:10,970 --> 00:27:13,890 there is a loss because that's already happening to you. 447 00:27:14,570 --> 00:27:18,930 So don't don't look at it, don't compare pass keys with your 448 00:27:19,170 --> 00:27:23,210 strong authentication solution. But are you using passwords as 449 00:27:23,210 --> 00:27:27,170 part of your of your authentication policy at all? 450 00:27:27,570 --> 00:27:33,330 If so, it's a no brainer. Replace as fast as you can those 451 00:27:33,330 --> 00:27:38,350 passwords for pass keys and if you have a solution for a strong 452 00:27:38,350 --> 00:27:42,150 authenticating OTP or whatever, whatever the solution it is that 453 00:27:42,270 --> 00:27:45,790 you to meet compliance combined with those passkeys. 454 00:27:46,150 --> 00:27:49,830 OK, it continues to work. You don't need to make any any 455 00:27:49,830 --> 00:27:52,670 effort with that. You can do low assurance 456 00:27:52,670 --> 00:27:55,470 authentication if you want through passkeys instead of 457 00:27:55,470 --> 00:27:57,670 passwords. And then when you need to step 458 00:27:57,670 --> 00:28:01,980 up because you want to sign a transaction, you want to make a 459 00:28:01,980 --> 00:28:07,860 payment and and you need to do a higher authentication, apply 460 00:28:07,900 --> 00:28:11,460 whatever you have as as as already as a stronger think 461 00:28:11,460 --> 00:28:13,300 litigation mechanism and that works. 462 00:28:13,660 --> 00:28:16,820 And over time what can happen that's going to be very easy to 463 00:28:16,820 --> 00:28:22,340 implement because you just need to connect a back end and to do 464 00:28:22,340 --> 00:28:25,500 a very minor standard modification into your web 465 00:28:25,500 --> 00:28:30,110 services. No, just implement web often so 466 00:28:30,110 --> 00:28:31,670 that you can be calling on passkis. 467 00:28:31,830 --> 00:28:36,070 You don't need to do anything on the client side because the the 468 00:28:36,070 --> 00:28:38,950 OS of the devices of the end users are already are are 469 00:28:38,990 --> 00:28:42,030 already taking their. So it's super easy to add 470 00:28:42,550 --> 00:28:45,790 passkey support to your web services and all the sudden you 471 00:28:45,790 --> 00:28:49,990 will see how customers start doing less passwords and more 472 00:28:49,990 --> 00:28:52,590 passkis and the more passkis they do and less passwords 473 00:28:52,790 --> 00:28:55,910 that's risk that you are removing, risk of phishing that 474 00:28:55,910 --> 00:28:58,870 you are removing. It's it's it's only benefits 475 00:28:58,870 --> 00:29:00,270 that you have from the on that side. 476 00:29:00,630 --> 00:29:04,750 And if you do just that you are doing yourself a favour later on 477 00:29:05,150 --> 00:29:09,190 you can consider, well, I mean right now I'm having an 478 00:29:09,190 --> 00:29:11,870 infrastructure for authentication of passkis based 479 00:29:11,870 --> 00:29:16,790 on Fido and then I have another infrastructure in place for 480 00:29:16,790 --> 00:29:18,670 legacy. Legacy for a strong 481 00:29:18,670 --> 00:29:21,950 authentication. You can say, well actually I 482 00:29:21,950 --> 00:29:25,580 don't need 2 infrastructures because I can use the fighter 483 00:29:25,580 --> 00:29:32,660 infrastructure as well to do to do authentication. 484 00:29:32,660 --> 00:29:37,740 That is 2 factor and that is acceptable from a compliance to 485 00:29:37,740 --> 00:29:40,540 regulation standpoint. How can you do that using the 486 00:29:40,540 --> 00:29:43,300 same back end, the same fighter back end that you have for basic 487 00:29:43,300 --> 00:29:45,740 passkeys? Now you can reuse it if you 488 00:29:45,740 --> 00:29:47,820 want. If you want to to remove the 489 00:29:47,820 --> 00:29:52,740 old, the old infrastructure that you have for OTP, how well 490 00:29:53,730 --> 00:29:57,170 ensuring that pass keys don't don't synchronise. 491 00:29:57,290 --> 00:30:04,130 Now you were saying before that end users you you can't control 492 00:30:04,130 --> 00:30:06,530 them in a in AB to C environment, you cannot control 493 00:30:06,530 --> 00:30:08,370 them, you don't know which platforms they are using. 494 00:30:08,370 --> 00:30:12,770 So as far as there is one platform that is applying 495 00:30:12,770 --> 00:30:17,820 systematically synchronisation, well, those those you cannot. 496 00:30:17,820 --> 00:30:20,060 Consider that you have a solution that fulfils all your 497 00:30:20,060 --> 00:30:24,180 users like that. So you cannot count on the pass 498 00:30:24,180 --> 00:30:27,140 keys that are managed by the platforms as your solution for 499 00:30:27,140 --> 00:30:31,460 authentication. But you can implement Fido, you 500 00:30:31,460 --> 00:30:35,180 can implement Fido and you can manage pass keys through other 501 00:30:35,180 --> 00:30:38,100 means, for example through an SDK. 502 00:30:38,830 --> 00:30:42,470 You can integrate A Fider functionality on your mobile app 503 00:30:42,550 --> 00:30:44,470 as they do today in in many cases. 504 00:30:44,470 --> 00:30:50,430 So the bank can use their own mobile app to they can add the 505 00:30:50,870 --> 00:30:53,510 fider functionality into the mobile apps. 506 00:30:54,030 --> 00:30:59,910 How important is that control for an organization to own that 507 00:30:59,910 --> 00:31:03,630 portion of the authentication? So we talked about the platforms 508 00:31:03,630 --> 00:31:06,550 owning quite a bit of it right now, Google, Microsoft, Apple, 509 00:31:06,550 --> 00:31:09,990 but you just mentioned. A financial institution for 510 00:31:09,990 --> 00:31:13,150 example wanting to incorporate the authentication into their 511 00:31:13,350 --> 00:31:17,590 app in your in your dealings with that industry. 512 00:31:17,590 --> 00:31:20,230 How important is that control where they want to have that it 513 00:31:20,230 --> 00:31:23,110 is, it is. It is very important, I think 514 00:31:23,110 --> 00:31:25,550 that they don't. They suddenly they don't want to 515 00:31:25,550 --> 00:31:30,430 relinquish financial institutions in general of at 516 00:31:30,430 --> 00:31:33,310 least of a of a medium sized to large size. 517 00:31:33,750 --> 00:31:38,630 They they say these are my customers when it comes to their 518 00:31:38,630 --> 00:31:40,510 to their service. These are my customers. 519 00:31:40,510 --> 00:31:42,870 These are my credentials. This is a direct relationship 520 00:31:42,870 --> 00:31:46,150 between between us. I have to be the master of of 521 00:31:46,150 --> 00:31:48,430 that relationship and they. Want to only in full 522 00:31:48,430 --> 00:31:52,070 authentication experience as much as they can anyway. 523 00:31:52,310 --> 00:31:55,990 Yes, there are, I mean there are, there are in in most cases 524 00:31:55,990 --> 00:31:58,030 that's the case. There are some regional cases, 525 00:31:58,030 --> 00:32:00,150 there are some initiatives and we have some some very 526 00:32:00,150 --> 00:32:03,630 interesting presentations that are there are some, some small 527 00:32:03,630 --> 00:32:05,350 polls. For example in the Nordics, in 528 00:32:05,350 --> 00:32:08,150 Northern Europe, there has been an initiative actually where 529 00:32:08,430 --> 00:32:12,030 banks came together. There is a consortium of 530 00:32:12,150 --> 00:32:15,150 entities that came together and created an entity to manage 531 00:32:15,150 --> 00:32:17,390 identities which is which is called Bank ID. 532 00:32:17,390 --> 00:32:22,790 The same concern that banks had with identity of the service, 533 00:32:23,310 --> 00:32:27,390 you know, 10-15 years ago was like, oh, I can't put my 534 00:32:27,390 --> 00:32:32,320 credentials up in the cloud. I need to have them on Prem and 535 00:32:32,320 --> 00:32:35,960 control them. You know, the thing that I think 536 00:32:35,960 --> 00:32:39,440 where you're getting with the argument of passkeys versus 537 00:32:39,440 --> 00:32:45,960 passwords is people can use their iCloud to sync their 538 00:32:46,440 --> 00:32:49,280 keychain, which is basically just the password. 539 00:32:49,600 --> 00:32:54,960 But your password could also end up in some kind of password file 540 00:32:54,960 --> 00:32:59,440 out on the the dark web, and it can be used by anybody but the. 541 00:33:00,230 --> 00:33:05,990 The passkey can't because it's cryptographically signed and 542 00:33:06,270 --> 00:33:09,270 it's not something that could end up in some kind of dark web 543 00:33:09,630 --> 00:33:12,750 dump pass keys. So that is a risk that you 544 00:33:12,750 --> 00:33:14,670 completely remove from the table. 545 00:33:14,750 --> 00:33:20,820 Because pass keys are based on a symmetric cryptography, the fact 546 00:33:20,820 --> 00:33:23,380 that they are based on a asymmetric cryptography. 547 00:33:23,380 --> 00:33:26,940 What it means is that what you are going to be storing on the 548 00:33:26,940 --> 00:33:29,540 server side, you need to have something on the server side. 549 00:33:29,540 --> 00:33:34,220 But it's not the entire key, it's just half of the key. 550 00:33:34,500 --> 00:33:38,180 So even if that would be if that server would be compromised and 551 00:33:38,180 --> 00:33:41,620 those keys would be stolen, that on itself doesn't allow to 552 00:33:41,620 --> 00:33:47,060 recover to recover all the. It doesn't break the security of 553 00:33:47,420 --> 00:33:51,890 of that of that credential. So that is one of the massive 554 00:33:51,890 --> 00:33:57,210 arguments why a a a bank or any service provider for that matter 555 00:33:57,210 --> 00:34:00,370 that today is using passwords for authentication. 556 00:34:00,770 --> 00:34:04,490 They may want to they may want to move away from them as soon 557 00:34:04,490 --> 00:34:07,530 as possible into this because the the the question about the 558 00:34:07,530 --> 00:34:11,250 data leaks it's I mean there is the finance the direct financial 559 00:34:11,250 --> 00:34:16,210 loss but there is the the branding the branding laws is is 560 00:34:16,250 --> 00:34:20,670 it's and it's a nightmare so so that on that on itself is is 561 00:34:20,670 --> 00:34:23,190 quite a motivation. So folks, for folks who are 562 00:34:23,190 --> 00:34:28,989 listening, it's 25 after three on Tuesday, you're going to be 563 00:34:28,989 --> 00:34:32,469 presenting in like 25 minutes. So, one hour, yeah. 564 00:34:32,750 --> 00:34:33,790 And one hour. OK. 565 00:34:33,830 --> 00:34:37,989 We really appreciate you talking through this with us, but we 566 00:34:37,989 --> 00:34:39,469 don't want to hold you back from that. 567 00:34:39,590 --> 00:34:42,429 You need a little bit of time to catch your breath, maybe have 568 00:34:42,590 --> 00:34:45,850 coffee or something. But thank you, Pedro. 569 00:34:45,850 --> 00:34:47,730 I mean, this is really educational. 570 00:34:48,090 --> 00:34:51,010 My pleasure anytime. Yeah, so let's end on a lighter 571 00:34:51,010 --> 00:34:54,929 note here so you can get off and go and prepare and and psych 572 00:34:54,929 --> 00:34:58,730 yourself up. We were talking before we hit 573 00:34:58,730 --> 00:35:02,890 the record button that you're a soccer dad, you've got a couple 574 00:35:02,890 --> 00:35:04,170 of sons. I think you said that are 575 00:35:04,170 --> 00:35:06,930 playing soccer. Then the then the conversation 576 00:35:06,930 --> 00:35:09,130 turned a little bit towards Messi, who has become a 577 00:35:09,130 --> 00:35:10,650 phenomenon. He's already been a phenomenon 578 00:35:10,650 --> 00:35:14,450 around the world, but. Unless you've been a die hard 579 00:35:14,450 --> 00:35:17,530 soccer player, you probably just kind of were maybe passing 580 00:35:17,530 --> 00:35:20,770 familiar. Now he's playing for Miami and 581 00:35:20,770 --> 00:35:25,490 Florida of your soccer dad duties. 582 00:35:26,250 --> 00:35:31,370 How do you see your sons and their journeys through the 583 00:35:31,370 --> 00:35:34,210 sport? Are we are we looking at maybe 584 00:35:34,210 --> 00:35:36,610 the next Messi somewhere in there or a different position? 585 00:35:36,850 --> 00:35:39,530 No, no, no. We're we're, I mean still too 586 00:35:39,530 --> 00:35:42,250 soon they will, they will do. They will do whatever they they 587 00:35:42,250 --> 00:35:44,410 want. But for us it's just a matter of 588 00:35:44,570 --> 00:35:48,490 keeping them healthy and and doing a team sport and and 589 00:35:48,490 --> 00:35:52,010 getting into that. But to me what it it the only 590 00:35:52,010 --> 00:35:55,490 thing is that now they playing soccer and then watching soccer 591 00:35:55,490 --> 00:35:58,250 and then playing soccer because you have the the equivalent of 592 00:35:58,250 --> 00:36:02,810 the NFL games. It's all soccer all the time. 593 00:36:02,810 --> 00:36:07,090 All it's intensive but it's true that we were by tradition in the 594 00:36:07,090 --> 00:36:13,170 family fans of Barcelona and now to and we had Messi. 595 00:36:13,170 --> 00:36:16,930 We had the lack of have this guy in in in our team. 596 00:36:16,930 --> 00:36:19,370 And to see the impact that now he's having in a country that 597 00:36:19,370 --> 00:36:21,970 doesn't have the tradition of it's. 598 00:36:22,370 --> 00:36:24,930 It's funny to see the the kind of craze that he's generating in 599 00:36:24,930 --> 00:36:28,890 a country, in a country that that traditionally didn't pay as 600 00:36:28,890 --> 00:36:32,050 much attention to to soccer and as as it was before. 601 00:36:32,050 --> 00:36:35,650 So does that give a sense of? Pride when you see that 602 00:36:35,650 --> 00:36:38,650 happening. Or is it a sense of loss because 603 00:36:38,650 --> 00:36:40,490 he used to play? No, no, I'm. 604 00:36:40,570 --> 00:36:43,050 I'm really happy for the guy because it's, you know, there 605 00:36:43,050 --> 00:36:49,170 are great sports guys that are that are just great at at what 606 00:36:49,170 --> 00:36:51,330 they do, but as a person, you don't. 607 00:36:51,330 --> 00:36:53,210 You don't. I mean, he doesn't, he doesn't. 608 00:36:54,730 --> 00:36:57,770 I mean they are too fond of themselves or they they don't 609 00:36:58,450 --> 00:37:00,970 and you don't You don't see them as a role, as a role model for 610 00:37:00,970 --> 00:37:04,190 example for your kids and this is a guy that has been it's he's 611 00:37:04,190 --> 00:37:07,110 great in what he does. He's exceptional about any kind 612 00:37:07,110 --> 00:37:10,350 of measure and he's a very humble very reasonable very 613 00:37:10,350 --> 00:37:12,550 nice. He doesn't has outbursts or 614 00:37:12,550 --> 00:37:16,510 anything like that and he he won the World Cup after have been 615 00:37:16,510 --> 00:37:19,510 chasing it for many years in the late stages of his career. 616 00:37:19,510 --> 00:37:22,070 And now to see him the kind of things he's doing, every time 617 00:37:22,070 --> 00:37:25,470 that he does something that is remarkable, we we just get a 618 00:37:25,470 --> 00:37:29,190 smile. No it's it's it's it's it's 619 00:37:29,190 --> 00:37:33,140 happy to see him to see to see him thrive and to see the kids 620 00:37:33,140 --> 00:37:35,900 obsessed with him as well. So the Barcelona? 621 00:37:35,900 --> 00:37:39,900 Fans, Are they Florida MLS fans at this point? 622 00:37:39,900 --> 00:37:43,580 Or Miami, I should say. Or you follow a player versus 623 00:37:43,580 --> 00:37:46,100 A-Team? No, no, I would say that people 624 00:37:46,100 --> 00:37:49,900 have sympathy for the for people from Barcelona have sympathy for 625 00:37:49,900 --> 00:37:52,380 Miami now because Messi is in there. 626 00:37:52,380 --> 00:37:55,960 And not only Messi mean, there were a couple of players, X bars 627 00:37:55,960 --> 00:37:57,400 of players that went along as well. 628 00:37:57,400 --> 00:38:01,600 So now now I it's a very rare thing to see because there was 629 00:38:01,600 --> 00:38:05,680 no interest whatsoever in Spain about MLS here. 630 00:38:05,680 --> 00:38:09,320 And then now you can have a conversation of what did Miami 631 00:38:09,800 --> 00:38:12,120 last week which was unheard of before. 632 00:38:12,200 --> 00:38:13,760 So it's amazing when a transcendent. 633 00:38:13,760 --> 00:38:16,760 Player can do that or anything. Can see that occasionally with 634 00:38:16,760 --> 00:38:19,840 maybe basketball player coming from some area of the world 635 00:38:19,840 --> 00:38:22,150 right into. One league or another or 636 00:38:22,150 --> 00:38:24,310 baseball was another one, which I know, Jim, you were just 637 00:38:24,310 --> 00:38:26,070 chomping at the bit to to get into that one. 638 00:38:26,310 --> 00:38:28,590 So I. Was in a conversation with 639 00:38:29,950 --> 00:38:33,830 Denise and one of her friends and she sent a picture of a guy 640 00:38:33,830 --> 00:38:35,750 that she's dating her her friend. 641 00:38:36,310 --> 00:38:39,590 And she said I was like, he looks like somebody famous. 642 00:38:39,590 --> 00:38:44,230 She's like, yeah, he looks like Victoria Beckham's husband. 643 00:38:46,110 --> 00:38:48,950 David Beckham? No, she. 644 00:38:48,950 --> 00:38:52,270 Said it right the the spice. Spice Girl, Right. 645 00:38:52,270 --> 00:38:54,630 She was a Spice Girl, yeah. Anyway, but he. 646 00:38:54,630 --> 00:38:59,550 Came over and played in the MLS for a while, but I think it was 647 00:38:59,550 --> 00:39:01,990 more of like, you know, it got some attention. 648 00:39:02,310 --> 00:39:05,510 But from what I understand now, Messi's over here. 649 00:39:05,510 --> 00:39:09,310 Just like dominating, right? Which that's kind of cool. 650 00:39:09,670 --> 00:39:14,950 I mean my Uber driver from the airport to the resort here. 651 00:39:15,410 --> 00:39:17,850 He's like, do you want to listen to something or watch something? 652 00:39:17,850 --> 00:39:21,290 I'm like, I don't care. And So what do you, what does he 653 00:39:21,290 --> 00:39:23,210 put on? He puts on like this highlight 654 00:39:23,210 --> 00:39:27,610 reel of messy, just scoring goals and winning championships 655 00:39:27,610 --> 00:39:28,810 and stuff. And it was probably still 656 00:39:28,810 --> 00:39:30,970 playing. After the 40, Yeah, he was. 657 00:39:31,850 --> 00:39:34,130 Still going he's. Probably watched it hundreds. 658 00:39:34,130 --> 00:39:37,770 Of times I guess. But yeah, I it's I used. 659 00:39:37,770 --> 00:39:40,730 To play soccer when I was a kid and it's interesting see how MLS 660 00:39:40,730 --> 00:39:44,300 has gotten. Progressively more popular over 661 00:39:44,300 --> 00:39:47,220 the years. I mean it's still very much not 662 00:39:47,220 --> 00:39:53,460 anywhere near you know NFLNBA, you know at hockey, baseball and 663 00:39:53,460 --> 00:39:55,860 then you've got sort of MLSI think it's kind of after that. 664 00:39:56,660 --> 00:40:00,700 But there was a just a genuine excitement when you, you know, a 665 00:40:00,700 --> 00:40:02,380 player of that caliber comes over. 666 00:40:03,780 --> 00:40:06,780 I was, I was concerned and he's OK. 667 00:40:06,780 --> 00:40:08,420 He's going to come over. He's towards the end of his 668 00:40:08,420 --> 00:40:10,120 career. What does that mean? 669 00:40:10,120 --> 00:40:13,400 He's not going to be able to produce whatever guy comes out, 670 00:40:13,400 --> 00:40:17,760 scores, goals left. I mean, he delivered right away 671 00:40:17,760 --> 00:40:21,320 and it was like this shot of adrenaline that went through 672 00:40:21,600 --> 00:40:23,080 MLS. It was the worst. 673 00:40:23,080 --> 00:40:27,920 Team in the MLS this season the guy arrived and he played six, 674 00:40:27,920 --> 00:40:31,800 seven matches and he won a title for them just to straight up it 675 00:40:31,800 --> 00:40:33,880 was. I mean, they were expecting him 676 00:40:33,880 --> 00:40:36,320 to make an impact, but they no one was expecting that he would 677 00:40:36,320 --> 00:40:38,580 do that. Right off the bat, as he arrived 678 00:40:38,580 --> 00:40:40,220 to them, it was, it was funny to. 679 00:40:40,220 --> 00:40:42,380 It was funny to watch. It was funny to watch. 680 00:40:42,380 --> 00:40:44,100 A real Cinderella, a Cinderella story. 681 00:40:44,100 --> 00:40:47,340 We're going to go ahead and wrap it up for this conversation. 682 00:40:47,340 --> 00:40:48,580 Thank you so much for taking the time. 683 00:40:48,580 --> 00:40:51,060 My pleasure. I think we'll be recording 684 00:40:51,060 --> 00:40:53,740 another episode when you're on stage, so we'll be simpatico 685 00:40:53,740 --> 00:40:57,580 with you thinking about that. But it was great to meet you, 686 00:40:57,740 --> 00:41:01,140 Great to have this conversation. I'll have some links in our show 687 00:41:01,140 --> 00:41:03,340 notes so that people connect with you on LinkedIn if they 688 00:41:03,340 --> 00:41:05,670 have any questions. So I have a link to the Telus 689 00:41:05,670 --> 00:41:09,150 group as well so people can find out more about what goes on over 690 00:41:09,150 --> 00:41:11,510 there. We'll have links to myself and 691 00:41:11,510 --> 00:41:13,950 Jim on LinkedIn as well. We're on the web. 692 00:41:13,950 --> 00:41:19,030 idacpodcast.com we're on Twitter slash X slash whatever it's 693 00:41:19,030 --> 00:41:20,350 called. By the time you listen to this 694 00:41:20,670 --> 00:41:26,310 at IDAC Podcast Mastodon at IDAC podcast at infosec dot exchange 695 00:41:26,710 --> 00:41:30,110 Like, subscribe, share with a friend, share with an enemy, I 696 00:41:30,110 --> 00:41:31,550 don't care. As long as people are listening, 697 00:41:31,550 --> 00:41:34,470 we'll keep doing this. Thanks to everyone for listening 698 00:41:34,470 --> 00:41:36,070 and we'll talk with everyone in the next one.