Dan Moore

And so that's the whole goal is, you know, it's not to, if there's a state level attacker out there, hi, anyone who's listening from a state level, you know, actor, like they can probably get access to my accounts because they have those resources, but I'm just trying to make it difficult enough that they kind of, um, that normal attackers move on.

And so that's the whole goal is, you know, it's not to, if there's a state level attacker out there, hi, anyone who's listening from a state level, you know, actor, like they can probably get access to my accounts because they have those resources, but I'm just trying to make it difficult enough that they kind of, um, that normal attackers move on.

I mean, I assume... SMS or email, right? Like anything that's deliverable is probably going to be outside of your app. You know, you could, there's always this, right? We talked about the tension around the friction around like login method and that same thing is true with MFA, right? And so there's always a tension between making things as easy for Adam to log in, right?

I mean, I assume... SMS or email, right? Like anything that's deliverable is probably going to be outside of your app. You know, you could, there's always this, right? We talked about the tension around the friction around like login method and that same thing is true with MFA, right? And so there's always a tension between making things as easy for Adam to log in, right?

as possible um or adam to be honest with you like taking control of his own destiny and using tools out there like one password or orbit wardner etc so yeah so you definitely can help foster things by using deliverable methods that's really the only way you can force that and honestly

as possible um or adam to be honest with you like taking control of his own destiny and using tools out there like one password or orbit wardner etc so yeah so you definitely can help foster things by using deliverable methods that's really the only way you can force that and honestly

I don't know if 1Password has this or anybody else has this, but it wouldn't surprise me if there was a Gmail plugin that would go and look in your Gmail and pull out the code that Adam could probably install as an extension to 1Password. And then he's just kind of circumvented that whole thing again.

I don't know if 1Password has this or anybody else has this, but it wouldn't surprise me if there was a Gmail plugin that would go and look in your Gmail and pull out the code that Adam could probably install as an extension to 1Password. And then he's just kind of circumvented that whole thing again.

right so right um and he's the one by the way paying the bank right he's the bank's customer so you can't push them too far but you can i mean education is kind of the canonical example and you know answer this is like you say um you know we really suggest that you take these steps to secure your accounts.

right so right um and he's the one by the way paying the bank right he's the bank's customer so you can't push them too far but you can i mean education is kind of the canonical example and you know answer this is like you say um you know we really suggest that you take these steps to secure your accounts.

And if someone wants to ignore all the pieces of advice and they're still paying you money, that's a really hard question to solve.

And if someone wants to ignore all the pieces of advice and they're still paying you money, that's a really hard question to solve.

I mean, NIST actually recommend that they have the latest digital identity guidelines and they actually recommend that you don't enforce that complexity because it's frustrating to end users and they end up picking something that may not be that complex. complex, right? Like they'll just add like the one exclamation point at the end of a normal word or something like that.

I mean, NIST actually recommend that they have the latest digital identity guidelines and they actually recommend that you don't enforce that complexity because it's frustrating to end users and they end up picking something that may not be that complex. complex, right? Like they'll just add like the one exclamation point at the end of a normal word or something like that.

And check the corpus, right? Like there's a bunch of corpuses of passwords out there and check that it's not in there. And other than that, I'd say, yeah, go crazy.

And check the corpus, right? Like there's a bunch of corpuses of passwords out there and check that it's not in there. And other than that, I'd say, yeah, go crazy.

I'm torn. I want that world. I want that world. I'm not sure we're there because let's encrypt the big lever there was Chrome, right? And like the scary warning messages in the URL bar and things like that. And I don't know if we have... I mean, maybe you have that with the operating system vendors. So maybe that's the lever. But it feels like we're not there yet. But yeah, I would love a place.

I'm torn. I want that world. I want that world. I'm not sure we're there because let's encrypt the big lever there was Chrome, right? And like the scary warning messages in the URL bar and things like that. And I don't know if we have... I mean, maybe you have that with the operating system vendors. So maybe that's the lever. But it feels like we're not there yet. But yeah, I would love a place.

I love a world. I mean, and honestly, this is... It's interesting to me because the more we talk about this conversation, like password managers and pass keys are both kind of two sides of the same coin or they're two approaches to the same problem that both believe that computers are better than people at keeping track of, you know, verifiers of identity.

I love a world. I mean, and honestly, this is... It's interesting to me because the more we talk about this conversation, like password managers and pass keys are both kind of two sides of the same coin or they're two approaches to the same problem that both believe that computers are better than people at keeping track of, you know, verifiers of identity.