I sent you the article that Katy Perry finally apologized to Taylor Swift, I sent her a nice card with an actual olive branch, you know, instead of extending the olive branch she just, you know, cut one down and gave it to her. Oh my God, I see the gesture, I get it. But anyone who doesn't know that Taylor Swift and Katy Perry have had beef, I need to listen to the song Bad Blood by T Swift, and, you know, just catch up on your pop culture. But, yeah, so Katy Perry apologized to Taylor and Taylor went on Instagram and said, you know, she's like, oh, I really appreciate the gesture and everything like that.
So, we'll see if this whole shenanigans is behind them. And, Lou, do you even know why it started? I don't like all at this moment. I mean, it's been like years, hasn't it?
Oh, yeah. Oh, yeah, a long time ago. And it was over backup dancers, yeah, essentially. Totally something that would be true of, you know, people in the arena of singing and music.
Oh, yeah, we're back at dancers. We're going to have to fight over that. Basically, if you think about it, it's like, all right. So, you know, these two startups, you know, are starting up.
And one of them says, like, hey, I need to borrow some resources from you. You know, it's just, you know, for this amount of time, yada yada yada, but I need them for at least this many months. And they're like, okay, yeah, cool, you know, and then here's these resources, you know, whether it be, let's just say engineering talent. So here's the engineers, you know, that will come and work for you for, you know, six months, you know, just to help get you off the ground.
It's a mutual agreement. And then halfway through, the person's like, hey, I need the engineers back. Like, well, wait, what? No, you said we get, it's like, no, they're coming back now.
And that's essentially what starts the whole thing. Okay. So I have, I guess, two, two small things. So I have a dad joke to insert here, which I'm definitely working on this dad joke stuff.
So if two vegans get into a fight, is it still called beef? Do they still have beef with each other? I'm not a dad joke. Okay.
All right. Well, Taylor Swift and, and Katy Perry definitely seem like, like they probably beat the vegan type. So I had to insert that and they definitely had some beef with each other. So, okay.
So dad jokes are dad jokes because they're only funny to kids, right? And yes, maybe older kids might know what having beef is, but that's a corny joke. I don't think it's a dad joke. Here's a dad joke for you.
What's a crow's favorite drink? I don't know. Ah, fee. Wow.
That was riveting. That's a dad joke because kids will eat that up. And dad saying it's the best thing in the world because they made their kids laugh. But that joke is so dumb.
Okay. All right. Fair enough. I schooled by the dad.
So the second part to my reaction to this is why are you brushing up on dad jokes? Why are you just going to skip over that? Like, why are you brushing up on dad jokes? Hey, man, someday I got to be a dad.
So, you know, I got to like perfect the art. You know, it's a dad in training. You're not even married yet. You know, I don't have to be married to be a dad.
You know, I know that firsthand, but like, I don't know. You seem like you're going down like kind of a traditional path here and traditional maybe the wrong word to use. But I mean, I feel like you're not going to be a dad for a while. Like, are you telling your nephew like these jokes?
If so, then you have to be telling him the awesome dirty, you know, uncle jokes. And that's a different, it's a different, you know, ball game. I don't know that I would say I've shared those with him. We did get him to sing.
Like, hey, buddy, hey, buddy, what's green and smells like pork? Kermit's finger. That was that was decent. That's all I got.
I was like, okay. That was that was passable. Yeah. So I don't know.
I think it's going to take some time. You know, pop culture isn't my thing. Probably jokes are neither. So, you know, I got to I got to go through like the get my bachelor's and my master's to be at least passable in the dad joke department.
You keep swinging for the fences, you know, but you know, long way to go. You're still in T-ball. So the other question I had is around olive branches. So, you know, I've long heard the idea that, you know, you extended olive branch, somebody or whatever.
What is it? One, do you have any idea what it comes from into? Is there any significance to like an olive branch? Like in the sense of like one, where do I obtain an olive branch?
Especially if you're from like the neighborhoods where we live from. It's like, you know, Southern California. Not many like olive trees around, I don't think. Okay, if you're Katy Perry with the resources of Katy Perry, I'm sure she could go to someone say, hey, I need an olive branch and there would be some Anne Hathaway who'd be running around, you know, all day, wherever she is in LA or New York or wherever they're having to be trying to find someone who's an olive branch dealer.
Have you ever seen the Devil Wears Prada? No. And quick question. There is olive branch dealers.
No, so you don't get my reference. It's fine. So in the movie, the Devil Wears Prada, which is one I should definitely add to your list because it's one of my guilty pleasure movies, one that I will watch just, you know, for fun. Very chick flick.
I guess it's not too chick flick, but it's about a girl who gets a job at a fashion magazine working as a personal assistant for a fashion magazine editor and played by Meryl Streep and Anne Hathaway says this assistant who has nothing to do with fashion. She doesn't know anything about it. And this editor, she's just like intense. Like she demands everything.
She wants everything a certain way. She's known for, you know, firing people just on the spot. So this assistant, you know, really wants this internship, you know, this job basically to add to her resume to become an editor or write herself. So she goes through all these things.
And one of the things is in the movie is she has to find the new Harry Potter book that hasn't even been released yet. So she has to go through all this trouble, like finding the manuscripts and, you know, getting them in time to give to Meryl Streep's daughters before they get on a train and it's crazy. She's running all over the place trying to find, you know, people who have these resources to get what she needs to get. So I mentioned that just becomes like, like I said, if you have the Katy Perry, you have an Anne Hathaway to go and, you know, do all these things for you who will basically just run around the city like crazy trying to find an olive branch.
I'm sure there's no problem to do that. As far as the significance of an olive branch, I went to go search for it, but my internet just said no. And I'm like, okay, well, I guess that's a good sign that maybe I'll leave that to you to find out. Okay, I guess we'll put that in follow up for next week to figure out what the hell the meaning of an olive branches in terms of a sorry.
It's biblical, I'm pretty sure. Okay, I mean, I wouldn't be surprised by that. So I guess in other news this week, there's some, this is like traditionally Google's like big announcements for the year week where they do their conferences called IO and what they announced Android P, right? That's the new version and they're all desserts too, right?
So what was P? No, they dropped that. I think they dropped that last year with Android O, right? Wait, O was Oreo, wasn't it?
Maybe, but I think they dropped it. Oh, okay. Well, we'll show so much. I know it was what was in.
I don't know. Nutter butter. Okay. What was what was admin?
Marshmallow. It was marshmallow. Oh, yeah, marshmallow. Yeah, it was marshmallow.
You can tell we're not Google people. He's like, he's like pumpkin pie. You know, that's what it's going to be. You know, pumpkin pie is not a great dessert, though.
I tend to agree with you there, actually. He caught on by the other hand, like I can, I can get down to the con pie. All right. So, Andrew, I'm going to be completely honest.
I didn't look at it at all. It's a little duplex thing because that was all over the news. But what can you tell me about it other than? I know there, I did see like one of those slides where there's like the bullet pointed, like short list of a bunch of features and, and I saw that, you know, like there were some changes to the notifications and changes to gestures.
So in gestures also in show notes. So I assume that's like a huge piece of this. So what do you, what do you mean by gestures? So I just want to cut it out because right now I think, you know, everyone's trying to figure out gestures.
So I looked at these, you know, just the news. Like I browse here and there and yeah, when Google IO, you know, what's happening, there's obviously a bunch of news there. So I just came through it and when they started going through the slides on Andrew P, same thing, I was like, Oh, just here's cool. So I wanted to kind of like just ask you about gestures, how you feel about them, because whereas before, you know, like physical buttons were everywhere, right?
That was how we interacted with everything was like with the click of a button or some abstraction layer between you and the content that you're working with. And now, you know, everything seems to be moving to like these gestures. And I'm curious what your thoughts aren't have because also you're personally like, I love it. I don't miss having physical buttons.
There's there's some people who are like, Oh, I love, you know, the feel of a physical button. I'm like, I don't really care. Like I have a fidget cube for that if I'm ever like button nostalgia, and I want to, you know, you know, press on some buttons or I'll go, you know, on a video game, you know, a console like the switch or the PS, you know, for control that I have like, I'll pick up one of those and then I can get my, you know, get my fix on button, button feel and not feel, but I'm curious what your thoughts or opinions are on gestures. So I guess I don't I like where gestures are going, but I don't like sometimes new gestures because when I know how to do something a really old sort of obtuse way, I don't often learn the new gesture.
So I guess the best example I can give to you is something like on iOS when you want to switch an app, I'm still that person that primarily goes back to the home screen and it selects a different app instead of, you know, some of the gesture controls that you can do to get there or another example is I'm just going to use messages because I said common one on iOS, you want to switch back to the threat of all the people or people you were having conversations with. There's that swipe from the right or a slight from the left gesture across your screen and it goes like back to the previous view of list and in that view, I never use that gesture. I always go up and tap back. So I don't know.
I think it's kind of hard when gestures are added. I think what I really am good at though is when gestures are from the beginning are set this way. I'm I'm good at building those into work because that's the only way I know how to do it, but it's only when they're not that way from the beginning and are added in later than I just I can't jump in and do that every train by brain. It seems like so every once in all I remember it and I'm like oh, I should use that more and then I don't.
So you're saying you're an old dog that can't learn any tricks. Yeah, especially when it comes to gestures, I think I am. Wow. Okay, fair enough.
I was just like I said, I put it in there just because you know, with Google IO happening and the new version of Android, you know, that was one of the things that they're focusing on. So I like I said, I wanted to see where your thoughts were relying and if they, you know, match mind, which in this case, they don't, which is a good thing because it makes for a good conversation. Yeah, I definitely am not a fan of buttons. I'm happy buttons are going away, but it's a very big uphill battle to get to sort of learn these other gestures.
And it's interesting because when I think of something like Apple Watch, which has tons of gestures to get to like, you know, different things and so on and so forth, because the watch is something that was built, you know, kind of from the beginning with that, but with all that in mind, I've learned the gestures over time and it's kind of makes sense. But when I look at something like iOS, which started with tons of buttons and has slowly moved towards gestures, it's something that I haven't been able to integrate into my workflow as easily. So yeah, old dog new tricks. It's kind of sad, but totally true.
That's an attack song to have it true. I wouldn't know this. I don't know about culture. It's an established man.
I think that's all you know, Canon for this show. All right. So Google duplex, did you happen to see that part of the IO presentation? I mean, it was kind of all over the news, but I guess I should ask.
Yeah, no. So tell me more about it because I must have missed this news cycle. Okay. So I might have to pause you for a second.
I actually have you watch the video on it, but long story short, they're setting out to build an assistant in which case their example and I'll just use their example is that you tell the assistant, Hey, I want to book a haircut on say Tuesday from somewhere between 10 and 12. And in the background, the assistant calls us calls like the salon you use and actually interacts with the person at the front desk with salon as if it were a human in slightly and interesting way, like where it's got uses non robotic like natural language, you know, speaking to the human and says, Hey, I'm calling to book a hair appointment for my client. I'm looking for Tuesday and I think it shoots at a time first and says, Hey, like, how about this time? And the salon says like, she says she needs a second to look at the book and the assistant of the phone says, Okay, or something like that and uses some small phrasing to make it seem like a human.
She says, I can't do 12 and the system goes back and says, Well, can you do this time? And they go back and forth really quickly and they kind of realized that at some point that she could maybe do an earlier time at 10 o'clock, but it would be dependent upon what services she needs and the system says she's just looking for a haircut and the person on the phone says, cool, that's totally fine. We can do that at 10 and then hangs up with the assistant. And then on the phone, once it's called in the background, you just get a pop up notification for a calendar calendar invite for, you know, Hey, this has been added to your calendar.
You have a haircut for 10 a.m. On this day, so it's doing this all in the background. Obviously, I think this is probably a little bit off, but in terms of like time and how like beta buggy, this is probably going to be, but implications are cool and it's amazing to think we're this far along. So I'm going to tell you something is I am 31 years old and I did a report on voice recognition and responses over telephone services in sixth grade.
So sixth grade that makes me what like around 12 11 12. So, you know, let's call it 20 years about 20 years ago, I was doing a school report on this exact type of feature. Which is like, Hey, you know, wouldn't it be awesome if you could call a place and it would know what you were talking about and, you know, insert movie phone reference here, right? I was just building on movie phone.
Like, I don't think this is this is great. And yeah, they're doing a lot behind the scenes to, you know, make movie phone type services or things smart. But I feel like I'm not sure like interacting with the computer. Like at some point, you know, you're interacting with the computer, right?
The whole Turing test thing. But this just seems the utility around it. I can kind of see, but I don't know with online booking these days and everything there. It's like granted not every salon, you know, would have this or every service would have an online service.
But I feel like making that easier will be better rather than, you know, getting people to interact with robots. Because let's be honest, like no one's going to want to just interact with some AI over the phone to get their jobs done. Like you said, I don't think we're there yet. And I don't think we will be there for a long time, but this technology has always been in the works and always been kind of like in this demonstration phase where it's like, here's this demo where it works, you know, great.
And it will work in this one, one perfect sense. But the one time you call a place and they start, you know, giving lip or, you know, trying to F with the, the assistant, then things go off the rails with things go off script. And that's usually when these things fall down. Now maybe, you know, Google's found some great way to answer this and they have enough data, you know, probably to do that.
But I don't know. And I mean, like, do you know, you're talking about an assistant and do you know that all the stuff that you're saying to it is probably going to be recorded and analyzed and stuff like that? Like how, how is that okay? Yeah.
So I think the answer of do you know you're talking to an assistant is no, but I don't know that for sure. Obviously this isn't that slimy that man. I don't like that. Yeah, it's definitely got a creepy sort of back into it.
So I'm on board with that and understanding that. And I think it's interesting because you bring up the point of like making the booking side of the system better or you know, whatever it is. Say you tell the system to call dominoes in order to, you know, or whatever it may be, you know, online systems could just be better, easier or faster. And we can probably do, you know, that all on its own, you know, faster if we just made those systems better.
But at the same time, I think the interesting thing too is once at the end of the day, like the business is is after this stuff because they're going to make more money. And so there's a reason to want to take more in and I understand that, but once you kind of get to a point where you understand that, you know, if there's a lot is picking up a phone and every time this is happening, you know, in some future world 10 years from now, they're going to understand how to talk to their computer. Once you understand how to talk to the computer, doesn't that defeat like half the purpose of it? It's like, just the computer should just read out, you know, like a booking haircut for Adam 10 a.m.
Tuesday and then like the person on the phone can just be like not available, but two is okay, well, two, you know, or whatever, you know, it's like, it's less it doesn't need to be as human. It's like you're wasting valuable time that the location has just talking to a computer. It's not even a human at that point. So it's kind of frustrating, I feel like, in some ways.
Well, and that kind of defeats the purpose, right? If the whole purpose is to make it more natural, right, to not really feel like you're talking to a computer, like you said, learning to talk to the computer is like, God, if I have to break out a manual or read a support document on how to like answer the stupid assistance call and book an appointment, like, I'd be pretty pissed. Like I wouldn't like that. Now, the same thing too is like, I would much rather have some calendar service and we talked about like email last time and how email is broken.
We can talk about calendar another time and how calendar is broken, but, you know, you mentioned like a social LDAP for contacts, right? But it'd be great to have like some public calendar option for, you know, especially like these salons, right, where it's built into the protocol for seeking calendars where you can subscribe to a businesses, you know, calendar with an account or a unique identifier or something and be able to, you know, read only see available times to book appointments. If this is especially with this, you know, this is for this Google duplex one, then I think this calendar approached maybe something better because you could go on there and say, like, Hey, I need to, you know, book an appointment at this place for whatever assistant try to figure it out. And then it can just look at the calendar, scrape the calendar, scrape your calendar and say like, Hey, you don't have appointments on this day.
This person doesn't have appointments on this day. Let's throw an appointment in here. Make sure that the other people accept it once they accept it. We let you know and add it to your calendar and everyone's all happy.
Like, I feel like that's a better system that you don't have to get into, you know, a human interacting with it. Now, I understand why they do this and I understand the intent behind is like, Hey, we know that not everyone is going to participate in a site wide rollout of whatever, right? Or everyone is not going to sign up and, you know, change their entire computer infrastructure or how they book appointments to suit our needs. So this is something to kind of like make it easier for our customers to interact with them without requiring them to change the business, let's say.
So I understand that, but I think there are better ways to solve this for both parties. And this is, you know, just a stop gap in that measure. I mean, like I said, I did report on sixth grade and 20 years later still hasn't really gone until where we thought it was going to go. And I just think this whole talking with a virtual system to book you an appointment is great.
Like, I think that whole part is awesome, right? If it was me interacting with the assistants, like, Hey, I need a haircut, you know, can you give me a haircut on Tuesday? And it's like, let me check on that. And then, you know, you get a notification and like 30 seconds after it does like the background checking is like, Oh, I found a place that's available whenever.
And this is the behind the scenes stuff, you know, that you told me about if that was all digital, like not having to deal with people, then I think that's a better solution. It's interesting. Your perspective is one I think I align with pretty well. And that's why this is makes her a great demo.
But it doesn't really align with, I think, like, maybe like a long, long term goal. It's just kind of novel in today's day and age to think, Oh, I could have this assistant call somebody for me. And, you know, then I don't have to deal with making that call, which is kind of sad, but it is what it is. So I guess we should move on to some follow up, but this is kind of funny follow up because this isn't the first time this has happened.
We talk about something and then something happens like right afterwards. It's extremely relevant to what we talk about. And I think I sent you this link this week that Gmail officially rolled out, like a new support for their iOS app. And I know you said you mentioned when I messengers do you that it's been in beta for a while.
Is that the case? Yeah, so the Gmail, you know, who went through their big redesign recently, like that was in beta. So that's been going on for a couple of weeks, I think now. And so I knew that this news feature existed, right?
Which that was my number one thing. I was like, Hey, email just giving us news. That was my favorite feature of like the mailbox app and like trying to accommodate with my inbox zero life. It's a very much like deferring things and on the focus.
Like, Hey, I don't want to see this right now just because I can't act on it, but I don't want to give it like a firm date. Just remind me again at a certain time, but clear it off of my list. So I don't have to stare at it, you know, so it's not like burning, you know, just this background processing my limited, you know, resources in my head, like I'd rather have that task just, you know, kill and come back at a certain time. Well, I'm talking to myself like I'm a computer and this is getting really sad, man.
Really sad. I'm a human being. Like that's not. So getting back to the topic again.
Yeah. So Gmail supporting snooze. I knew it was there. I knew it was in beta.
And I think it's important because yeah, they released it to the public and I was like, Oh, well, I didn't have a beta was going to go a little bit longer. I didn't really realize it was going to happen. You know, like the next day after we record the episode. So people listen to episode like, yeah, judge, emails had that.
So I want to kind of call that out. And I think my big thing was I wanted snooze to be embedded in the protocol or embedded in like the standards for mail because I think it's a feature that has caught on to a bunch of clients and I think it's service that's important to a lot of people. And I would love it to be embedded in the protocol to where there's some standard for handling how you snooze an inbox or snooze a mail attachment or snooze a mail message. I still think that's the better way to go.
So I threw this and there's follow up just to say, like, yeah, I know Gmail has snooze and sorry that we, you know, didn't mention it that clients already have that. But I still want protocol support and still need that. Cool. Well, I can't blame you for running that.
I mean, at the end of the day, like, look, I understand like probably half the world has a Gmail account, but at the same time, it isn't like, you know, that isn't a great solution long term. You know, there will be at some point another Gmail in the world. So, you know, doing it at the protocol level makes way more sense. Well, and the fact that now, you know, like you said, over half the people that say or a large amount of people are using this feature or will start using this feature, then maybe you'll get more traction and kind of have more ammunition to just be applied everywhere.
Very true. So this week we're going to talk a little bit about passwords and password management and it might even drift into password hygiene a little bit. But I guess kind of looking backwards first and thinking of a fonder time when we didn't really have to worry about passwords so much and I guess systems weren't being hacked every day or, you know, under attack every day. So it wasn't so much a concern about what your password was.
But do you remember a time when we level Adam had a less than secure or a great password on any one service? I remember when passwords were less than eight characters. All lowercase didn't include any numbers. Ah, it's so nice.
Yeah. So I think I cleaned up my act and probably around 2013, maybe, somewhere in that area. But I, oh man, my, one of probably the most closely guarded accounts is for me at least being on iOS and the Apple ecosystem is your Apple ID account. My Apple ID was an old Apple ID.
And so when I signed up for my Apple ID, was back in the days of .Mac, if you remember those days. And so my, one of my passwords was one character that repeated six times. Yeah. That's not very secure there.
Yeah. I'm pretty sure it would have taken like any modern computer like half a second to guess it, but never even less. But yeah, it was kind of sad. So in like, I want to say 2013 or so, that changed.
And it got significantly more complex than like 20 characters, but yeah, is what it is. But I guess what can you say in terms of like length of passwords and so on and so forth has changed for you over time. I mean, do you still have any like go to passwords that you know off the top of your head? Do you not even do that stuff anymore?
So the only passwords that I know off the top of my head are login passwords or admin passwords to the computers and my one password. Everything after that, I'm pretty sure I have completely cleaned out just for the sake of, I went through a big password audit in, I don't know. I'd have to look in Omnifocus to see the last time I completed it. But I went through a giant password audit where I just went through every password that I had and changed it and every login that I had and got rid of ones that I didn't need.
And I set that to reoccur like every two years. So I know that there's one pending. So probably the last one was in 2015, I want to say, is when I went through this. But nowadays, there are only, I think a max of three passwords I remember.
And they're ones that I have to use on a very frequent basis. Everything else like once I can get to one password, then cool. I don't care. Once I can get to one password on a client, I'm fine.
So essentially anything, you know, that requires a daily use that prevents me from using one password on that machine. That's the password I remember. So in this case, it's the login password or the admin password. And this is tough now because like having like touch ID come into the mix for like, for the Mac is like, ooh, if I had a Mac with touch ID, then I could, you know, just use that for most of the time.
And then on the rare times I actually have to log in with a password, you know, after like an update or restart or what have you, I'd be okay with entering something longer or something I have to look up. But now because I don't have that convenience, like I said, it's just a three, the admin password and the one password. And then I think there's probably one other one that I remember, which is probably like a server password. Which I'm not even, you know, I'm probably going to change that because I'm moving everything to keys for those.
Yeah. So I think personally speaking, I remember like you log in passwords for, you know, iOS, iPad and Mac. And then one password, I remember. And the only other thing I know off the top of my head is Apple ID.
And I'm surprised you don't remember that off the top of your head. Oh, I use a one password for that. Wow. Okay.
That goes even beyond me. The only reason I don't do that is for fear, you know, I get a new phone or something like that. And I'm without a device or something, you know, I can't, I can't approve from another device. So it would be in a really rare event that I would be under that.
But if I was, I didn't have one password with me and I couldn't get to it first. I would be pretty hosed. Yeah. So in hindsight, my one scare was that if I lost access to one password, you know, let's say because it was purchased on, you know, the app store and it required my Apple ID to look for something.
I would kind of be like, Oh, crap. Like I don't know. I don't know if I couldn't open one password because I need the Apple ID. I kind of be screwed.
But now that I've migrated to one password, you know, their subscription service, so now that it's all online and I can just go to one password site and log in, then I'm not worried anymore. Yeah. So the hard part about the online thing for them, at least for me, is that that secret key they give you, you know, like everyone's don't want to like do reset my browser and I'm pretty sure it's based on, you know, some cookie or something that gets dropped on your browser or on your computer that, you know, hangs on to, you know, that yes, you've logged in at this computer before and as soon as you reset your browser, your host. So yeah, like that, that kind of scares me away a little bit because even that, like, I couldn't get back to it even if I did get back to my own Mac or something.
So I have some, some apprehension of that, but maybe one day I'll do that. And the other thing that scares me is God forbid I want to change my Apple ID. There'll be like 17 million other things to change because it'll, it'll want me to sign in and sign out it every location, you know, under the sun. So that's, that's such a first-ner problem.
I have so many devices. I have to sign into all of them. If I change my password, oh, hey, man, you think about it. It's like iCloud app store, FaceTime messages, like four things on each one.
Oh, my goodness. And my so many Apple devices. And I have to do it on my TV as well, which has just that, that keyboard in the scrubbing. It's just so horrible.
I don't even want to think about it, but maybe I'll get around to doing it. That's such a first-ner problem. I guess that's what this podcast is about. But that one is like, I'm calling you out of the first-ner problem on that one.
Just complaining that I have so many devices that I've changed my password and all of them is the biggest first-ner problem. Yeah. If I, I will say if I do change it, it is getting like really, really, really, you know, long generated, you know, password, but, so you said you, you audit this about every two years and you go through every single login and change the actual password for it. So I mean, if I'm following you correctly here, you log into like all your web services, change all the passwords to those, or you kind of more selective, it's like, uh, just these, you know, you know, you know how one password has that whole like filter, which is passwords that are older than one year, password that are older than two years, passwords that are older than however many years, they have their whole security audit, which is where I got this idea.
Anything that's 3 plus years, that's what I change. That's interesting. It's, um, you know, I actually don't do that myself either. So it's like, every one of my passwords is different.
So if, and if I, um, you know, they plug into the whole, uh, the Pwn2Own website, they have like the API call for that now, which I guess we should probably briefly cover that basically they, their online service has a plug-in, which will scrape, um, the- Have I been Pwned? Or have I been Pwned, yes. And, um, and will automatically let you know, like, hey, if, if you're in sort of like a pace bin of, uh, of a database that, uh, you know, got leaked and we'll tell you, hey, change your password. But, um, you know, I'll change those, of course, and I will kind of go around if they say that watchtower feature says, hey, this, this password is weak.
I'll definitely change that. But otherwise I don't really go and change the passwords on all my accounts on any regular basis. I just keep them separate so that if one happens to get attacked, it's not, it's, it's an isolated incident. Yeah.
I know the, the watchtower one, I'm trying to see just right now if I have anything in there. But I think we need to get into password managers pretty quick, uh, just because we're talking a lot about features that are, that are in password managers, especially when we start talking about, you know, how we're managing all of these random passwords and not remembering any passwords except for the ones that we have for the password manager and our computers. But yeah, my security audit, the whole reason it came up was just because I knew I had a bunch of logins out there that weren't properly, you know, kind of, I guess they had poor hygiene. So this is just a way for me to kind of get back on that train.
And like I said, I think there's what I have probably 12 logins that I have to change right now that are over three years old and they're all random, you know, they're all random passwords that I created a long time ago. So now they'll just get updated to something a little bit stronger, a little more characters, but it still depends on the service too. You know, some of them won't accept that, but it's good to audit, you know, your security every once in a while. And like I said, there are services out there like have I been pwned to see if, you know, the password that you use has been, you know, posted on, like you said, some pace banner and posted somewhere publicly and people know about it.
So it's good to audit audits are nice. I'm not tax audits, but you know, password audits are a good thing. It's a good thing. Yeah, tax audits.
No, I'll stay away from those for right now. Okay. So yeah, you're totally right. We need to jump into password managers.
So it's no, you know, surprise here. We've already been talking about it that both you and I both use one password. Have you ever used any of the others that are out there? I've used just kind of like built in password managers, you know, like on Apple Ibu's Keychain and on Windows, I know they had an equivalent for like their credential manager, I believe.
So I've used those, but I haven't used like the online services like LastPass or some of the other, you know, password managers that are out there. Mainly I stuck with one password just because I liked the idea of my content at the time being local. Like I liked that idea. I liked it having the database local and choosing my method of sync.
And now I've kind of just yielded to like, Hey, I'm okay with a lot of my logins being online. But I stuck with my passwords because it's clean and I got used to it. And once you invest a lot in it into, you know, the service, it's, it's hard to kind of move out of it just because like, well, okay, they have 300 passwords of mine in this well, like I could export them all and import them into another one, but that seems like a lot of hassle that I don't want to go through. Yeah.
It's kind of sticky that way. I mean, it's something that keeps you with them. And I like you. I think I started with them for mainly reasons of the way they, I was okay from, from the beginning with it being in a cloud account, but I kept it in my own personal iCloud account.
And so that, you know, key of, you know, or database of, of theirs was in my own personal account. And so it felt a little more under my control and, and wasn't on anything that was theirs. But you know, it's one of those things that this company has, I've used them for, I don't know, six or seven years now, I feel like. And so there has been a degree of trust that has been built over that time.
And it's something that I definitely, I don't want to say like I'm a fanboy, but I definitely am okay with the level of me giving them the database now. And, um, and it's, it's still encrypted and all that. So I, you know, I'm, I'm still willing to take some risk and give it to them, but it is something that that trust has been built slowly. And I'm going to give up a little bit of risk for the benefits that it comes with.
Yeah. So you guys still maintain a private vault, like the one that is fairly local and not stored on, you know, that, that service, but I don't know, it's, there's not a lot in there. There's not a lot that I really like hold that secure. I'm like, okay, this stuff, no one can ever, you know, see, or this stuff, you can't get synced anywhere.
It can never touch anywhere but here. Like, I'm not, I'm not really like that. There's only like one or two things that have it. And I think it's mainly the recovery keys.
That's about it. And that's probably one thing where they are in the cloud somewhere because they're probably backed up with backways, but you have to go hunting to find them. It's not like, if someplace got hacked, you know, like still getting into that database, like you said, it's encrypted. So they still have to know the key to get in, which is a good thing.
Yeah. So, and a little bit different from you. I actually haven't, I try not to use the built in features. So I, I, I cloud keychain or keychain.
I don't really use it. I try to avoid it asking me for passwords and doing that, just because it's kind of, it seems sort of backwards, but it's one of those kind of older rules of like a mitigate your attack surfaces. If you have it in multiple places or, you know, say keychain has got the wrong password, but one password is the right one. It's like, it just turns into more of a headache than it's worth sometimes.
So. Well, this is the area where you want one cookie jar and you don't want multiple hands in it. You don't want multiple things looking at, at your password database. So I, I mentioned built in just because like I've used the built in months before, but once I started, you know, sticking with one password, like I chose that as my primary and that meant I turned off, you know, auto feeling of passwords and stuff like, yeah, okay, like I understand it's a feature, you know, that's great, but I know where my passwords are, like luckily I can turn off the feature and just say, hey, no, use this instead.
I'll use my extension to get the passwords, but I mean, I think I put this in here. The built in one is because worth noting that most, you know, modern operating systems come with some form of built in password management and a way to actually like, let you create and store secure passwords, you know, we mentioned that, oh, it was so nice when I could use a password like baloney and you know, not have to put a one after it, you know, every time they required some stricter requirement, but most operating systems come with this, you know, because it's important, but I just think it's important to call out because everyone should be using one if they're not. Yeah, I mean, it's nice that most operating systems come with a quote unquote like free version of what we're doing with one password. So that's cool that it's built in and for the vast majority of people, it's probably enough.
One password just if you're willing to take on a little bit of homework and, you know, put in the time, it can go a lot further. And, you know, in some respects, I would like to see one password sort of have some way to parody my entire database of like, say, just logins to the built in one. And the reason I would say something like that is that more and more today, developers are getting like API level access to some of these things. So, you know, I could open Netflix on my iPhone and it just would paste in my, you know, logging credentials from iCloud keychain.
Now, Netflix doesn't see that, you know, password or anything, so it's not compromising that way. But right now there's this kind of game of go to one password, copy it, go back, you know, paste it in, which it's fine. And I know one password also does make an extension for iOS, but this is kind of like that solution around it for now. And so if there was some way to keep those two in sync, that would just flow.
But right now, you know, I don't really see that happening down the road. I mean, there is, that's really the only pain point and that pain point is pretty small for most people, I think. I think once you get in the habit of realizing that you don't know the password to a service that you're logging into, I think once you get into that habit where you open up the Netflix page and you're like, oh, no, I don't know what this password is. Hold on.
I need to grab that or look that up. I think once you get into that, you know, mindset, it's fine. It's, it's a little bit of friction and it would be awesome, you know, if things just auto-filled. But there's also some peace of mind, right?
And when every news article that you see every week is like, so and so hacked, you know, and 44 million, you know, passwords released to the public. And it's like, okay, well, knowing that or having the peace of mind that all my passwords are random, they're all super hard to guess and they're all unique. So even if this one service is compromised, it doesn't bleed into any other services, which is the biggest issue with password, you know, management is password reuse. So just knowing that, like I'm okay with a little bit of friction just for the peace of mind, like, especially in an online world, I think we've, we've grown up, you know, in this Wild West where we now know that we have to protect ourselves, right?
We talked about VPN, you know, two episodes back, right, and encryption and how important that was to us. And now we're talking about passwords. And it's, it's no coincidence that we're kind of having this trend is because these are all things that we've grown up with that we've kind of learned and had to kind of stumble through, right? Like building best practices.
And I listened to an episode of a Reconcitable Differences with Merleman and John Syracuse, and they were talking about password hygiene funny enough after we already decided to do this topic. And talking about like that with kids too. And like my kids, you know, it's like, how do I instill this in them? Like how do I teach them all the things that I've learned, right?
That's the big problem you have as a dad, which we talk about in casual dance, the new podcast that we have coming out. It's like, you like that shameless plug that's pretty good. But I think it's just, we've learned these habits over the course of the years, but I think there'll be a generation who won't have to worry about passwords. And that's kind of my dream is not having to worry about this.
It's like, there will only be no friction because you won't have to worry about knowing things. You just have to authenticate who you are. And if you can prove who you are, then they can prove who you are to said service. Passwords definitely have an expiration date on them in the sense that, you know, they may exist in some alternate form, but identity proof is really what it'll come down to more than anything.
And we're kind of blurring that line a little bit today with some of the, you know, security enhancements on our devices, but it's, it's not there yet. We're only making minor strides towards it. So, um, so cloud storing of passwords, you, I think we've kind of just rehashed this a little bit already, but we've been over this a little bit already, but you're totally okay with storing databases. You keep one local database, you said, um, is that just, you said just for recovery keys?
Is that correct? Yeah. I think the only thing that's built in there in that vault is just the recovery keys for the other volts. So like, you know, like, yeah, you get into that one and then, you know, it's open season, but you have to have physical access to my machine and get past my, you know, login password and know where that vault is.
And then know the password to that vault. So the chances of that are going to be pretty slim. Yeah. I have none that are, that are local.
Everything is cloud storage. It's interesting because my recovery key information is stored in a, another cloud service, but I know the password of that cloud service. So it's like kind of a way around the problem. Um, and I guess one thing while you were talking for a second, I looked up my, uh, my security audit, um, and my security audit for, for things that are over three years old, I would have to change 161 passwords right now.
So, uh, I guess if I'm going to tackle that on, or tackle that, it's, it's, and take it on over the next couple of weeks, man, holy heck, I've got a lot of work to do. So I, I mean, you need to just like, uh, defer that and let me focus for a little bit. Just break it up and, uh, sort the services by name and say, like, this week, I want to get through the A's next week through the B's. Yes, it's going to take a, uh, a little bit of time to get through that, but, uh, maybe I'll take that on.
No, what you should do, because otherwise every time you do this, it's going to be just the nightmare is change like a third of them right now and then call that a day, right? And then wait four months or three months and then do another, you know, third of them and then wait another three months and do the last third. So that way in three years when it comes up, you've only got a little chunk, but that only postpones like a third of it, but you know, hey, it still kind of make your job a little easier. Yeah.
I remember the day I sat down and did like all of my logins and I like tried to think about every single one of them and it definitely took me like probably like six hours to do like all the logins to get everything I could ever think about that I'd ever created into one password, but I mean, once I was done, like you said, like, I think the way you put it was perfect that like, there's a really freeing sensation when you're like, I don't know this password. I really don't know it. I'm just going to go look it up. And I know my one password.
That's the only thing I do know. Unless you forget to put it in there. Like your vanity Gmail. Yeah, that was a problem, but yeah, so I think I'm in good shape now.
I've got them all in there pretty much so. So another thing that's coming on strong is a two factor or having some sort of second factor or I guess the other acronym is time based one time passwords. So what is your thought on this and is this something you actively practice? So my thoughts on two factor are it makes sense, right?
You have to have something you know and something you own, right? Two things to verify you are who you are. So it's not like some bot, you know, who script your password blogging like it has to be another way to prove that you are the person who's logging in. I like the concept of a two factor, you know, login and my preferred method is the time one time passwords.
I think those are more convenient than waiting for some text message to come through or some emails to come through. Those are my two least favorites. Like, okay, we'll email you it. I'm like, don't email me.
Like, no, that's not the way this works. Like I'd rather have the time one time password because at least that is constantly changing. And I know that that's still easy enough to crack if someone can get to the code, the QR code and you know have the settings for it. But I find that to be more convenient mainly because I can also use that within my password manager.
But I think two factors are necessary and necessary thing in this image. It's a solution to the problem of no matter how complex we made passwords, if there was a bot or computer that could churn through enough times and guess, it would get it. And this kind of eliminates that in the sense of, well, you've said that this is your password and if this is your password, you also have to say that this is the way that we can prove you are, whether that be text message email or time one time password. So I think it has to exist and I think it's a good thing.
But this is where the argument is like, oh, there's just so much to do. There's too many things. Like, if I just want to log in, now you've added, you know, an extra step that I have to go through to get into my account. So I think a lot of people won't enable this because it is a lot of friction, but I love it whenever a service offers it.
I'm like, yeah, cool. Yeah. So like, you know, I think backlays was the last one that I did is like, hey, we offer you a two factor. I'm like, awesome.
Doing that now. I like it. But like I said, time one time passwords are my gig. Yeah.
So I definitely am in the same camp. You are with the time-based or time one time passwords. I really, really like that over the text messaging. I know the text messaging, although we don't really have any, I think like hard and hard and proof.
Like it's, it is more susceptible in the sense of like man in the middle attack, you know, that's totally a real possibility if, you know, you have access to the carrier networks or anything like that. They could read all that. It's all sent in essentially plain text. And then again, is we already talked about the security of email.
So I mean, both of those are, I think, more susceptible than just that QR code that is syncing with the server. But I do have this enabled on most of my accounts that I can, but I recently learned that one password now actually tells you on their website or when you're using the web portal version, what accounts you have that now support this sort of behavior. So that's cool. And I know I talked about it, I think, on a really old episode, I don't remember what you were probably talking about, password, hygiene or something of that nature briefly.
But twofactoroff.org is a website that allows you to just kind of quickly search a bunch of online services and whether they support that second factor authentication. And not only to search that, but like what sort of support they have. So is it like SMS, phone call, email, hardware, software tokens, and you know, most importantly, these are all software tokens. And it also calls out when they don't have it so that you can kind of like nag the company a little bit.
And then I think the really cool part about this website is there's always like, there's these like deep links to the support records for how to set the stuff up. So that is super, super nice. So if you're ever looking to just kind of like audit whether your services have it and you don't have something like one password, this is a great and useful site. Yeah, that's a great resource.
And what's hilarious is as I'm going through it, I check retail, retail has a lot of red. So that pretty large percentage that don't support a two factor and then health was the other one that doesn't have a lot. And like, okay, cool, that's great government, you know, like, there's a decent amount of government. So I'm like, all right, I'm going to give you a pass on that one.
Education, yeah, there's a big lack in education too, in terms of two factor support. So I think it's funny going through here and looking, oh, security, this one should be good. Yeah, lots of great there. That's nice.
But yeah, health and what was the other one I mentioned, health and education, got to get some work there. Got some some tweeting at some institutions to do here. Yeah, it's something that is it just gives you a gauge and then I just like that you can Oh, transportation, oof, ouch, airlines are way behind on this. And what there's not a single one of them that has it.
No, of all the ones listed on here, there's not one that supports two factor in transportation. So that's an I'm going to call out company share by name so apologies in advance. But like American Airlines, Alaska Airlines, Air France, JetBlue, Rayhound, Lyft, Redbus, I don't know what that is, Southwest Spirit, United, Uber, yeah, basically anything transportation, no two factor for you. Yeah, it's super funny just because it's like, these, these, I feel like we just kind of went on a little bit of like a transformation transportation, like machine gun, you know, but we're definitely shots fired on this one because it's like, oh, that is an ugly looking page with nobody supporting that.
So also no surprise that cryptocurrency is all support to factor. Yeah, you don't want your Bitcoin stolen. Yeah, right. That's the new finance, right?
Someday, someday. Yeah, it's, it's a, this is a great resource. If you have some time, definitely check it out. It's a well worth your, you know, time to kind of add these to your, or add these services and their, you know, support to your password manager of choice just because it's like, man, some of these things, I mean, I don't know, I guess there's like particular industries that they're going to be, you know, you may want to start with first, you know, cryptocurrencies, finance, health.
Yeah. I can understand a little bit more like why airlines are lagging, I guess, but at the same time, like if you're building a service today or you're any big company, I think they should be just like from the start built into your workflow. Agreed. So that being said, I, what sort of alternatives are out there?
I mean, I only know of, um, swirl really, uh, that's out there and squirrel is just something I know of pretty much by proxy of, of listening to, um, the podcast, um, good gosh, what's the name of his podcast? Even Adam security now. That's right. Security now.
With Steve Gibson. So, um, yeah, I've heard him talking about it, of course, a ton of times, but I'm really not well versed in what it, what it's all about. Do you know much about it? Uh, this, this is, remember when we talked about encryption and we said that, hey, encryption is something we're going to have to talk about another time because it'll get really into the weeds and it may require some homework for us to do?
This is basically the equivalent for passwords for me, where it's like, okay, I kind of get the concepts and if I'll include the link to you to squirrel in the show notes, but if you go to this page, it has, you know, some diagrams like, all right, I kind of get this and I understand what's going on. But basically what this is, is yeah, instead of signing into a website, you just take a picture of your QR code from this app and it logs you in by creating a set of cryptographic keys, verifying them against the website and your key and anonymously logging you into the site without really either of them knowing, it's like sending authentication without knowing who was authenticated. It's really weird to me. And hearing Steve Gibson talk about it is, is mind blowing and there's been a couple times where he has some episodes where he'll go through and start talking about the deep dives in this and that and how you deal with like a user experience and how you deal with not having a password or logging someone in or there's just a bunch of things that you can do with this.
But I think this is something as an alternative to passwords, right? So you don't know the password, right? You don't use the password to log in, you use your identity to log in and it's not even like sending the password. It's more, you know, sending this set of keys over and I think it's really amazing to look at.
And I think something like this will be, will be the future where you never have to worry about creating like this pseudo random, you know, crazy 32 character password, you more just, you know, set up your account whenever you set it up and add it to your database of whatever approved place is and then you send your key and they verify your key, you know, decrypts your log in token and you're good. So that's, like I said, I don't know much about it, but I think from what I've heard and same thing I've heard this different security now. So there may be other things out there and I'm more than happy to have people tweet at us, you know, with those ideas, but this is the only one I know of and I think it's really cool. Yeah.
So the few times I've listened to an episode and heard him go into detail to, I mean, it's sort of mind blowing and I mean, it is definitely in the weeds kind of discussion with him because he doesn't stick very high level often. I mean, he, he's going to go into the sort of the bowels of this all and really just get into the nitty gritty and talk to you about, you know, a ton of stuff that it's doing on the back end. But I kind of have to agree with you when he's talked about just briefly how, how you go about using it a little bit. I mean, it is, it sounds sort of like that 10x improvement that we would like to see from like any, you know, major tech shift and so I know, you know, like, that's kind of like a venture capital esque like phrase, but I mean, it totally seems like that where it's like, hey, we're, we don't even interface with passwords anymore.
We don't interface with the logins. We don't interface with the passwords. You know, we don't do any of that anymore. And if this can sort of be repackaged into something that is more maybe palatable, I think for the general public, I think it has a chance to succeed.
But I think there's something to be said about how, you know, I wouldn't say you and I are super well versed in the cryptographic space at all where we're definitely far enough away from that. But we're computer users day to day and we're definitely in the industry. And the fact that we approach this with some degree of, you know, it's complex and I don't really understand what it's doing. It means to me it has, you know, to maybe be re approached, you know, the underlying foundation that he has built is probably rock solid, but finding a way to put this into a very usable and shipable app to the masses is probably something that's going to be harder to do, I think.
Well, you're changing a behavior. And like Lu said, I mean, it's impossible for him to learn new tricks. So, but I agree. I think that something like this, if you want a mass adoption of changing the concepts of passwords, that's a tough thing to do.
And there's a really nerdy way to do it, right? Which already kind of exists with, you know, as stage keys and cryptographic keys in general and the whole concept of, you know, like when people set up for Bitcoin, right, and having your key and your wallet and everything that had to deal with setting up cryptographic key for Bitcoin, people kind of know about that, right? And that was always the nerdy part of the community. But for someone, you know, just to pick it up and say, like, hey, you know, use this instead of passwords, it's going to be great.
It's like, it has to be easy enough for them to understand what is going on to a certain degree and know that it's just going to work like a password would work. It's like, okay, I know my password, I know my password works. Like my first question is like, okay, well, this doesn't work for some reason. Where do I start troubleshooting?
What do I even look at? I don't know. I didn't make it. So that's where I kind of get lost.
And I agree. I think I know that Steve is really smart and he has all of us right now on his website of how it works and why it works and what makes it tick, you know, and why it's secure. But I think to a normal person, and I say normal in a sense that I'm not downplaying people, but someone who doesn't have to, you know, know the ins and outs of computers and cryptography is like, how do they use this app or how does this benefit them or how do you get it in a package that's they can consume. So, but I think this stuff is, is amazingly cool.
And it makes me want to listen to his, you know, his entire like walkthrough of the app, which I know he does, you know, if he wants in a while, but I kind of want just another episode of him just going top to bottom on how he did this, why it works and that'll just be five hours where I won't do anything else. I'll just, there's no other task going on, I just need to dedicate 100% of my attention to what's happening. Yeah. And Steve is, you know, uniquely talented and he can explain stuff very well, which is awesome.
It's a super dry podcast, I think we've said before, but it is also something that requires 100% of your mind because it is just a mental exercise sometimes to keep up with him. So it's, I definitely like his show, but it is, it can be interesting to keep up with him by that. Anyway, so other things that are out there too, I know you briefly mentioned SSH keys. Is this something you even have ever used that?
I'm curious. Oh, every day. Yeah. So, so log into to my servers.
I don't use passwords anymore. I just use my, my SSH keys. So it's something that I'll probably set you up on some time blue, I just haven't gotten around to doing it. But if you send me, you know, your public key, I'll add it.
So if you want to authenticate by a switch can or by key. So yeah, I did this. I want to say probably six months back is I set up the SSH keys for all my computers and just use that as my primary form of authentication. And the key still has a passphrase, which, you know, I have stored in one, my password manager, but it's more than just a convenience factor of like, Hey, I put the keys on my computer and they're adding the key chain.
So then when I, you know, SSH into said machine, as long as my keys there, I'm instantly authenticated and let it in. I don't have to worry about putting in password for that machine. So it was mainly a way to be lazy rather than a way to be like super secure. That was, you know, kind of my approach to it was like, I know this is better than, you know, typing in my password each time.
But since I'm already in, you know, in a crypto tunnel, like whatever, but sending my key was just an easier way to authenticate less friction for me. Well, we all know you like the less friction approach friction. Fucking free friction. Fucking free is a trademark from Adam, you better, you know, get on that.
Yeah, that's not something I'm going to do. So whenever someone, you know, trademarks that and then they receive a cease and desist for using friction. Fucking free on my podcast. I'm like, all right.
Well, lost opportunity. So the other thing that is sort of hardware driven is that biometrics, and I know this is something we sort of touched on with, you know, there's touch ID today. There's also like face ID out there. And so, and just there's a ton of other stuff.
It's like out there, you know, it depends how much money you have, I think, throughout the problem, but there are, you know, way more complex solutions in, in the industry that I think are used today. So I'm kind of curious what your thoughts are on, like, the future in terms of biometrics and where we're going that way. So insert name of every sci-fi movie here uses biometrics as a form of authentication. So I think in the sci-fi lover's dream, it's going to be biometrics.
It will be the future of authentication, just it won't be something you know when something you are or something you have. It would just be, like I said, something you know something you own, there's be something you are. It'll just be you. You will be the something.
So I think when we get to that, that phase, right where this, you know, device only works with you. And it has to authenticate who you are and once it can do that, however it does that, it lets you into whatever. Right? And I think that'll be the same for a service.
Once the service can identify in a secure way without being creepy about it, who you are, then cool. It doesn't have to worry about the rest of the stuff. So I think there are a lot of ways you can accomplish that. I think if your biometric data is set up as a key, right, just a key and that is your identity key and that's what you use the, you know, sign up for services, then as long as whatever you're using to authenticate, you know, the biometrics, as long as I can prove who you are and send, you know, the public key or the key authentication over to the service, then great as long as that matches you're let in.
So I think a combination of right now we have like facial data and fingerprint data, you know, once we get into something like, Hey, we know that a physical person is holding his phone because there's a heartbeat in the thumb and they're moving or whatever. So we know it's a human and we can identify via either retinal scan or face scan or what have you once we can verify, let's say, two out of three of these things. We know it's an actual person and we know who that person is will unlock and let you into the service. Like I think that will be kind of the future of authentication where the biometrics will be very heavily based on who you are and then sending that anonymous data saying, Hey, this is a user and they are authenticated to a service and letting you into that service.
So that's how I envision, you know, the physical security as well as like the service or server side security. Yeah, I mean, biometrics is, I think, going to be huge, of course, and it's only going to get better and better and better. But I think some form of some hybrid approach of biometrics and proximity of devices is probably, you know, a really realistic short term approach where, and we kind of already see this with like, you know, oh, you have Apple Watch on, you go ahead and sit down and you're computer it on my fan box, you know, if they can sort of get over some sort of cliff of like, Hey, you've got to a certain point of, you know, we can trust this as you because, you know, you're at your computer, but your watch is on your wrist and your phones within three feet and your, you know, your iPads within, you know, 10 feet, it's like, okay, I've got enough, like, you know, plus ones here to know that this is, this is definitely got to be you. So that's something that I think in the long run might lead to, you know, biometrics and some sort of hybrid approach being a way we can manage those passwords.
So anyway, I think that pretty much wraps up everything we got for passwords. But is there anything else you want to go on there before we move on? I think just kind of wrapping up, right, like, passwords is here, I can get my PSA, right? So everyone who, how they're using passwords is like, if you're using passwords and you're not using a password manager, please, please, please, you know, take a look at the built-in ones that are on your computer right now or look into something like LastPass or one password because right now passwords are a reality of life, just like email is just like telemarketer phone calls are like just like all that stuff.
But passwords are, are the one thing that's a very, can be a very weak point in the security matrix or the security setup. So using a password manager is one of the single best things you can do to protect yourself. So I just want to tell, you know, everyone there's my PSA is like, use a password manager and if you don't then you're a horrible person and every time you don't use a password manager, you kick a puppy and no one wants to kick puppies. But I think in terms of like our coverage of passwords and just kind of like our D type, there's, there's so much to talk about.
And I'm really curious to learn more about the alternatives, right? We mentioned, you know, Squirrel and we kind of gave a little love session to Steve Gibson there just because I think we both have a mutual admiration to the work that he does or for the work that he does, I should say. But I'm curious to see what other people come up with in terms of how we're going to identify and authenticate with devices in the future. And you see a lot of that in sci-fi movies, right?
Like guns that only work with certain people, like Metal Gear Solid, a video game kind of goes through it a lot, right? And I think there are nanomachines in you that authenticate and let you pull the trigger on this device and let you not pull the trigger on the other device. So I think that'll be interesting to see the alternatives come out of it. But in the meantime, just passwords are something we all have to live with.
Use secure passwords. Use a password manager. Okay. I couldn't agree more at this point.
So in a little bit of wrap up, you're biking to work. Question mark? No, bike to work day. Bike to work day was the 10th.
Did you bike to work? No, I definitely didn't. Did you bike to work? I'd like to work on the 9th.
Does that count? I'd like to bust up. Let's back up a little bit here. Because work for you is like, work for me is over a mountain.
I have to get over a mountain to get to where I work. And I don't want to bike up a mountain. I get to go down the mountain. But no, no.
So I'd like to bust up. Excuse me. Adam didn't partake in the tour de Santa Cruz. Tour de Santa Cruz mountains?
No. I know people who have bike to work and live in Santa Cruz and have bike to work in. It's an all day ordeal. Basically, it'll take you like three hours to get into work, you know, unless you're a mad man and just go up, you know, the 17, like a crazy person.
But there are people who have done it and they say it's really nice and I'm like, I agree, it's probably really really nice. I don't want to do it. I don't want to bike, you know, 20 miles. I'll bike to the bus stop and then they can, you know, take my bike to work and I'll bike around work, but I'm not going to bike there.
So I biked the day before. I miss bike to work day just because there was something I had to be back for. So I didn't get the opportunity to bike on bike to work day. I was curious if you even participated.