The All Things Auth Podcast
Conor Gilsenan
All episodes
Best episodes
Top 10 The All Things Auth Podcast Episodes
Goodpods has curated a list of the 10 best The All Things Auth Podcast episodes, ranked by the number of listens and likes each episode have garnered from our listeners. If you are listening to The All Things Auth Podcast for the first time, there's no better place to start than with one of these standout episodes. If you are a fan of the show, vote for your favorite The All Things Auth Podcast episode by adding your comments to the episode page.
#010 - Making Open-Source Software Usable with Ashley Fowler of USABLE.tools
The All Things Auth Podcast
10/10/19 • 49 min
Social media & website
- Email: [email protected]
- Twitter: @global_ashm, @USABLE_tools
- Website: usable.tools
Resources mentioned in episode
- Jon Camfield published an article titled "Where did USABLE come from?" that explains the motivation for starting the organization.
- The free USABLE Guidebook contains resources and activities to help trainers and facilitators to collect relevant and useful feedback from high-risk users.
- The USABLE blog has a ton of posts about their mission and interviews with their partner organizations.
- Ashley explained how USABLE gets hands-on help from design and user experience partners (Simply Secure and OKTHANKS) and accessibility partners (Accessibility Lab).
- Ashley shared the story of working with Thomas, the lead developer of Mailvelope, an app that allows you to send end-to-end encrypted emails. Also, check out the Mailvelope Blog.
- USABLE created detailed personas to help developers understand how to make their products more usable for at-risk communities around the world.
- USABLE has also recently supported the Secure Drop, Orbot, and KeePass XC projects. The USABLE blog has great interviews with these projects.
You can find the host of The All Things Auth Podcast on Twitter @conorgil.
Canonical URL: https://allthingsauth.com/podcast/010-ashley-fowler-of-usable-tools.
#004 - Product Managers: The Polyglot Communication Hubs That Improve Your Products with Simon Moffatt of ForgeRock
The All Things Auth Podcast
07/18/19 • 59 min
Simon Moffatt, a Technical Product Manager at ForgeRock, joins me to discuss why a Product Manager is a critical role within any organization that aims to create usable security and privacy technologies. We discuss what, exactly, a PM actually does and why they are the critical hub between all departments, teams, and areas of the business.
While most companies have a never ending list of TODO items, Simon explains why it is important to have a DO NOT list.
Should PMs come from a technical background, a sales background, or is it better to be a polyglot with a range of experience? How can companies create product road maps that they will actually stick to and avoid the trap of sales-driven engineering?
We also discuss security compliance and how market failures lead to standards and regulation to protect end-users.
Social media & website
- Twitter: @SimonMoffatt, @ForgeRock
- Website: simonmoffatt.com, forgerock.com
- LinkedIn: @simonmoffatt
Resources mentioned in episode
- Simon mentions how The Lean Startup advocates a quick learning cycle to capitalize on user feedback to improve your products.
- Simon also writes articles on The Cyber Hut.
You can find the host of The All Things Auth Podcast on Twitter @conorgil.
Canonical URL: https://allthingsauth.com/podcast/004-simon-moffatt-of-forgerock
#003 - End-to-end Encrypted Chat Without Getting Snooped On with Max Krohn of Keybase
The All Things Auth Podcast
07/04/19 • 76 min
Keybase is a Slack-like app that supports chat and file sharing, but it is fully end-to-end encrypted. You might be familiar with other well known apps that support end-to-end encryption, like WhatsApp and Signal, but Keybase has a fundamentally different security architecture. Max explains why this is so important and helps us understand the cryptography that makes the service work.
Before starting Keybase, Max was the co-founder of OkCupid. He shares the story about how he went from running a dating app to focusing on making public key cryptography approachable for the average internet user. Towards the end of our conversation, we discuss how Keybase approaches user research, how Keybase makes enough money to keep the lights on, and how they plan to grow the service in the future.
Social media & website
- Website: keybase.io
- Twitter: @keybaseio, @maxtaco
- Keybase: @max
- After installing Keybase, you can request to join the team keybasefriends.
Resources mentioned in episode
- Keybase Blog
- The post Keybase's New Key Model explains how you cryptographically link all of your devices so that you can use Keybase on all of your devices at the same time.
- The post Introducing Keybase Teams explains the user experience and underlying cryptography that powers the Keybase teams functionality.
- In Keybase is not softer than TOFU, Keybase explains what Trust on First Use means and how Keybase approaches this problem differently than any other app providing end-to-end encrypted communication.
- The Keybase documentation contains technical explanations of how Keybase is designed and architected.
- The Verge: Google, WhatsApp, and Apple slam GCHQ proposal to snoop on encrypted chats
You can find Conor, the host, on Twitter @conorgil.
Canonical URL: https://allthingsauth.com/podcast/003-max-krohn-of-keybase
#009 - How to be an #MFAally with Tanya Janca of Microsoft
The All Things Auth Podcast
09/27/19 • 48 min
Social media & website
- Twitter: @shehackspurple
- Website: dev.to/shehackspurple
Resources mentioned in episode
- Tanya talks about enabling MFA on Tangerine Bank, WealthSimple, and PayPal.
- Tanya wrote a blog post titled "Multi-Factor Authentication (MFA)" that explains what MFA is for people who are not familiar with the term.
- The site twofactorauth.org is a community maintained database of which sites support 2FA and which do not.
- Conor built an open-source browser extension called 2FA Notifier, which alerts you anytime you visit a site that is known to support 2FA and helps you enable it.
- During Microsoft Ignite 2018, Azure shared that adoption rate of MFA among admins was only 1.7%. “The rate increased from 0.7% in 2017 to 1.7% in 2018. Yes, it doubled, but it is still terrible.”
- Tanya mentioned Jessy Irwin’s mantra “If you liked it, then you should have put some crypto on it” and multi-Raptor authentication.
You can find the host of The All Things Auth Podcast on Twitter @conorgil.
Canonical URL: https://allthingsauth.com/podcast/009-tanya-janca-of-microsoft.
#006 - SOUPS 2019 - Part 1
The All Things Auth Podcast
08/16/19 • 40 min
- Miranda Wei
- Eva Gerlitz
- Mariano Di Martino
- Elham Al Qahtani
- Andreas Gutmann
You can find the host of The All Things Auth Podcast on Twitter @conorgil.
Canonical URL: https://allthingsauth.com/podcast/006-soups-2019-part-1
#005 - Grading How Companies (In)Securely Store Passwords with Michal Špaček of Password Storage
The All Things Auth Podcast
08/04/19 • 62 min
Michal Špaček shares the story of how the Password Storage project has convinced hundreds of companies to publicly disclose their password storage practices and assigned each a grade based on how well they follow best practices.
We discuss hashing algorithms and the technology behind storing passwords securely. Learn why a company who follows the technical best practices might still not earn an A grade if they do not have a public disclosure, or if they rely on an Invisible Disclosure.
We compare the Password Storage project to other fantastic security tools, including SSL Labs and Mozilla Observatory.
Michal outlines how the grading criteria will change in the short term, highlights the desire to get more companies included in the data set, and contemplates how the project will continue to grow over time.
This episode was initially published in August 2019, the 5 year anniversary of Michal’s talk at BSides Las Vegas 2014, which planted the seeds that eventually grew into the Password Storage project. Happy birthday, Password Storage!
Social media & website
- Twitter: @PasswordStorage, @spazef0rze
- Website: Password Storage disclosures, michalspacek.com
Resources mentioned in episode
- Michal launched Password Storage at BSides Las Vegas in 2016. You can see the slides from his talk here.
- Bruce K. Marshall is a researcher and consultant dedicated to improving the application of authentication technologies, products, and good practices. He founded PasswordResearch.com to better share the password information he was collecting.
- You can find Bruce on Twitter @PwdRsch.
- Michal’s wrote an article titled “Upgrading existing password hashes” that explains how to gracefully migrate passwords hashed with a legacy algorithm to a secure and modern algorithm.
- To get your website listed in the Password Storage project, check out the FAQ.
You can find the host of The All Things Auth Podcast on Twitter @conorgil.
Canonical URL: https://allthingsauth.com/podcast/005-michal-spacek-of-password-storage
#001 - Open-source Hardware Security Keys with Conor Patrick of SoloKeys
The All Things Auth Podcast
06/06/19 • 63 min
Conor explains what security keys are and why they provide a stronger level of security than other methods of 2FA. He shares the story about how he created and sold his first open-source security key on Amazon while he was an undergraduate studying Computer Engineering and how that project evolved into a wildly successful Kickstarter project that launched SoloKeys the company.
Towards the end of the conversation, Conor shares his thoughts on the recent trend of using phones as security keys and highlights Somu, the next exciting product that he and his team are working on right now.
Social media & website
- SoloKey’s Twitter: @SoloKeysSec
- SoloKeys website
- Conor Patrick’s Twitter: @_conorpp
Resources mentioned in episode
- Phishing resistance two factor authentication (2FA) comes from implementing the FIDO2: WebAuthn & CTAP specifications.
- U2F Zero security key
- In his blog post, Designing and Producing 2FA tokens to Sell on Amazon, Conor explains how he created and sold an open source security key named U2F Zero while an undergrad in university.
- You can access the hardware designs and software in the GitHub repo conorpp/u2f-zero.
- You can build your own U2F Zero by following the instructions in the Build a U2F Token wiki page.
- SoloKey security key
- SoloKeys, the company, launched after raising $125,000 in a hugely successful Kickstarter project.
- In his blog post, Designing Solo, a new U2F/FIDO2 Token, Conor explains
- The hardware and software for SoloKey’s open source hardware security key, Solo, is available in the GitHub repo solokeys/solo.
- Google Security Blog: Now generally available: Android phone’s built-in security key
- NitroKey security key
- NitroKey, a commercial provider of security keys, based their open source U2F security key on Conor’s U2F Zero project. You can access the Nitrokey firmware and hardware in the GitHub repo Nitrokey/nitrokey-fido-u2f-firmware.
- NitroKey is also building security keys based on SoloKey’s current design as well.
- Somu: A tiny FIDO2 security key for two-factor authentication and passwordless login
Canonical URL: https://allthingsauth.com/podcast/001-conor-patrick-of-solokeys
#008 - Secured by Math, Designed for People with Pilar García of 1Password
The All Things Auth Podcast
09/13/19 • 58 min
Social media & website
- Twitter: @1password
- Website: 1password.com
Resources mentioned in episode
- Conor and Pilar frequently reference 1Password’s White Paper, which explains the security architecture and overall security philosophy of the company.
- Pilar mentioned the well known XKCD comic on password strength that popularized the comical phrase “correct horse battery staple”.
- 1Password’s Watchtower has many useful features related to monitoring the security of your account passwords and your use of two factor authentication (2FA).
- You can learn more about Troy Hunt’s Pwned Passwords API here and here. Also, check out Junade Ali’s post on the Cloudflare blog about why and how he proposed the Pwned Passwords API should use k-anonymity.
- Conor mentions the NIST special publication 800-63B, which contains password best practices.
- 1Password has a $100k bug bounty hosted on BugCrowd.
You can find the host of The All Things Auth Podcast on Twitter @conorgil.
Canonical URL: https://allthingsauth.com/podcast/008-pilar-garcia-of-1password.
#007 - SOUPS 2019 - Part 2
The All Things Auth Podcast
08/17/19 • 43 min
- Yixin Zou
- Karoline Busse
- Anthony Vance
- Sarah Pearman and Shikun Aerin Zhang
- Kyle Crichton
You can find the host of The All Things Auth Podcast on Twitter @conorgil.
Canonical URL: https://allthingsauth.com/podcast/007-soups-2019-part-2
#002 - Your Phone is a Phishing Resistant Security Key with Alex Grinman of Kryptco
The All Things Auth Podcast
06/20/19 • 54 min
Alex shares the story of how Krypton first started as a secure messaging app, then evolved to help developers manage SSH keys, and today aims to make phishing resistant two factor authentication a realistic option for average internet users.
We get Alex’s thoughts on Google’s recent focus on allowing Android phones to be used as security keys, what happens if you lose your phone, and different approaches to account recovery.
Social media & website
- Kryptco: krypt.co, @kryptco, [email protected]
- Alex Grinman: www.alexgr.in, @alexgrinman
Resources mentioned in episode
- Phishing resistant two factor authentication (2FA) comes from implementing the FIDO2: WebAuthn & CTAP specifications.
- Krypton’s blog post, Our Zero-Trust Infrastructure, explains how the Krypton app pairs your phone to your browser to guarantee secure communication.
- You can find all of Kryptco’s open source software on GitHub.
- Google Security Blog - Advisory: Security Issue with Bluetooth Low Energy (BLE) Titan Security Keys
You can find Conor, the host, on Twitter @conorgil.
Canonical URL: https://allthingsauth.com/podcast/002-alex-grinman-of-kryptco
Show more best episodes
Show more best episodes
FAQ
How many episodes does The All Things Auth Podcast have?
The All Things Auth Podcast currently has 10 episodes available.
What topics does The All Things Auth Podcast cover?
The podcast is about Security, Founder, Research, Startup, Podcasts, Technology, Business, Privacy, Computer and Cybersecurity.
What is the most popular episode on The All Things Auth Podcast?
The episode title '#010 - Making Open-Source Software Usable with Ashley Fowler of USABLE.tools' is the most popular.
What is the average episode length on The All Things Auth Podcast?
The average episode length on The All Things Auth Podcast is 56 minutes.
How often are episodes of The All Things Auth Podcast released?
Episodes of The All Things Auth Podcast are typically released every 13 days, 15 hours.
When was the first episode of The All Things Auth Podcast?
The first episode of The All Things Auth Podcast was released on Jun 6, 2019.
Show more FAQ
Show more FAQ