Jared

Well, even the IPO did an Auth0 or Octobot Auth0.

Well, even the IPO did an Auth0 or Octobot Auth0.

So like that's past the startup phase.

So like that's past the startup phase.

Right. Yeah. So, yeah, I mean from, from startup to scaled up.

Right. Yeah. So, yeah, I mean from, from startup to scaled up.

Yeah.

Yeah.

Well, you also end up in the same situation with 1Password and LastPass when these providers become huge targets. Of course, they probably have their security teams staffed up because if I can hack into Okta or FusionAuth or whatever, it's not just one company's stuff I'm going to get. It's like a smorgasbord.

Well, you also end up in the same situation with 1Password and LastPass when these providers become huge targets. Of course, they probably have their security teams staffed up because if I can hack into Okta or FusionAuth or whatever, it's not just one company's stuff I'm going to get. It's like a smorgasbord.

How separate is it? Like different locations?

How separate is it? Like different locations?

So I agree with that comparison, Dan. Having done both, I can tell you that rolling your own auth is considerably easier than operating a post-fix server with SpamAssassin and these other things on the public internet. Also, there's a step in between. I build my own auth system with my own first party code. And then you have auth providers on the other side.

So I agree with that comparison, Dan. Having done both, I can tell you that rolling your own auth is considerably easier than operating a post-fix server with SpamAssassin and these other things on the public internet. Also, there's a step in between. I build my own auth system with my own first party code. And then you have auth providers on the other side.

And in the middle, you have open source solutions, which many frameworks tackle this head on because it's hugely valuable and can't have pooled resources there. So there's a nice middle ground with auth, whereas with email, you're kind of doing it yourself or doing it with somebody else's. Fair enough.

And in the middle, you have open source solutions, which many frameworks tackle this head on because it's hugely valuable and can't have pooled resources there. So there's a nice middle ground with auth, whereas with email, you're kind of doing it yourself or doing it with somebody else's. Fair enough.

So let's go back to Magic Links and talk about OTP, because this is kind of, to me, seems like maybe an evolution of Magic Links and an improvement. So the idea here is that I'm still going to send you something that you can then confirm that you have.

So let's go back to Magic Links and talk about OTP, because this is kind of, to me, seems like maybe an evolution of Magic Links and an improvement. So the idea here is that I'm still going to send you something that you can then confirm that you have.

But instead of just making it a link, which in our case, it's like a long, it's not like an MD5 sum, but it's, you know, it's like a hash value that you would not be able to just rattle off. It's shorter and time-based and usually it's six numbers that are provided. And so the, the one-time passcode is sent to the email or whatever way you can send them. So you can push notify it or whatever.

But instead of just making it a link, which in our case, it's like a long, it's not like an MD5 sum, but it's, you know, it's like a hash value that you would not be able to just rattle off. It's shorter and time-based and usually it's six numbers that are provided. And so the, the one-time passcode is sent to the email or whatever way you can send them. So you can push notify it or whatever.