Share The All Things Auth Podcast
Share to email
Share to Facebook
Share to X
By Conor Gilsenan
5
99 ratings
The podcast currently has 10 episodes available.
Social media & website
Resources mentioned in episode
You can find the host of The All Things Auth Podcast on Twitter @conorgil.
Canonical URL: https://allthingsauth.com/podcast/010-ashley-fowler-of-usable-tools.
Social media & website
Resources mentioned in episode
You can find the host of The All Things Auth Podcast on Twitter @conorgil.
Canonical URL: https://allthingsauth.com/podcast/009-tanya-janca-of-microsoft.
Social media & website
Resources mentioned in episode
You can find the host of The All Things Auth Podcast on Twitter @conorgil.
Canonical URL: https://allthingsauth.com/podcast/008-pilar-garcia-of-1password.
You can find the host of The All Things Auth Podcast on Twitter @conorgil.
Canonical URL: https://allthingsauth.com/podcast/007-soups-2019-part-2
You can find the host of The All Things Auth Podcast on Twitter @conorgil.
Canonical URL: https://allthingsauth.com/podcast/006-soups-2019-part-1
Michal Špaček shares the story of how the Password Storage project has convinced hundreds of companies to publicly disclose their password storage practices and assigned each a grade based on how well they follow best practices.
We discuss hashing algorithms and the technology behind storing passwords securely. Learn why a company who follows the technical best practices might still not earn an A grade if they do not have a public disclosure, or if they rely on an Invisible Disclosure.
We compare the Password Storage project to other fantastic security tools, including SSL Labs and Mozilla Observatory.
Michal outlines how the grading criteria will change in the short term, highlights the desire to get more companies included in the data set, and contemplates how the project will continue to grow over time.
This episode was initially published in August 2019, the 5 year anniversary of Michal’s talk at BSides Las Vegas 2014, which planted the seeds that eventually grew into the Password Storage project. Happy birthday, Password Storage!
Social media & website
Resources mentioned in episode
You can find the host of The All Things Auth Podcast on Twitter @conorgil.
Canonical URL: https://allthingsauth.com/podcast/005-michal-spacek-of-password-storage
Simon Moffatt, a Technical Product Manager at ForgeRock, joins me to discuss why a Product Manager is a critical role within any organization that aims to create usable security and privacy technologies. We discuss what, exactly, a PM actually does and why they are the critical hub between all departments, teams, and areas of the business.
While most companies have a never ending list of TODO items, Simon explains why it is important to have a DO NOT list.
Should PMs come from a technical background, a sales background, or is it better to be a polyglot with a range of experience? How can companies create product road maps that they will actually stick to and avoid the trap of sales-driven engineering?
We also discuss security compliance and how market failures lead to standards and regulation to protect end-users.
Social media & website
Resources mentioned in episode
You can find the host of The All Things Auth Podcast on Twitter @conorgil.
Canonical URL: https://allthingsauth.com/podcast/004-simon-moffatt-of-forgerock
Keybase is a Slack-like app that supports chat and file sharing, but it is fully end-to-end encrypted. You might be familiar with other well known apps that support end-to-end encryption, like WhatsApp and Signal, but Keybase has a fundamentally different security architecture. Max explains why this is so important and helps us understand the cryptography that makes the service work.
Before starting Keybase, Max was the co-founder of OkCupid. He shares the story about how he went from running a dating app to focusing on making public key cryptography approachable for the average internet user. Towards the end of our conversation, we discuss how Keybase approaches user research, how Keybase makes enough money to keep the lights on, and how they plan to grow the service in the future.
Social media & website
Resources mentioned in episode
You can find Conor, the host, on Twitter @conorgil.
Canonical URL: https://allthingsauth.com/podcast/003-max-krohn-of-keybase
Alex shares the story of how Krypton first started as a secure messaging app, then evolved to help developers manage SSH keys, and today aims to make phishing resistant two factor authentication a realistic option for average internet users.
We get Alex’s thoughts on Google’s recent focus on allowing Android phones to be used as security keys, what happens if you lose your phone, and different approaches to account recovery.
Social media & website
Resources mentioned in episode
You can find Conor, the host, on Twitter @conorgil.
Canonical URL: https://allthingsauth.com/podcast/002-alex-grinman-of-kryptco
Conor explains what security keys are and why they provide a stronger level of security than other methods of 2FA. He shares the story about how he created and sold his first open-source security key on Amazon while he was an undergraduate studying Computer Engineering and how that project evolved into a wildly successful Kickstarter project that launched SoloKeys the company.
Towards the end of the conversation, Conor shares his thoughts on the recent trend of using phones as security keys and highlights Somu, the next exciting product that he and his team are working on right now.
Social media & website
Resources mentioned in episode
Canonical URL: https://allthingsauth.com/podcast/001-conor-patrick-of-solokeys
The podcast currently has 10 episodes available.