1 00:00:01,199 --> 00:00:03,199 Join us as we gather around the hedge, 2 00:00:03,199 --> 00:00:04,660 where we dig into technology, 3 00:00:04,960 --> 00:00:07,679 business, and culture with the finest minds in 4 00:00:07,679 --> 00:00:08,660 computer networking. 5 00:00:20,574 --> 00:00:22,494 Hello, Russ. How are you doing today? Seems 6 00:00:22,494 --> 00:00:24,254 you're a little under the weather. I am 7 00:00:24,254 --> 00:00:26,335 a little under the weather, but, yeah, it's 8 00:00:26,335 --> 00:00:28,254 okay. I mean, the doctors are trying to 9 00:00:28,254 --> 00:00:29,234 take care of me 10 00:00:29,539 --> 00:00:30,980 as much as they can and, you know, 11 00:00:30,980 --> 00:00:33,239 I think it'll work itself out eventually. 12 00:00:33,780 --> 00:00:35,299 A little bit of a frightening week, but, 13 00:00:35,299 --> 00:00:35,879 you know. 14 00:00:36,739 --> 00:00:39,140 Okay. Okay. Well, we're hoping for you quick 15 00:00:39,140 --> 00:00:39,640 recovery. 16 00:00:40,820 --> 00:00:43,559 And today, we are joined by Carl Buell. 17 00:00:43,699 --> 00:00:44,439 So, Carl, 18 00:00:44,945 --> 00:00:46,145 can you take just a second? Let us 19 00:00:46,145 --> 00:00:47,605 know where where are you at physically? 20 00:00:48,385 --> 00:00:51,585 Well, I'm located in Bradenton, Florida. And so 21 00:00:51,585 --> 00:00:53,605 we're on the, Gulf Coast, 22 00:00:54,145 --> 00:00:56,304 and we're just South Of Tampa and North 23 00:00:56,304 --> 00:00:57,204 Of Sarasota. 24 00:00:58,304 --> 00:01:00,649 Awesome. Awesome. Well, thanks for joining us today, 25 00:01:00,649 --> 00:01:02,890 Carl. So today pleasure. We wanted to we 26 00:01:02,890 --> 00:01:04,569 wanted to talk a little bit about passwords 27 00:01:04,569 --> 00:01:06,489 today. So so just to get us started, 28 00:01:06,489 --> 00:01:09,049 I think, let's let's start with this. What, 29 00:01:09,369 --> 00:01:11,390 what would you say makes a good password? 30 00:01:12,844 --> 00:01:13,584 Well, obviously, 31 00:01:15,004 --> 00:01:15,665 good password 32 00:01:16,045 --> 00:01:16,545 includes, 33 00:01:18,045 --> 00:01:20,704 more characters as opposed to fewer characters 34 00:01:21,325 --> 00:01:22,224 and a combination 35 00:01:22,525 --> 00:01:23,665 of letters 36 00:01:24,204 --> 00:01:26,765 as well as numbers as well as, 37 00:01:27,769 --> 00:01:28,750 special characters. 38 00:01:29,129 --> 00:01:31,369 So would you say more characters is more 39 00:01:31,369 --> 00:01:32,509 important than randomness? 40 00:01:33,609 --> 00:01:34,189 And and, 41 00:01:34,729 --> 00:01:37,049 like, longer is more important than randomness, or 42 00:01:37,049 --> 00:01:37,869 would you say 43 00:01:38,329 --> 00:01:40,525 they're equal? Or how would you how would 44 00:01:40,525 --> 00:01:42,685 you scope those out? Yeah. That's a good 45 00:01:42,685 --> 00:01:43,185 question. 46 00:01:44,045 --> 00:01:44,545 Randomness, 47 00:01:45,004 --> 00:01:45,665 I think, 48 00:01:46,045 --> 00:01:47,584 has to rank number one. 49 00:01:48,125 --> 00:01:51,504 Because if you have a 30 character password 50 00:01:52,364 --> 00:01:53,405 and it's your, 51 00:01:53,990 --> 00:01:56,250 home address with your wife's name 52 00:01:56,870 --> 00:01:59,350 and, your son's birthday at the end of 53 00:01:59,350 --> 00:02:02,250 it. It's maybe thirty, forty characters, 54 00:02:02,549 --> 00:02:03,049 but 55 00:02:03,909 --> 00:02:04,310 it, 56 00:02:05,909 --> 00:02:08,650 it can be easily once people find that 57 00:02:09,204 --> 00:02:11,364 one password, if it's not if you don't 58 00:02:11,364 --> 00:02:12,424 change the password 59 00:02:13,284 --> 00:02:13,784 for 60 00:02:14,564 --> 00:02:15,784 really every account, 61 00:02:16,324 --> 00:02:17,224 you you're vulnerable. 62 00:02:18,164 --> 00:02:19,944 And we know from 63 00:02:20,884 --> 00:02:21,384 statistics, 64 00:02:22,484 --> 00:02:24,344 I looked up some things before 65 00:02:24,650 --> 00:02:26,590 we got on the on the call 66 00:02:27,770 --> 00:02:28,969 here. 68% 67 00:02:28,969 --> 00:02:29,710 of Americans, 68 00:02:30,569 --> 00:02:31,710 reuse their passwords, 69 00:02:32,409 --> 00:02:35,790 and that is according to security.org. 70 00:02:36,825 --> 00:02:37,564 So randomness 71 00:02:38,105 --> 00:02:38,605 and 72 00:02:39,064 --> 00:02:39,564 differentiation, 73 00:02:41,465 --> 00:02:43,004 has to rank number one. 74 00:02:43,465 --> 00:02:45,405 So when you say reuse, do you mean 75 00:02:46,745 --> 00:02:49,705 maybe use the same password literally with no 76 00:02:49,705 --> 00:02:51,805 changes, or are we talking about 77 00:02:53,539 --> 00:02:55,460 I I use the same password, but I 78 00:02:55,460 --> 00:02:56,360 change the date? 79 00:02:57,060 --> 00:02:59,000 I change four numbers or 80 00:02:59,539 --> 00:03:02,439 something like that and think I'm doing unique. 81 00:03:03,780 --> 00:03:06,199 Well, when when I say reuse passwords, 82 00:03:06,544 --> 00:03:07,444 they're reusing 83 00:03:07,985 --> 00:03:10,564 the same password for multiple accounts, 84 00:03:11,104 --> 00:03:12,644 but they're also using 85 00:03:13,504 --> 00:03:14,004 variations 86 00:03:14,305 --> 00:03:14,965 of passwords, 87 00:03:15,584 --> 00:03:17,364 variations of the same password 88 00:03:18,064 --> 00:03:19,764 for multiple accounts. So 89 00:03:20,370 --> 00:03:21,669 I've got my address 90 00:03:21,969 --> 00:03:23,750 and, my wife's name, 91 00:03:24,610 --> 00:03:26,689 and, I'll put her birthday on the end. 92 00:03:26,689 --> 00:03:28,209 And maybe I'll change it, and I'll put 93 00:03:28,209 --> 00:03:30,530 my birthday on the end. So a lot 94 00:03:30,530 --> 00:03:31,189 of people 95 00:03:32,129 --> 00:03:34,549 do variations on a theme by that, 96 00:03:36,224 --> 00:03:38,544 like that, I mean. And and the reason 97 00:03:38,544 --> 00:03:40,544 for that is if you look at how 98 00:03:40,544 --> 00:03:41,044 people 99 00:03:41,905 --> 00:03:45,605 remember passwords or how they store those passwords, 100 00:03:48,469 --> 00:03:49,509 38 101 00:03:49,509 --> 00:03:51,289 to 40% of people, 102 00:03:51,989 --> 00:03:54,229 just keep them in memory, believe it or 103 00:03:54,229 --> 00:03:54,729 not. 104 00:03:55,590 --> 00:03:56,090 And 105 00:03:56,870 --> 00:03:58,489 we're seeing an increasing 106 00:03:58,789 --> 00:03:59,289 trend 107 00:03:59,750 --> 00:04:01,129 toward people using 108 00:04:01,989 --> 00:04:02,969 password vaults. 109 00:04:04,444 --> 00:04:06,944 30 I think about 33% 110 00:04:07,405 --> 00:04:08,544 store their passwords 111 00:04:09,004 --> 00:04:12,044 in a in a password manager or in 112 00:04:12,044 --> 00:04:12,544 a 113 00:04:13,004 --> 00:04:13,504 browser. 114 00:04:14,125 --> 00:04:15,425 Obviously, some browsers, 115 00:04:16,925 --> 00:04:19,345 keep those passwords. I don't trust those. 116 00:04:22,360 --> 00:04:24,779 20 to 25% 117 00:04:25,479 --> 00:04:27,740 keep them on what I call snippies. 118 00:04:28,519 --> 00:04:30,379 My wife is a snippy gal. 119 00:04:30,919 --> 00:04:33,579 She has little, snippies of paper 120 00:04:34,279 --> 00:04:35,339 all over the place. 121 00:04:36,095 --> 00:04:38,834 Yep. And, you know, those post it notes 122 00:04:38,894 --> 00:04:41,935 and those little notebooks where you keep write 123 00:04:41,935 --> 00:04:44,014 things down. The problem with that is, 124 00:04:44,495 --> 00:04:46,675 the house burns down. You lose your passwords. 125 00:04:48,189 --> 00:04:50,110 You mentioned that an increasing number of people 126 00:04:50,110 --> 00:04:51,710 are using password vaults. Why do you think 127 00:04:51,710 --> 00:04:52,449 that is? 128 00:04:53,310 --> 00:04:56,029 Well, I think people are catching on. Look. 129 00:04:56,029 --> 00:04:56,529 Cybersecurity, 130 00:04:58,350 --> 00:04:59,250 has become 131 00:04:59,550 --> 00:05:03,664 so increasingly important just over the last twelve 132 00:05:03,664 --> 00:05:06,544 to eighteen months relative to how we thought 133 00:05:06,544 --> 00:05:09,285 about it, eighteen to twenty four months ago. 134 00:05:09,824 --> 00:05:11,044 Do you know anyone 135 00:05:11,425 --> 00:05:13,125 who hasn't been hacked? 136 00:05:13,584 --> 00:05:15,664 That's a good that's a question from not 137 00:05:15,664 --> 00:05:18,229 hype hypothetical, but a real question for both 138 00:05:18,229 --> 00:05:18,810 of you. 139 00:05:20,229 --> 00:05:22,470 Do you know anyone who hasn't been hacked? 140 00:05:22,470 --> 00:05:23,449 Yeah. I do. 141 00:05:23,750 --> 00:05:25,769 Okay. That's good. Well, they're lucky 142 00:05:26,389 --> 00:05:28,810 because most people are getting hacked, 143 00:05:29,269 --> 00:05:30,569 all across the board. 144 00:05:31,264 --> 00:05:33,985 And the hackers are coming at, you know, 145 00:05:33,985 --> 00:05:35,605 they used to go at big corporations 146 00:05:36,064 --> 00:05:36,564 where 147 00:05:36,944 --> 00:05:37,444 the 148 00:05:39,024 --> 00:05:39,524 ransomware 149 00:05:39,904 --> 00:05:43,605 was, and continues to be millions of dollars. 150 00:05:43,665 --> 00:05:44,725 Now they're targeting 151 00:05:45,850 --> 00:05:47,389 increasingly small business 152 00:05:47,689 --> 00:05:49,709 and individuals as well. 153 00:05:50,729 --> 00:05:51,850 You know, one thing I've, 154 00:05:52,649 --> 00:05:54,189 I have, thought about 155 00:05:54,649 --> 00:05:56,329 wanted to get your take on it. I 156 00:05:56,329 --> 00:05:58,169 I think a lot of people, maybe some 157 00:05:58,169 --> 00:06:00,975 people, are using password vaults just because the 158 00:06:00,975 --> 00:06:03,295 sheer number of credentials that we have to 159 00:06:03,295 --> 00:06:03,795 have. 160 00:06:04,175 --> 00:06:05,694 I wonder how many people are just like, 161 00:06:05,694 --> 00:06:07,295 well, there's too many, so I'll just put 162 00:06:07,295 --> 00:06:08,735 them in a vault. Rather than I wanna 163 00:06:08,735 --> 00:06:10,829 be super secure, I wonder if it's just, 164 00:06:10,909 --> 00:06:12,349 you know, I've got hundreds of passwords. I 165 00:06:12,349 --> 00:06:13,470 have to put them someplace, so I might 166 00:06:13,470 --> 00:06:14,509 as well put them in a vault. I 167 00:06:14,509 --> 00:06:15,569 don't know. What do you think? 168 00:06:16,110 --> 00:06:17,569 Well, I that's a good question. 169 00:06:17,870 --> 00:06:20,829 I I looked at my passwords. I've been 170 00:06:20,829 --> 00:06:22,610 using password vaults for, 171 00:06:23,805 --> 00:06:27,324 five eight, maybe ten years, and, I probably 172 00:06:27,324 --> 00:06:30,685 have close to a thousand passwords for all 173 00:06:30,685 --> 00:06:31,745 my different accounts. 174 00:06:33,644 --> 00:06:35,105 But I think that the, 175 00:06:36,040 --> 00:06:37,980 you know, the the the tendency 176 00:06:38,360 --> 00:06:38,860 to 177 00:06:40,040 --> 00:06:42,379 people who are using password vaults 178 00:06:43,480 --> 00:06:46,139 understand the risk, and they understand 179 00:06:47,400 --> 00:06:49,560 going back to our topic a few minutes 180 00:06:49,560 --> 00:06:50,060 ago 181 00:06:50,604 --> 00:06:51,104 requiring 182 00:06:51,564 --> 00:06:52,064 randomness 183 00:06:53,084 --> 00:06:56,784 for multiple passwords and multiple accounts and differentiation, 184 00:06:58,925 --> 00:06:59,664 even though 185 00:07:00,365 --> 00:07:02,524 most people try to keep those passwords in 186 00:07:02,524 --> 00:07:03,264 their heads, 187 00:07:03,884 --> 00:07:05,185 you get to a point where 188 00:07:05,769 --> 00:07:07,789 I think, Tom, your point is well taken. 189 00:07:08,250 --> 00:07:09,789 There's a break point there, 190 00:07:10,329 --> 00:07:12,569 and it's like, I I can't remember this 191 00:07:12,569 --> 00:07:14,889 stuff, and I can't carry my snippies around 192 00:07:14,889 --> 00:07:16,909 wherever I go. And so, therefore, 193 00:07:17,209 --> 00:07:19,149 I'm going to use a password vault. 194 00:07:19,930 --> 00:07:20,430 But 195 00:07:21,314 --> 00:07:21,814 the, 196 00:07:22,355 --> 00:07:24,935 challenge is that most people 197 00:07:26,115 --> 00:07:27,735 start look. We all did. 198 00:07:28,194 --> 00:07:29,654 When we started with passwords, 199 00:07:30,035 --> 00:07:31,735 I had my favorite password. 200 00:07:33,475 --> 00:07:34,775 I think we all did. 201 00:07:35,089 --> 00:07:37,110 And my favorite password was 202 00:07:37,810 --> 00:07:40,290 not very complex. It was it was a 203 00:07:40,290 --> 00:07:42,770 six letter word with with two numbers on 204 00:07:42,770 --> 00:07:43,430 the end. 205 00:07:44,050 --> 00:07:44,550 And 206 00:07:45,810 --> 00:07:46,710 at one point, 207 00:07:48,245 --> 00:07:48,644 somebody 208 00:07:49,204 --> 00:07:51,365 I discovered that one of my accounts was 209 00:07:51,444 --> 00:07:53,204 they were trying to hack my account with 210 00:07:53,204 --> 00:07:54,584 a with an old password, 211 00:07:55,604 --> 00:07:57,625 and and that's when the 212 00:07:58,004 --> 00:07:59,784 moment came to me that I realized, 213 00:08:01,125 --> 00:08:02,904 I gotta get serious about this. 214 00:08:04,459 --> 00:08:05,980 I, I thought for a second there you 215 00:08:05,980 --> 00:08:07,580 were gonna tell us what that password was, 216 00:08:07,580 --> 00:08:09,279 and that was gonna feel kinda weird. 217 00:08:10,860 --> 00:08:12,300 It was on the tip of my tongue, 218 00:08:12,300 --> 00:08:13,600 but I withheld it. 219 00:08:14,139 --> 00:08:17,100 Nice. I I I probably still have some 220 00:08:17,100 --> 00:08:17,600 accounts 221 00:08:17,980 --> 00:08:20,754 floating out there from years ago with that, 222 00:08:20,995 --> 00:08:23,074 with that one password. So now it's going 223 00:08:23,074 --> 00:08:25,415 to mean it's going to be secret. 224 00:08:25,954 --> 00:08:26,855 Good. Good. 225 00:08:27,555 --> 00:08:28,055 So 226 00:08:28,915 --> 00:08:30,055 yeah. So these 227 00:08:30,514 --> 00:08:32,375 so when people change over 228 00:08:32,799 --> 00:08:33,540 to a password manager, 229 00:08:34,399 --> 00:08:36,580 is there evidence that they use 230 00:08:37,040 --> 00:08:37,540 randomization 231 00:08:38,000 --> 00:08:38,500 more, 232 00:08:39,200 --> 00:08:39,700 or 233 00:08:40,160 --> 00:08:42,100 do they just keep using what they're using? 234 00:08:42,559 --> 00:08:44,480 Boy, that's a good question, and I don't 235 00:08:44,480 --> 00:08:47,095 know the stats on that. But I I 236 00:08:47,095 --> 00:08:49,674 would say that's an open question because 237 00:08:50,694 --> 00:08:52,235 my guess is that 238 00:08:52,934 --> 00:08:53,834 people approach 239 00:08:54,214 --> 00:08:55,355 password faults 240 00:08:56,294 --> 00:08:58,074 with the same kind of habitual 241 00:08:58,855 --> 00:09:00,214 tendencies that they do, 242 00:09:01,120 --> 00:09:02,339 when they have their snippies, 243 00:09:02,799 --> 00:09:05,220 which is I got my 10 passwords, and 244 00:09:05,439 --> 00:09:07,539 now I'm gonna do variations on a 245 00:09:08,559 --> 00:09:11,220 theme. And that that turns out to be, 246 00:09:11,519 --> 00:09:13,860 a lot of how people vary their password. 247 00:09:13,919 --> 00:09:16,065 They have their favorite password, and then they 248 00:09:16,065 --> 00:09:16,804 they do 249 00:09:17,264 --> 00:09:19,205 some minor variations. And so 250 00:09:19,664 --> 00:09:22,404 my guess is that goes into the vault. 251 00:09:24,384 --> 00:09:26,965 You know, that brings up an interesting question 252 00:09:27,985 --> 00:09:28,485 because 253 00:09:28,865 --> 00:09:30,245 I've looked into this. 254 00:09:32,009 --> 00:09:32,830 Some password 255 00:09:33,769 --> 00:09:34,910 manager vaults 256 00:09:35,769 --> 00:09:36,269 provide 257 00:09:37,049 --> 00:09:37,549 randomization 258 00:09:38,009 --> 00:09:40,110 password generation for free. 259 00:09:40,809 --> 00:09:41,309 But 260 00:09:41,690 --> 00:09:45,049 what we're also seeing now is here's you 261 00:09:45,049 --> 00:09:47,214 know, I need a password. Here's a a 262 00:09:47,214 --> 00:09:48,355 way to monetize 263 00:09:49,615 --> 00:09:50,674 password generation. 264 00:09:51,774 --> 00:09:54,014 I use one password. They wanted to charge 265 00:09:54,014 --> 00:09:56,834 me a subscription to do a password generator, 266 00:09:57,774 --> 00:10:00,110 to to use their password generator. Wow. And 267 00:10:00,110 --> 00:10:02,289 I emailed I emailed them, and I said, 268 00:10:02,589 --> 00:10:04,209 are you guys crate you're crazy. 269 00:10:04,669 --> 00:10:06,909 And and the guy said, well, why? And 270 00:10:06,909 --> 00:10:09,950 I said, well, if you have people who 271 00:10:09,950 --> 00:10:12,924 don't wanna pay for your password manager or 272 00:10:12,924 --> 00:10:13,985 password generator, 273 00:10:14,445 --> 00:10:16,625 you're sending them outside your ecosystem. 274 00:10:17,084 --> 00:10:18,384 Why would you do that? 275 00:10:18,924 --> 00:10:21,004 You know? So these companies aren't thinking it 276 00:10:21,004 --> 00:10:21,504 through, 277 00:10:21,964 --> 00:10:22,284 but, 278 00:10:23,559 --> 00:10:25,019 there are random, 279 00:10:25,879 --> 00:10:28,139 great random generator passwords 280 00:10:28,600 --> 00:10:30,940 out there password generators out there. 281 00:10:31,559 --> 00:10:33,019 And, I think that's, 282 00:10:33,480 --> 00:10:35,980 you know, it's it's part of changing your 283 00:10:36,120 --> 00:10:37,259 your bad habits 284 00:10:38,034 --> 00:10:39,095 into good habits. 285 00:10:39,875 --> 00:10:42,115 Just to figure out what software you need 286 00:10:42,115 --> 00:10:42,855 to do that. 287 00:10:43,235 --> 00:10:44,995 So what are your thoughts about because some 288 00:10:44,995 --> 00:10:46,674 some websites, you you sign up for your 289 00:10:46,674 --> 00:10:48,754 account, and they will suggest a password to 290 00:10:48,754 --> 00:10:50,754 you that is sufficiently complex that meets their 291 00:10:50,754 --> 00:10:51,254 requirements. 292 00:10:51,875 --> 00:10:53,174 What do you think about that? 293 00:10:54,089 --> 00:10:57,529 That's also that's very interesting question. I don't 294 00:10:57,529 --> 00:10:58,829 trust anything 295 00:10:59,209 --> 00:11:01,629 that has been generated on the Internet, 296 00:11:02,409 --> 00:11:05,069 even if it's a secure count account. 297 00:11:06,649 --> 00:11:07,149 I 298 00:11:08,134 --> 00:11:10,554 use a password generator. 299 00:11:11,654 --> 00:11:13,274 Let's see. I'll look it up here. 300 00:11:13,975 --> 00:11:14,695 I use, 301 00:11:15,095 --> 00:11:16,394 something called PasswordTech. 302 00:11:18,054 --> 00:11:20,235 PasswordTech is an open source 303 00:11:21,179 --> 00:11:24,139 password generator, and it's a download you can 304 00:11:24,139 --> 00:11:26,720 download it for free off the source forge, 305 00:11:27,259 --> 00:11:29,840 and you can customize it. So my preference 306 00:11:30,220 --> 00:11:31,360 and my advice 307 00:11:31,820 --> 00:11:32,320 is 308 00:11:34,095 --> 00:11:36,414 you don't wanna generate a password over the 309 00:11:36,414 --> 00:11:36,914 Internet 310 00:11:37,294 --> 00:11:40,014 because you just don't know who's listening or 311 00:11:40,014 --> 00:11:40,514 watching, 312 00:11:41,615 --> 00:11:43,955 and that's an easy way to compromise it. 313 00:11:45,054 --> 00:11:47,394 Agreed. So so if you have a password 314 00:11:47,455 --> 00:11:48,254 generator that's, 315 00:11:49,139 --> 00:11:50,120 on your phone 316 00:11:50,980 --> 00:11:52,120 or on your computer, 317 00:11:52,899 --> 00:11:54,920 I think, you know, you're significantly 318 00:11:55,700 --> 00:11:58,759 reducing the probability unless somebody's monitoring, 319 00:11:59,460 --> 00:12:01,320 everything that you do on your computer. 320 00:12:01,804 --> 00:12:02,625 You're significantly 321 00:12:03,164 --> 00:12:05,725 reducing that probability that somebody else is gonna 322 00:12:05,725 --> 00:12:07,164 get it. So what I do is I 323 00:12:07,164 --> 00:12:07,824 I use 324 00:12:08,204 --> 00:12:09,584 that password generator 325 00:12:10,044 --> 00:12:10,704 to generate 326 00:12:11,084 --> 00:12:11,584 passwords, 327 00:12:11,964 --> 00:12:14,704 and, then I put them into my vault. 328 00:12:14,924 --> 00:12:16,784 I I load them in manually. 329 00:12:18,669 --> 00:12:20,370 So what do you make of the, 330 00:12:21,149 --> 00:12:24,350 their the conversation going on that, passwords are 331 00:12:24,350 --> 00:12:25,169 passe and 332 00:12:25,709 --> 00:12:27,709 the real thing now is pass keys? What's 333 00:12:27,709 --> 00:12:29,089 what's your thought on all this? 334 00:12:29,389 --> 00:12:32,370 Boy, I I really subscribe to that 335 00:12:33,404 --> 00:12:33,904 because, 336 00:12:35,164 --> 00:12:35,664 passkeys 337 00:12:36,445 --> 00:12:36,945 are, 338 00:12:38,125 --> 00:12:39,424 technically superior 339 00:12:41,004 --> 00:12:41,824 to passwords. 340 00:12:42,684 --> 00:12:45,664 They're superior well, the way passkey works is 341 00:12:46,204 --> 00:12:46,945 your device 342 00:12:47,490 --> 00:12:49,029 creates a unique 343 00:12:49,570 --> 00:12:51,990 private public key pair 344 00:12:52,690 --> 00:12:54,389 specifically for each website. 345 00:12:55,409 --> 00:12:58,129 The private key, just like any kind of 346 00:12:58,129 --> 00:12:58,629 encryption 347 00:12:59,504 --> 00:13:00,004 system, 348 00:13:00,384 --> 00:13:01,764 never leaves your device, 349 00:13:02,304 --> 00:13:04,165 and the public key gets stored 350 00:13:04,945 --> 00:13:07,205 by the website. So when you log in, 351 00:13:07,985 --> 00:13:11,024 the site issues a challenge that only your 352 00:13:11,024 --> 00:13:12,565 private key can solve 353 00:13:13,629 --> 00:13:14,769 without transmitting 354 00:13:15,070 --> 00:13:16,289 your actual credentials. 355 00:13:16,669 --> 00:13:18,769 So the benefit of that is that it 356 00:13:18,990 --> 00:13:21,329 it I would say it almost eliminates 357 00:13:21,870 --> 00:13:24,589 password theft because your private key never leaves 358 00:13:24,589 --> 00:13:25,329 your device. 359 00:13:26,335 --> 00:13:28,654 It removes the human error because, 360 00:13:29,054 --> 00:13:31,955 you're not reliant on weak passwords anymore, 361 00:13:32,575 --> 00:13:34,434 and it's simplifying the authentication 362 00:13:35,054 --> 00:13:38,690 process. Now the the challenge with this is 363 00:13:39,070 --> 00:13:41,629 that it's fairly new technology, and not all 364 00:13:41,629 --> 00:13:42,129 websites 365 00:13:42,910 --> 00:13:45,649 have adopted it, but we're starting to see 366 00:13:45,790 --> 00:13:47,950 more and more. But I'm a you know, 367 00:13:47,950 --> 00:13:50,669 when you if you don't any know anything 368 00:13:50,669 --> 00:13:53,085 about pass keys, it's like, what's a pass 369 00:13:53,085 --> 00:13:55,245 key? How do I use this? I'm 370 00:13:55,725 --> 00:13:57,565 As a matter of fact, it that's being 371 00:13:57,565 --> 00:14:00,445 implemented by different websites in different ways. Some 372 00:14:00,445 --> 00:14:01,965 websites use the pass key as a two 373 00:14:01,965 --> 00:14:02,865 factor authentication. 374 00:14:03,725 --> 00:14:05,985 Others use it as the primary password. 375 00:14:07,085 --> 00:14:08,789 I that's kind of weird to me. 376 00:14:09,509 --> 00:14:11,110 Like, it seems like it should be the 377 00:14:11,110 --> 00:14:11,610 primary 378 00:14:12,070 --> 00:14:12,570 password, 379 00:14:13,110 --> 00:14:14,629 and you add two f a if you 380 00:14:14,629 --> 00:14:15,449 want to. 381 00:14:16,230 --> 00:14:18,629 Right. But not but it shouldn't be the 382 00:14:18,629 --> 00:14:19,529 two f a. 383 00:14:20,629 --> 00:14:21,129 Right. 384 00:14:21,669 --> 00:14:23,434 Yeah. Yeah. If you're gonna bring hardware into 385 00:14:23,434 --> 00:14:24,735 it, it should be a pretty, 386 00:14:25,595 --> 00:14:27,934 pretty specified purpose. It should be very, 387 00:14:28,875 --> 00:14:29,375 intuitive. 388 00:14:30,714 --> 00:14:32,495 You know, I just tried 389 00:14:32,875 --> 00:14:35,034 to use pass keys. I just started using 390 00:14:35,034 --> 00:14:37,409 pass keys probably within the last twelve months 391 00:14:37,409 --> 00:14:38,149 or so. 392 00:14:38,769 --> 00:14:39,269 And 393 00:14:39,730 --> 00:14:42,290 you see passkeys, what's a passkey, and then 394 00:14:42,370 --> 00:14:44,129 so you do a little bit bit of 395 00:14:44,129 --> 00:14:46,289 research about it, and then you find out, 396 00:14:46,289 --> 00:14:48,309 oh, well, this is how it works. And, 397 00:14:49,250 --> 00:14:52,309 again, these password vaults, most of them, 398 00:14:53,695 --> 00:14:55,554 use passkeys and adapt 399 00:14:56,415 --> 00:14:59,535 to having that passkey technology built right into 400 00:14:59,535 --> 00:15:02,014 their vault so that that it makes it 401 00:15:02,014 --> 00:15:03,235 really, really simple. 402 00:15:05,779 --> 00:15:06,440 In addition, 403 00:15:07,139 --> 00:15:07,960 some password 404 00:15:08,820 --> 00:15:09,320 managers 405 00:15:10,100 --> 00:15:10,600 again, 406 00:15:11,540 --> 00:15:12,840 I use one password. 407 00:15:13,220 --> 00:15:15,779 They're it's not the best necessarily. There are 408 00:15:15,779 --> 00:15:17,000 a lot of them out there. 409 00:15:18,204 --> 00:15:19,904 One password has multifactor 410 00:15:20,445 --> 00:15:20,945 authentication 411 00:15:21,404 --> 00:15:23,325 built into it, which I really like as 412 00:15:23,325 --> 00:15:25,664 well. So instead of if I'm using 413 00:15:26,684 --> 00:15:27,825 two factor authentication 414 00:15:28,284 --> 00:15:29,884 to log in to a site instead of 415 00:15:29,884 --> 00:15:31,825 having to pick up my phone and 416 00:15:32,720 --> 00:15:35,220 put in the password and go to the 417 00:15:36,639 --> 00:15:40,019 the generator or the, you know, protecting software 418 00:15:40,080 --> 00:15:41,299 that gives me the 419 00:15:41,679 --> 00:15:44,100 certification of the the number, 420 00:15:45,040 --> 00:15:47,524 I can just flip over on my computer 421 00:15:47,745 --> 00:15:50,804 to one password and then copy the, 422 00:15:51,584 --> 00:15:53,504 code and then paste it in. So that's 423 00:15:53,504 --> 00:15:56,065 that's really convenient as well. Do you think 424 00:15:56,065 --> 00:15:57,445 it's as secure, though? 425 00:15:59,610 --> 00:16:01,210 I know there's a big argument about this. 426 00:16:01,210 --> 00:16:03,309 Some people say that is not as secure. 427 00:16:08,170 --> 00:16:09,790 I'm thinking about that question, 428 00:16:10,170 --> 00:16:12,250 and I I don't know the answer to 429 00:16:12,250 --> 00:16:12,750 it. 430 00:16:13,529 --> 00:16:13,930 I don't 431 00:16:14,625 --> 00:16:16,004 I mean, offhand, 432 00:16:16,384 --> 00:16:18,325 I don't know that the, 433 00:16:21,105 --> 00:16:22,004 the the cogeneration 434 00:16:22,465 --> 00:16:22,965 algorithms 435 00:16:23,504 --> 00:16:25,264 in a in a password vault would be 436 00:16:25,264 --> 00:16:26,644 any different than the cogeneration 437 00:16:27,345 --> 00:16:27,845 algorithms 438 00:16:28,144 --> 00:16:31,340 for for Google or or Microsoft. So I 439 00:16:31,340 --> 00:16:33,820 would think they'd be comparable unless you can 440 00:16:33,820 --> 00:16:36,860 convince me why there's a security problem there. 441 00:16:36,860 --> 00:16:39,679 I think the gap people talk about is 442 00:16:39,899 --> 00:16:41,980 if I break into your password manager 443 00:16:43,144 --> 00:16:44,925 I now I now have your two FA. 444 00:16:45,225 --> 00:16:45,965 Well, that 445 00:16:46,425 --> 00:16:46,925 yes. 446 00:16:48,665 --> 00:16:49,165 Absolutely. 447 00:16:50,745 --> 00:16:54,045 Yeah. Absolutely. So, you wanna make sure that 448 00:16:54,425 --> 00:16:55,325 that one 449 00:16:55,980 --> 00:16:58,700 password that you use to get into your 450 00:16:58,700 --> 00:16:59,200 vault, 451 00:17:00,620 --> 00:17:03,100 is not kept anywhere where anybody else can 452 00:17:03,100 --> 00:17:05,200 get, and you probably wanna change that 453 00:17:05,740 --> 00:17:06,240 regularly. 454 00:17:07,579 --> 00:17:09,019 And as a matter of fact, that same 455 00:17:09,019 --> 00:17:10,720 criticism applies to passkeys. 456 00:17:11,134 --> 00:17:13,134 We just don't think about it. If I'm 457 00:17:13,134 --> 00:17:15,075 storing my passkeys in a vault, 458 00:17:15,695 --> 00:17:17,475 if somebody breaks into my vault, 459 00:17:18,335 --> 00:17:19,875 they have my private keys. 460 00:17:22,015 --> 00:17:23,394 That's true. Yeah. 461 00:17:23,855 --> 00:17:26,035 So there there is no 462 00:17:27,269 --> 00:17:28,250 a % 463 00:17:28,869 --> 00:17:31,529 safe guarantee for anything anymore. 464 00:17:33,109 --> 00:17:35,369 You know, my dad I grew up, 465 00:17:35,670 --> 00:17:37,369 in a suburb of Chicago. 466 00:17:38,309 --> 00:17:40,970 My father was a, a German immigrant, 467 00:17:41,349 --> 00:17:41,849 and 468 00:17:42,255 --> 00:17:43,394 he raised mink. 469 00:17:44,494 --> 00:17:46,275 That was his business, and 470 00:17:46,575 --> 00:17:48,355 he had a safe in the basement. 471 00:17:48,974 --> 00:17:51,474 That was his that was his thing, and 472 00:17:52,654 --> 00:17:53,474 we've evolved 473 00:17:53,855 --> 00:17:55,234 significantly from that. 474 00:17:56,015 --> 00:17:57,535 Well, I don't know if we've evolved. We've 475 00:17:57,535 --> 00:17:57,990 changed. 476 00:18:00,230 --> 00:18:01,609 Yeah. I I would agree. 477 00:18:02,309 --> 00:18:03,910 What about what about, 478 00:18:04,230 --> 00:18:06,630 what about pass phrases? I I always like 479 00:18:06,630 --> 00:18:08,309 it when a system allows me to use 480 00:18:08,309 --> 00:18:10,309 a pass phrase, but there are many that, 481 00:18:10,390 --> 00:18:12,069 just don't wanna deal with that. The length 482 00:18:12,069 --> 00:18:13,210 is limited severely. 483 00:18:14,484 --> 00:18:15,365 I don't know. What are your what are 484 00:18:15,365 --> 00:18:17,285 your thoughts on? Describe the difference before we 485 00:18:17,285 --> 00:18:18,265 go there because 486 00:18:18,644 --> 00:18:20,325 to a lot of people, a passphrase is 487 00:18:20,325 --> 00:18:22,184 just a long pass password. 488 00:18:25,125 --> 00:18:26,744 Well, yeah, you can, 489 00:18:27,204 --> 00:18:28,825 that that I have 490 00:18:29,210 --> 00:18:31,690 I have morphed, to answer your question, Tom. 491 00:18:31,690 --> 00:18:34,269 I I used to have my password generator 492 00:18:35,130 --> 00:18:36,190 generate these, 493 00:18:37,369 --> 00:18:38,170 32 494 00:18:38,170 --> 00:18:39,769 character, 36 495 00:18:39,769 --> 00:18:40,269 character, 496 00:18:41,690 --> 00:18:42,190 texts, 497 00:18:43,494 --> 00:18:43,994 symbols, 498 00:18:44,934 --> 00:18:45,434 numbers. 499 00:18:47,255 --> 00:18:49,275 And and that gets fairly complicated 500 00:18:49,654 --> 00:18:51,994 when you are sitting in front of your 501 00:18:52,134 --> 00:18:52,634 television, 502 00:18:53,815 --> 00:18:55,034 and the 503 00:18:55,575 --> 00:18:57,034 app you wanna get in 504 00:18:58,150 --> 00:18:58,730 to through 505 00:18:59,029 --> 00:18:59,529 Roku, 506 00:18:59,830 --> 00:19:02,549 Roku, or Xbox is saying put in your 507 00:19:02,549 --> 00:19:03,049 password 508 00:19:03,430 --> 00:19:05,910 because we, you know, we just did a 509 00:19:05,910 --> 00:19:07,369 system update or whatever. 510 00:19:07,910 --> 00:19:09,750 And you're sitting there on your phone, and 511 00:19:09,750 --> 00:19:12,009 you're trying for the tenth time 512 00:19:12,544 --> 00:19:14,325 to put in those 36 513 00:19:15,025 --> 00:19:16,884 that 36 character string, 514 00:19:18,065 --> 00:19:19,125 that's why I 515 00:19:20,144 --> 00:19:22,644 moved away from that to phrases. 516 00:19:23,265 --> 00:19:23,664 And, 517 00:19:25,345 --> 00:19:26,884 that's another nice thing 518 00:19:27,509 --> 00:19:30,009 about the password generator that, 519 00:19:31,830 --> 00:19:32,330 I, 520 00:19:33,029 --> 00:19:35,769 recommended or I am using called password tech. 521 00:19:36,630 --> 00:19:38,950 You can configure it however you want. So 522 00:19:38,950 --> 00:19:42,315 you can I've configured mine for phrases of 523 00:19:42,315 --> 00:19:43,454 just different words 524 00:19:44,554 --> 00:19:44,954 with, 525 00:19:45,595 --> 00:19:48,234 a a spacer in between, and then you 526 00:19:48,234 --> 00:19:50,474 can add your special characters and you can 527 00:19:50,474 --> 00:19:50,974 add 528 00:19:51,434 --> 00:19:53,535 your numbers or whatever you want. 529 00:19:54,075 --> 00:19:56,575 It just makes it a little bit easier 530 00:19:57,079 --> 00:19:57,480 to, 531 00:19:57,880 --> 00:19:58,859 to put it in, 532 00:19:59,319 --> 00:20:02,279 in that kind of situation. Now I couldn't 533 00:20:02,279 --> 00:20:03,420 tell you the 534 00:20:04,039 --> 00:20:04,539 statistics 535 00:20:05,160 --> 00:20:05,660 of 536 00:20:07,319 --> 00:20:09,740 we all know that the bad guys now 537 00:20:11,545 --> 00:20:12,365 are incredibly 538 00:20:12,825 --> 00:20:13,325 sophisticated. 539 00:20:14,825 --> 00:20:15,964 They are using 540 00:20:16,585 --> 00:20:17,085 software, 541 00:20:18,345 --> 00:20:18,845 obviously, 542 00:20:20,265 --> 00:20:20,765 and 543 00:20:21,384 --> 00:20:22,285 social engineering 544 00:20:23,464 --> 00:20:23,964 and 545 00:20:24,265 --> 00:20:24,765 AI 546 00:20:26,069 --> 00:20:28,250 to try and figure you out. So 547 00:20:29,269 --> 00:20:31,609 what an example of that, you're constantly 548 00:20:32,309 --> 00:20:32,809 posting, 549 00:20:33,509 --> 00:20:35,690 about your dog, Fido, on Facebook 550 00:20:36,789 --> 00:20:37,769 and your wife, 551 00:20:38,149 --> 00:20:38,649 Lisa, 552 00:20:38,950 --> 00:20:40,649 and her birthday was yesterday. 553 00:20:41,855 --> 00:20:44,015 So now the bad guys have a lot 554 00:20:44,015 --> 00:20:45,634 of significant information, 555 00:20:47,455 --> 00:20:49,634 about you to start to use software 556 00:20:50,414 --> 00:20:51,474 to kinda guess 557 00:20:52,654 --> 00:20:53,474 your favorite 558 00:20:54,500 --> 00:20:56,980 combination. Now over on my screen here, I'm 559 00:20:56,980 --> 00:20:57,480 gonna 560 00:20:57,860 --> 00:21:00,279 I have I put something up just, 561 00:21:01,380 --> 00:21:03,640 to talk about when this came up. Password 562 00:21:03,860 --> 00:21:04,360 components, 563 00:21:05,059 --> 00:21:07,380 how people come up with, 564 00:21:09,224 --> 00:21:10,765 words to use in a password. 565 00:21:12,025 --> 00:21:12,845 What is 566 00:21:13,384 --> 00:21:14,825 this is a bit of a trick question. 567 00:21:14,825 --> 00:21:16,444 What is the number one, 568 00:21:17,704 --> 00:21:21,144 category of word or words that people use 569 00:21:21,144 --> 00:21:21,805 in passwords, 570 00:21:22,950 --> 00:21:24,009 password generation 571 00:21:24,470 --> 00:21:26,230 coming in at 42%. 572 00:21:26,230 --> 00:21:28,009 This is like technical jeopardy. 573 00:21:30,149 --> 00:21:32,250 And if you don't wanna guess, that's okay. 574 00:21:32,789 --> 00:21:34,569 Surprise me. Curse words. 575 00:21:35,429 --> 00:21:35,929 Yeah. 576 00:21:36,384 --> 00:21:37,605 42% 577 00:21:37,825 --> 00:21:39,904 use curse words. But let me go down 578 00:21:39,904 --> 00:21:40,484 the list. 579 00:21:41,184 --> 00:21:42,224 21% 580 00:21:42,224 --> 00:21:44,244 use a birth year. 581 00:21:44,625 --> 00:21:45,684 18% 582 00:21:45,744 --> 00:21:47,365 use a pet's name. 583 00:21:47,984 --> 00:21:48,865 18% 584 00:21:48,865 --> 00:21:49,845 use age, 585 00:21:50,200 --> 00:21:53,480 first name, child name, acronyms, dictionary words. Gets 586 00:21:53,480 --> 00:21:55,080 a little more random as you go down 587 00:21:55,080 --> 00:21:55,740 the list. 588 00:21:56,359 --> 00:21:58,940 But back to my social engineering point, 589 00:21:59,799 --> 00:22:00,680 if somebody is 590 00:22:02,724 --> 00:22:05,684 you know, they they're monitoring everything now. They're 591 00:22:05,684 --> 00:22:08,825 monitoring Facebook. They're monitoring x. They're monitoring, 592 00:22:11,125 --> 00:22:12,184 any kind of, 593 00:22:13,605 --> 00:22:16,049 digital footprint you might have. And they take 594 00:22:16,049 --> 00:22:17,190 all that information, 595 00:22:17,490 --> 00:22:17,990 and, 596 00:22:18,369 --> 00:22:19,190 they're using 597 00:22:19,809 --> 00:22:21,990 large servers and large computers. 598 00:22:22,450 --> 00:22:25,009 Who are they? Well, we know it's the 599 00:22:25,009 --> 00:22:27,909 Russians. It's the North Koreans. It's the Chinese. 600 00:22:28,130 --> 00:22:29,190 It's the Iranians. 601 00:22:29,569 --> 00:22:32,095 It's, you know, our favorite people on the 602 00:22:32,095 --> 00:22:32,595 planet. 603 00:22:33,134 --> 00:22:35,714 And not that those people 604 00:22:36,095 --> 00:22:38,414 as a category are bad people, but those 605 00:22:38,414 --> 00:22:41,375 nation states are certainly not, you know, friendly 606 00:22:41,375 --> 00:22:42,195 towards us. 607 00:22:42,549 --> 00:22:44,549 And so they're using all of this social 608 00:22:44,549 --> 00:22:45,049 information 609 00:22:45,430 --> 00:22:47,210 to try and figure out what our passwords 610 00:22:47,269 --> 00:22:48,009 are. So, 611 00:22:49,269 --> 00:22:51,289 you know, thus the random generation, 612 00:22:52,070 --> 00:22:54,950 more secure, passkeys, more secure, the more you 613 00:22:54,950 --> 00:22:56,755 can mix it up. But you have to 614 00:22:56,755 --> 00:22:58,375 change it. You have to keep changing. 615 00:22:59,075 --> 00:23:00,615 You can't keep things static. 616 00:23:01,714 --> 00:23:03,315 I think it's interesting that you talk about 617 00:23:03,315 --> 00:23:04,134 changing passwords 618 00:23:04,434 --> 00:23:06,515 because that's not a habit I have. It's 619 00:23:06,515 --> 00:23:08,519 changing my passwords on a regular basis. 620 00:23:08,839 --> 00:23:12,039 Right. Because I figure I'm using a password 621 00:23:12,039 --> 00:23:12,539 vault. 622 00:23:13,400 --> 00:23:15,500 I use random long pass phrases 623 00:23:16,039 --> 00:23:17,099 for most everything, 624 00:23:17,880 --> 00:23:20,700 and every account has a different password. 625 00:23:21,335 --> 00:23:24,055 I never reuse them. So what's the value 626 00:23:24,055 --> 00:23:24,714 of changing 627 00:23:25,734 --> 00:23:26,234 if 628 00:23:26,535 --> 00:23:27,515 that's the position? 629 00:23:27,974 --> 00:23:29,275 Like, what am I gaining, 630 00:23:30,934 --> 00:23:31,994 by doing that? 631 00:23:34,880 --> 00:23:38,099 You're gaining security. You're gaining you're increasing randomness, 632 00:23:38,480 --> 00:23:40,500 and you're gaining security through that. 633 00:23:42,640 --> 00:23:43,859 We all have 634 00:23:44,640 --> 00:23:45,140 this 635 00:23:46,434 --> 00:23:46,934 predilection 636 00:23:47,715 --> 00:23:50,455 to default back to our one favorite password. 637 00:23:51,634 --> 00:23:52,535 And so 638 00:23:53,795 --> 00:23:55,015 we have to fight 639 00:23:55,715 --> 00:23:58,295 hard to break that habit, and 640 00:23:58,960 --> 00:24:01,539 we, I think, get lulled into 641 00:24:03,759 --> 00:24:05,220 different levels of 642 00:24:05,680 --> 00:24:07,220 false senses of security, 643 00:24:08,960 --> 00:24:10,019 by thinking that 644 00:24:10,320 --> 00:24:12,180 I got it in a password vault. 645 00:24:13,055 --> 00:24:13,555 My 646 00:24:14,335 --> 00:24:16,894 my my 10 favorite passwords are there, and 647 00:24:16,894 --> 00:24:18,674 I don't have to worry about it anymore. 648 00:24:18,734 --> 00:24:20,414 So you just you just have to keep 649 00:24:20,414 --> 00:24:22,835 thinking about it and keep randomizing it. 650 00:24:25,144 --> 00:24:25,644 I 651 00:24:27,289 --> 00:24:27,789 had, 652 00:24:28,570 --> 00:24:30,970 I have another company that I'm a a 653 00:24:30,970 --> 00:24:32,829 partner in, and I do, 654 00:24:34,009 --> 00:24:34,670 the technology 655 00:24:35,049 --> 00:24:36,190 and and security 656 00:24:36,650 --> 00:24:37,549 for that company. 657 00:24:38,170 --> 00:24:39,390 And when I realized 658 00:24:39,769 --> 00:24:40,269 that 659 00:24:41,204 --> 00:24:44,265 my three other partners and the three other 660 00:24:44,884 --> 00:24:46,105 gals in our company 661 00:24:46,804 --> 00:24:48,424 were all using 662 00:24:49,125 --> 00:24:50,424 their same 663 00:24:51,204 --> 00:24:51,704 password 664 00:24:52,164 --> 00:24:52,825 for everything, 665 00:24:53,539 --> 00:24:55,700 and this was, you know, within the last 666 00:24:55,700 --> 00:24:56,200 year, 667 00:24:57,859 --> 00:24:58,919 I tried to 668 00:24:59,940 --> 00:25:02,599 I I hired a company out of Michigan 669 00:25:03,140 --> 00:25:03,960 that does 670 00:25:04,980 --> 00:25:05,480 cybersecurity 671 00:25:06,339 --> 00:25:09,134 training for small business, And I thought this 672 00:25:09,134 --> 00:25:10,515 this might be a good way 673 00:25:11,134 --> 00:25:13,315 to approach this rather than me 674 00:25:13,775 --> 00:25:15,555 telling them what to do. 675 00:25:16,654 --> 00:25:19,134 Here here's this program, and the program was 676 00:25:19,134 --> 00:25:20,994 pretty simple. The program was 677 00:25:21,400 --> 00:25:23,480 you have to watch a three to five 678 00:25:23,480 --> 00:25:25,179 to seven minute video 679 00:25:26,119 --> 00:25:26,940 once a month, 680 00:25:27,400 --> 00:25:28,700 so not too 681 00:25:29,000 --> 00:25:29,500 drastic. 682 00:25:30,599 --> 00:25:33,079 And the videos were about the topics we're 683 00:25:33,079 --> 00:25:33,900 talking about. 684 00:25:34,745 --> 00:25:35,404 It's about 685 00:25:35,705 --> 00:25:37,485 password strength, it's about 686 00:25:37,865 --> 00:25:38,924 password security, 687 00:25:41,625 --> 00:25:43,945 phishing what does a phishing attack look like, 688 00:25:43,945 --> 00:25:45,005 etcetera, etcetera. 689 00:25:46,105 --> 00:25:46,605 And 690 00:25:47,759 --> 00:25:48,259 what 691 00:25:48,720 --> 00:25:51,299 happened was after a couple of months, 692 00:25:52,640 --> 00:25:54,180 not only did I get 693 00:25:54,960 --> 00:25:55,460 resistance, 694 00:25:57,039 --> 00:25:59,539 people got very angry at me. 695 00:26:02,434 --> 00:26:04,595 And because I I couldn't get them to 696 00:26:04,595 --> 00:26:07,315 watch the video, so I'd say on our 697 00:26:07,315 --> 00:26:09,414 team call, did you watch video? No. 698 00:26:10,115 --> 00:26:12,355 I'd send an email reminder because I could 699 00:26:12,355 --> 00:26:13,255 go into the 700 00:26:13,789 --> 00:26:15,950 monitoring system and see who was watching, who 701 00:26:15,950 --> 00:26:16,769 wasn't watching. 702 00:26:18,029 --> 00:26:19,950 I'd send an email. I'd send them a 703 00:26:19,950 --> 00:26:21,309 text. You know, I kinda mix it up 704 00:26:21,309 --> 00:26:23,390 a little bit, try and keep the pressure 705 00:26:23,390 --> 00:26:25,409 on in a friendly way. 706 00:26:26,815 --> 00:26:29,954 And, people just got really angry at me, 707 00:26:30,014 --> 00:26:32,034 and I I was very 708 00:26:32,575 --> 00:26:34,255 surprised by that. I mean, I there was 709 00:26:34,255 --> 00:26:35,634 so much resistance 710 00:26:36,575 --> 00:26:38,575 that I had to kill the program. It 711 00:26:38,575 --> 00:26:39,634 wasn't worth it. 712 00:26:39,934 --> 00:26:41,154 We were wasting money. 713 00:26:42,450 --> 00:26:42,950 And, 714 00:26:43,490 --> 00:26:45,029 as I thought about that, 715 00:26:45,569 --> 00:26:47,029 I thought, you know, why 716 00:26:47,569 --> 00:26:50,130 woah. Why? Why why wouldn't you wanna learn 717 00:26:50,130 --> 00:26:52,549 how to protect yourself? Why wouldn't you 718 00:26:53,650 --> 00:26:56,634 wanna take these proactive steps to keep your 719 00:26:56,634 --> 00:26:59,835 money safe and your everything, your email safe 720 00:26:59,835 --> 00:27:00,575 and whatever? 721 00:27:02,234 --> 00:27:03,295 And what I realized 722 00:27:03,674 --> 00:27:05,134 from that is that 723 00:27:06,075 --> 00:27:06,815 there are 724 00:27:07,195 --> 00:27:08,414 layers of 725 00:27:09,230 --> 00:27:09,730 humanity 726 00:27:10,430 --> 00:27:13,470 that we overlay on top of this simple 727 00:27:13,470 --> 00:27:14,690 thing called a password. 728 00:27:15,710 --> 00:27:17,090 So I can't 729 00:27:17,789 --> 00:27:18,509 Tom, if you're 730 00:27:19,309 --> 00:27:20,450 if you have bad 731 00:27:21,164 --> 00:27:22,465 behavior, I can't just 732 00:27:22,845 --> 00:27:25,005 call you and say, Tom, you really should 733 00:27:25,005 --> 00:27:26,545 use a password vault. 734 00:27:28,765 --> 00:27:31,325 That's gonna fall that's gonna be like water 735 00:27:31,325 --> 00:27:33,805 off of a duck. And so but why 736 00:27:33,805 --> 00:27:35,025 is that? Well, 737 00:27:35,880 --> 00:27:37,500 when we all started 738 00:27:39,640 --> 00:27:42,460 as cavemen and women or cave whatever, 739 00:27:43,160 --> 00:27:45,559 back in the days when we had one 740 00:27:45,559 --> 00:27:46,059 password, 741 00:27:46,920 --> 00:27:48,839 what do you do? You type that same 742 00:27:48,839 --> 00:27:49,740 password in 743 00:27:50,585 --> 00:27:52,585 how many times a day, 10 times a 744 00:27:52,585 --> 00:27:54,204 day, 20 times a day, 745 00:27:55,144 --> 00:27:57,944 and you repeat that over the week, and 746 00:27:57,944 --> 00:27:59,785 you repeat that over the months, and you 747 00:27:59,785 --> 00:28:01,164 repeat that over the years. 748 00:28:02,184 --> 00:28:03,724 And what happens is 749 00:28:04,664 --> 00:28:05,325 you build 750 00:28:06,099 --> 00:28:06,919 not only 751 00:28:07,619 --> 00:28:08,119 psychology 752 00:28:09,299 --> 00:28:10,359 of I 753 00:28:11,220 --> 00:28:13,319 just this is how I use passwords 754 00:28:14,579 --> 00:28:15,879 but it becomes 755 00:28:16,819 --> 00:28:17,319 physiological 756 00:28:18,740 --> 00:28:19,240 and 757 00:28:19,825 --> 00:28:21,744 what I mean by that is you're it's 758 00:28:21,744 --> 00:28:25,424 the muscle memory. You're repeating this pattern over 759 00:28:25,424 --> 00:28:27,285 and over and over and over again. 760 00:28:28,545 --> 00:28:29,045 And 761 00:28:29,345 --> 00:28:32,065 your mind decides that you just I you 762 00:28:32,065 --> 00:28:33,125 know, you just automatically 763 00:28:33,424 --> 00:28:36,170 default to using the same password. That's the 764 00:28:36,170 --> 00:28:38,029 psychology of it because it's easy. 765 00:28:38,650 --> 00:28:40,650 And you type it in a hundred times 766 00:28:40,650 --> 00:28:43,450 a day. That's the physiology, and it creates 767 00:28:43,450 --> 00:28:44,110 a pattern 768 00:28:44,490 --> 00:28:45,150 of behavior 769 00:28:45,450 --> 00:28:47,710 of behavior, and that becomes the habit. 770 00:28:48,315 --> 00:28:50,575 And the problem is that over time, 771 00:28:51,434 --> 00:28:52,255 this process 772 00:28:52,634 --> 00:28:54,894 gets wired into our neuropathways, 773 00:28:56,315 --> 00:28:57,615 making this behavior 774 00:28:58,474 --> 00:28:58,974 automatic. 775 00:28:59,994 --> 00:29:00,494 And 776 00:29:00,875 --> 00:29:01,375 neuroscientists 777 00:29:02,970 --> 00:29:04,829 refer to this as neuroplasticity. 778 00:29:06,329 --> 00:29:07,150 And so, 779 00:29:08,089 --> 00:29:09,609 you know, when I thought about this and 780 00:29:09,609 --> 00:29:10,190 I started 781 00:29:10,650 --> 00:29:13,210 thinking about it, researching it, you know, why 782 00:29:13,210 --> 00:29:14,589 is there so much resistance? 783 00:29:15,674 --> 00:29:17,215 It's because of this 784 00:29:17,674 --> 00:29:21,055 layered human behavior, the psychology, the physiology, 785 00:29:21,434 --> 00:29:22,174 the habitual 786 00:29:22,634 --> 00:29:23,295 the habitual 787 00:29:23,755 --> 00:29:25,134 habits that we have. 788 00:29:25,595 --> 00:29:28,255 Very hard. You have to break those first 789 00:29:29,579 --> 00:29:31,440 before you can form new ones. 790 00:29:32,299 --> 00:29:34,960 So that was an interesting lesson learned, 791 00:29:35,500 --> 00:29:37,099 from that. Do you think there also might 792 00:29:37,099 --> 00:29:38,960 be something to it where people say, 793 00:29:39,740 --> 00:29:41,419 no. I actually do a really good job 794 00:29:41,419 --> 00:29:42,640 of picking passwords. 795 00:29:44,355 --> 00:29:46,855 Like, you know, there's, like, a a defensiveness 796 00:29:47,154 --> 00:29:47,815 to it. 797 00:29:48,434 --> 00:29:50,375 Oh, of course. Absolutely. 798 00:29:52,755 --> 00:29:54,275 And I I think that, 799 00:29:55,920 --> 00:29:59,380 we trick ourselves, we fool ourselves there 800 00:29:59,840 --> 00:30:01,700 by thinking that we can, 801 00:30:03,360 --> 00:30:04,980 pick our own random passwords. 802 00:30:05,759 --> 00:30:06,259 Because 803 00:30:06,559 --> 00:30:07,700 what do we do 804 00:30:08,160 --> 00:30:08,660 subconsciously? 805 00:30:10,904 --> 00:30:12,365 We default to 806 00:30:12,904 --> 00:30:15,865 curse words, birth years, pet names, ages, and 807 00:30:15,865 --> 00:30:16,365 etcetera. 808 00:30:17,224 --> 00:30:19,085 And so you can't trust yourself 809 00:30:20,024 --> 00:30:20,524 to, 810 00:30:21,384 --> 00:30:24,284 be as random as a random generator. 811 00:30:27,159 --> 00:30:28,220 Don't trust yourself. 812 00:30:30,519 --> 00:30:31,019 Okay. 813 00:30:31,559 --> 00:30:33,480 That's that's our lesson for today. Don't trust 814 00:30:33,480 --> 00:30:33,980 yourself. 815 00:30:36,839 --> 00:30:39,019 And I think that's a good lesson, actually. 816 00:30:40,805 --> 00:30:42,884 So is there anything else you wanted to 817 00:30:42,884 --> 00:30:45,605 hit before we wrap this up, Carl? Is 818 00:30:45,605 --> 00:30:48,085 there, like, more to the psychology of passwords, 819 00:30:48,085 --> 00:30:50,085 or have we kinda hit what you wanted 820 00:30:50,085 --> 00:30:51,845 to talk about? Yeah. I I think I 821 00:30:51,845 --> 00:30:53,285 think we really hit it. 822 00:30:54,325 --> 00:30:57,819 I I there's another interesting set of statistics 823 00:30:57,960 --> 00:31:00,039 I'll give you before we wrap this, which 824 00:31:00,039 --> 00:31:00,859 is that, 825 00:31:03,000 --> 00:31:04,839 of this survey that was, 826 00:31:05,240 --> 00:31:08,700 done that I referred to by security.org, 827 00:31:09,214 --> 00:31:11,714 they found that at least thirty eight percent 828 00:31:12,174 --> 00:31:13,795 of the survey participants 829 00:31:15,214 --> 00:31:17,795 had at least one password hacked. 830 00:31:18,815 --> 00:31:21,295 And so they looked at the subset of 831 00:31:21,295 --> 00:31:23,315 people who had hacked passwords 832 00:31:24,259 --> 00:31:26,119 to find out if they had changed 833 00:31:26,420 --> 00:31:27,160 their behavior, 834 00:31:28,100 --> 00:31:29,160 and their behavior 835 00:31:29,860 --> 00:31:30,360 was 836 00:31:31,220 --> 00:31:31,720 worse. 837 00:31:32,259 --> 00:31:33,480 I mean, I guess, 838 00:31:34,019 --> 00:31:36,420 after getting hacked, they still didn't change their 839 00:31:36,420 --> 00:31:36,920 behaviors. 840 00:31:37,299 --> 00:31:38,360 Eighty nine percent 841 00:31:39,234 --> 00:31:41,015 still use the same password 842 00:31:41,714 --> 00:31:43,575 or a slight variation thereof. 843 00:31:43,875 --> 00:31:46,214 Seventy four percent shared passwords. 844 00:31:46,994 --> 00:31:48,615 Sixty one percent had 845 00:31:48,994 --> 00:31:52,355 characters less than their, passwords with less than, 846 00:31:52,674 --> 00:31:53,414 eight characters. 847 00:31:54,490 --> 00:31:56,650 So I I guess the moral of the 848 00:31:56,650 --> 00:31:57,549 story is 849 00:31:58,329 --> 00:31:58,829 we 850 00:32:00,809 --> 00:32:03,150 this is sort of like to a degree, 851 00:32:03,369 --> 00:32:04,349 I think it's like 852 00:32:04,650 --> 00:32:05,789 Alcoholics Anonymous 853 00:32:06,169 --> 00:32:07,710 or any kind of addiction. 854 00:32:08,115 --> 00:32:09,974 You have to realize you have a problem 855 00:32:10,755 --> 00:32:13,494 before you can start to address the problem. 856 00:32:14,434 --> 00:32:16,674 And so that is, 857 00:32:17,634 --> 00:32:20,674 I know, Russ, you saw my blog on, 858 00:32:20,994 --> 00:32:21,894 that I posted. 859 00:32:22,970 --> 00:32:24,590 So I would just finish 860 00:32:25,289 --> 00:32:26,410 in saying that, 861 00:32:26,809 --> 00:32:27,710 I've decided 862 00:32:28,330 --> 00:32:30,410 as a result of this experience with my 863 00:32:30,410 --> 00:32:33,309 business partners and business associates. 864 00:32:34,090 --> 00:32:35,549 I've decided to write, 865 00:32:35,930 --> 00:32:38,184 a book about personal cybersecurity, 866 00:32:39,605 --> 00:32:40,105 and 867 00:32:40,884 --> 00:32:42,565 it's gonna be, I think, a little bit 868 00:32:42,565 --> 00:32:44,805 different in two ways. One, I'm gonna start 869 00:32:44,805 --> 00:32:46,904 by talking about the human 870 00:32:47,285 --> 00:32:47,785 sociology, 871 00:32:48,404 --> 00:32:48,904 physiology, 872 00:32:49,605 --> 00:32:50,910 psychology of it 873 00:32:51,470 --> 00:32:53,650 to kinda set the stage. But then 874 00:32:54,430 --> 00:32:55,490 at part two, 875 00:32:56,590 --> 00:32:58,670 I'm going to try and give people who 876 00:32:58,670 --> 00:32:59,410 are nontechnical 877 00:33:00,190 --> 00:33:03,230 just a step chapter by chapter, step by 878 00:33:03,230 --> 00:33:03,730 step. 879 00:33:04,269 --> 00:33:05,490 And the point is, 880 00:33:06,634 --> 00:33:09,214 don't read this book like War and Peace, 881 00:33:09,914 --> 00:33:12,494 if anybody actually reads War and Peace anymore. 882 00:33:13,355 --> 00:33:14,954 But just take it a step at a 883 00:33:14,954 --> 00:33:17,514 time. Take a chapter. Do a couple things. 884 00:33:17,514 --> 00:33:18,734 Everything you do 885 00:33:19,480 --> 00:33:22,139 is gonna take you in the right direction. 886 00:33:22,200 --> 00:33:22,700 And 887 00:33:23,240 --> 00:33:23,819 a month, 888 00:33:24,599 --> 00:33:26,059 six months, a year from 889 00:33:26,440 --> 00:33:26,940 starting, 890 00:33:27,319 --> 00:33:29,960 you're gonna be much further off. So I'll 891 00:33:29,960 --> 00:33:33,319 just plug my book is my pen name 892 00:33:33,319 --> 00:33:33,819 is 893 00:33:34,774 --> 00:33:36,315 Adventures of a Sage, 894 00:33:36,934 --> 00:33:37,595 which is 895 00:33:38,294 --> 00:33:39,835 a kind of a tongue in cheek 896 00:33:40,134 --> 00:33:41,674 brand about discovery. 897 00:33:42,454 --> 00:33:42,934 And, 898 00:33:43,734 --> 00:33:47,894 the blog is on adventuresofasage.us, 899 00:33:47,894 --> 00:33:48,794 and I'm posting 900 00:33:49,380 --> 00:33:50,119 three cybersecurity 901 00:33:50,820 --> 00:33:51,320 tips 902 00:33:51,700 --> 00:33:54,440 every week right now. So if you're interested 903 00:33:54,500 --> 00:33:55,559 in learning more, 904 00:33:56,259 --> 00:33:58,579 please take a look and, you know, you 905 00:33:58,579 --> 00:33:59,720 can sign up for 906 00:34:00,019 --> 00:34:03,044 more news along the way. I do appreciate 907 00:34:03,044 --> 00:34:03,784 the opportunity 908 00:34:04,085 --> 00:34:06,404 to, speak with both of you, and, thanks 909 00:34:06,404 --> 00:34:08,484 very much. Yeah. Yeah. Thanks for joining us, 910 00:34:08,484 --> 00:34:10,585 Carl. It's been great. My pleasure. 911 00:34:11,125 --> 00:34:13,284 So any any place anything else you wanna 912 00:34:13,284 --> 00:34:14,965 throw out? Any other social media or anything 913 00:34:14,965 --> 00:34:16,184 that you're listening to? 914 00:34:18,030 --> 00:34:21,070 Well, I have, I do I do posts 915 00:34:21,070 --> 00:34:21,550 on, 916 00:34:21,869 --> 00:34:23,970 Facebook. It's, n x. 917 00:34:24,590 --> 00:34:25,070 It's, 918 00:34:25,390 --> 00:34:26,369 Sage Adventures 919 00:34:26,829 --> 00:34:29,114 with the number one on Facebook and x, 920 00:34:29,195 --> 00:34:31,514 and I'm on LinkedIn as Carl Buell, and 921 00:34:31,514 --> 00:34:33,835 you can follow me there as well. Alright. 922 00:34:33,835 --> 00:34:34,335 Excellent. 923 00:34:34,954 --> 00:34:36,655 Russ, where can people find you? 924 00:34:37,195 --> 00:34:37,695 LinkedIn 925 00:34:38,795 --> 00:34:39,295 x 926 00:34:39,755 --> 00:34:40,735 routing geek 927 00:34:41,114 --> 00:34:42,335 and here at the hedge. 928 00:34:42,940 --> 00:34:43,440 Alright. 929 00:34:43,739 --> 00:34:45,340 Well, my name is Tom Ammon. I'm, 930 00:34:46,300 --> 00:34:49,179 on LinkedIn as well. And you can find 931 00:34:49,179 --> 00:34:51,260 me there and you can, of course, find 932 00:34:51,260 --> 00:34:53,820 Russ wherever you find him. He's everywhere. And 933 00:34:53,820 --> 00:34:55,420 thanks for joining us for the hedge. Thank 934 00:34:55,420 --> 00:34:57,364 you, especially Carl, for joining us. And we 935 00:34:57,364 --> 00:34:59,045 know your time is is important and your 936 00:34:59,045 --> 00:35:00,724 attention is important, and we appreciate you sharing 937 00:35:00,724 --> 00:35:01,784 some of that with us today.