POPULARITY
You asked, we answered!
Phishing-resistant MFA could have stopped a Chinese state-sponsored threat actor from spending over a year inside North American academic and medical research networks — and we're going to tell you exactly how it happened and what you need to do about it.A group called UNC5608, tracked by Google's Threat Intelligence Group (GTIG), exploited a vulnerability unique to REDCap — a research data platform that allows multiple software versions to run simultaneously. They got in via stolen admin credentials, planted custom malware called Infinite.red directly into REDCap's upgrade process, harvested credentials for over a year, then used those credentials to log into Google Workspace as a domain admin and create fake compliance rules to silently forward sensitive research emails — military strategy, geostrategic policy, advanced tech, specific pathogens — straight to Gmail accounts they controlled. And nobody noticed for a very long time.Prasanna and I break down the full attack chain, then walk through every prevention layer that could have stopped it: inventory management, patching, password hygiene, SSO, phishing-resistant MFA, passkeys, DBSC, context-aware access, compliance rule monitoring, credential separation across security domains, and logging. We also get into what backups can and can't do for you in a long-dwell-time attack like this — and why infrastructure-as-code and truly immutable golden images matter more than you might think.If you're running any kind of research platform, academic institution, or medical network — or honestly any organization that uses Google Workspace — this one's for you.Chapters:00:00 — Intro: The attack that phishing-resistant MFA could have stopped01:03 — Show intro & woodworking banter03:26 — What is a living-off-the-land attack?04:02 — Who is UNC5608 and who did they target?05:08 — How REDCap's multi-version design was exploited06:11 — Infinite.red malware and credential harvesting09:01 — Google Workspace infiltration via fake compliance rules10:18 — The keywords they were stealing: pathogens, military strategy, and more11:50 — What could the victims have done differently?12:42 — Inventory management, patching, and legacy version removal14:00 — Why you can't trust application-level authentication alone — use SSO15:18 — Phishing-resistant MFA and why it matters16:00 — Passkeys, FIDO, and why there are zero known attacks against them17:57 — Device-bound session credentials (DBSC) and context-aware access19:38 — Monitor your compliance rules — have a compliance rule for the compliance rule20:40 — Credential separation across security domains23:00 — Get some logging — XDR, SIEM, and catching exfiltration in progress24:00 — What can backups actually do in a long-dwell-time attack?27:00 — Infrastructure-as-code and the right cyber recovery approach28:58 — Protecting your golden images with immutable storage31:59 — Wrap-up
The MacVoices Live! panel discusses Apple's updated App Store review guidelines, the challenge of filtering low-quality or AI-generated apps, and whether trusted developers should receive faster review. Chuck Joiner, David Ginsburg, Jim Rea, Marty Jencius, Web Bixby, Jeff Gamet, and Eric Bolden also debate Apple's Passwords app gaining automatic password-changing abilities, weighing convenience against account-lockout risk. They also provide reactions to Snap's new Specs and the uncertain future of smart glasses. MacVoices is supported by NordLayer. Secure your network & stay compliant with one toggle-ready platform. Get an exclusive offer: up to 22% off NordLayer yearly plans plus 10% on top with the coupon code: MACVOICES10 at NordLayer.com/macvoices. Try it risk-free—14-day money-back guarantee. Show Notes: Chapters: 00:00 Opening topics and sponsor message 00:27 Tim Cook's WWDC morning video 01:34 WWDC swag and Finder collectibles 03:24 Apple's app submission volume 03:46 Updated App Store guidelines for low-quality apps 04:19 The scale problem of reviewing thousands of apps 05:48 Should trusted developers get faster review? 06:27 Policing successful or suspicious apps 07:37 Apple Passwords app and automatic password changes 08:00 Initial skepticism from the panel 09:09 How automatic password changes may work 10:09 Standards, automation, and website support 11:10 Balancing convenience with trust 12:22 Why password automation could help less technical users 13:15 Implementation concerns and website complexity 14:13 Comparing the feature to Face ID's early skepticism 15:41 Account lockout as the biggest risk 16:28 Where automatic password changes could be useful 17:33 Interface design and fallbacks 18:27 Security tradeoffs and password visibility 19:36 Passwords as an aging technology 20:10 Password managers and better password habits 21:35 Passkeys and the slow path to adoption 23:23 Sponsor message 25:48 Snap Specs pricing and release expectations 26:13 Recording indicators and privacy concerns 26:34 Comparing Snap Specs to Meta smart glasses 27:18 Price, style, and hardware limitations 28:16 Ray-Ban Meta glasses and AI features 28:35 Vision Pro comparisons and entertainment value 29:20 Potential use cases for smart glasses 30:45 Skepticism about current smart glasses design 31:14 Are these products ready for consumers? 32:06 Humor, smart glasses, and panel reactions 33:39 Closing comments and event mentions 34:15 Closing credits and support information Links: Tim Cook posts comedic 'Good morning' video to mark final Apple event as CEO https://9to5mac.com/2026/06/08/tim-cook-posts-comedic-good-morning-video-to-mark-final-apple-event-as-ceo/ WWDC 2026 Swag Bag Includes Little Finder Guy https://www.macrumors.com/2026/06/08/wwdc-2026-swag-bag-little-finder-guy/ Apple Updates App Store Guidelines With Stricter Rules for Low-Quality Apps https://www.macrumors.com/2026/06/09/app-store-guidelines-low-quality-apps/ iOS 27's Passwords app can change your passwords for you, automatically – 9to5Mac https://9to5mac.com/2026/06/08/ios-27s-passwords-app-can-change-your-passwords-for-you-automatically/ Guests: Get detailed bios and contact information about for the panel on the MacVoices Live! Panel page on our web site: https://macvoices.com/macvoiceslive/macvoices-live-panel/ Support: Become a MacVoices Patron on Patreon http://patreon.com/macvoices Enjoy this episode? Make a one-time donation with PayPal Connect: Web: http://macvoices.com Twitter: http://www.twitter.com/chuckjoiner http://www.twitter.com/macvoices Mastodon: https://mastodon.cloud/@chuckjoiner Facebook: http://www.facebook.com/chuck.joiner MacVoices Page on Facebook: http://www.facebook.com/macvoices/ MacVoices Group on Facebook: http://www.facebook.com/groups/macvoice LinkedIn: https://www.linkedin.com/in/chuckjoiner/ Instagram: https://www.instagram.com/chuckjoiner/ Subscribe: Audio in iTunes Video in iTunes Subscribe manually via iTunes or any podcatcher: Audio: http://www.macvoices.com/rss/macvoicesrss Video: http://www.macvoices.com/rss/macvoicesvideorss
Passwords were built for a different era of the internet. It's time to move past shared secrets to close your organization's largest threat vector for good.Traditional passwords and legacy Multi-Factor Authentication (MFA) are no longer enough to protect your business. Automated, scaling phishing toolkits easily intercept shared secrets, leaving small and medium businesses highly vulnerable to credential breaches.In this episode, Jen sits down with Nishant Kaushik, Chief Technology Officer at the FIDO Alliance, to translate complex cryptographic standards into an actionable, resource-light deployment plan. Learn how to transition away from legacy authentication and close the hidden operational loopholes that hackers actively exploit.What You Will Learn:The Flaw in Basic MFA: Why SMS codes and standard one-time passwords (OTPs) are failing, and what true "phishing-resistant" security means.The Account Recovery Trap: Why a weak "Forgot Password" workflow accidentally gives hackers their primary attack vector back—and how to fix it.The Bottom-Line Benefit: How moving to passkeys drastically reduces internal IT helpdesk tickets, manual password resets, and overhead costs.Right-Sizing Your Passkey Deployment: How to easily segment your workforce strategy:Standard Users: Synced passkeys via platform credential managers (Apple, Google, 1Password, Bitwarden).Privileged Users: Dedicated hardware keys (YubiKeys) for root admins and high-sensitivity infrastructure.The 1-Week Action Plan: How to leverage the identity infrastructure you already own (like Google Workspace or Microsoft Entra ID) to deploy passkeys today.Resources Mentioned:Learn more about modern identity standards: FIDO Alliance WebsiteReview baseline federal security recommendations: CISA Guidance on Phishing-Resistant MFADiscover SecurityMetrics compliance resources: SecurityMetrics Official SiteThreat Intelligence Data: Read the data behind credential exploitation in the latest Verizon Data Breach Investigations Report (DBIR). Federal Passkey Standards: Review the updated identity and passkey frameworks via the NIST SP 800-63 Digital Identity Guidelines. Enterprise Identity Platforms: Learn how modern stacks integrate passwordless via Okta Verify and Microsoft Entra ID. About the Guest: Nishant Kaushik is the Chief Technology Officer at the FIDO Alliance, bringing over 25 years of leadership in digital identity and access management (IAM). He holds nine patents, frequently serves on the advisory committees for the RSA Conference and Identiverse, and is a founding member of IDPro.A note from Jen: We built Practical Cybersecurity because we were tired of the fear-mongering in this industry. Security shouldn't be a secret club.If you're trying to figure out PCI compliance or need a pen test, my team at SecurityMetrics can help you out: https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place But if you just want to learn how to protect yourself for free, start here: https://academy.securitymetrics.com/
Microsoft beendet das Senden von SMS-Codes für Zwei-Faktor-Authentifizierung. Andreas Von Gunten und Martin Steiger diskutieren das Ende von Mobile TAN bei Microsoft und Alternativen wie Passkeys oder TOTP.
Adieu les codes : Comment la biométrie comportementale va tuer le mot de passe en 2026 Par Régis BAUDOUIN Se souvenir d’une majuscule, d’un chiffre, d’un caractère spécial, et changer le tout tous les trois mois… Cette corvée mentale, vestige des débuts de l’informatique, vit ses toutes dernières heures. En ce mois de juin 2026, le déploiement mondial des standards de connexion de nouvelle génération marque une bascule historique. Menée par l’alliance des géants de la tech, la sécurité ne repose plus sur ce que vous connaissez (un mot de passe), ni même uniquement sur ce que vous êtes (votre empreinte digitale), mais sur la façon dont vous vous comportez. Bienvenue dans l'ère de la biométrie comportementale décentralisée. Le coût de l’oubli : Selon les dernières données du cabinet Gartner, les demandes de réinitialisation de mots de passe représentent encore 20% à 30% de l’ensemble des tickets d’assistance informatique en entreprise, pour un coût moyen estimé à 15€ par intervention. Comment votre téléphone sait que c'est vous La biométrie traditionnelle (Iris, FaceID, empreinte) cartographie des caractéristiques physiques figées. La biométrie comportementale, elle, analyse la dynamique de vos actions en temps réel. C'est une science algorithmique qui transforme vos habitudes inconscientes en une signature mathématique unique. Lorsque vous saisissez votre smartphone, plusieurs dizaines de capteurs physiques s’activent en arrière-plan : L'accéléromètre et le gyroscope : Ils mesurent l’angle exact et la micro-oscillation de votre main. Le capteur de pression tactile : Il évalue la surface de contact de votre pouce et la force exercée sur la dalle en verre. Le rythme de frappe : L’algorithme calcule au millième de seconde près le temps de pression sur chaque touche et l’intervalle de transition entre deux lettres. Les publications de la IEEE Biometrics Council démontrent qu’en analysant seulement 30 à 40 frappes consécutives, un algorithme de notation comportementale atteint un taux de précision supérieur à 99% pour identifier le véritable propriétaire de l’appareil. Pour l’Intelligence Artificielle locale de votre téléphone, votre manière de taper ou de balayer votre fil d’actualité est aussi unique qu’une empreinte génétique. Si un tiers subtilise votre téléphone déverrouillé, le système détecte le changement de rythme en moins de 1,5 seconde et reverrouille l’appareil automatiquement. Source Le standard Passkeys 2.0 de l’alliance FIDO La question légitime que pose une telle innovation est celle de la vie privée. Hors de question que nos rythmes de frappe ou nos données de marche soient envoyés sur des serveurs Cloud pour y être analysés. C’est ici que la prouesse technique prend tout son sens : tout reste en local. Cette révolution s’appuie sur l’évolution des Passkeys, un protocole mondial développé par la FIDO Alliance. Les statistiques d’adoption de la FIDO Alliance pour 2026 révèlent que plus de 12 milliards de comptes en ligne dans le monde supportent désormais cette technologie. Métrique de SécuritéMots de Passe ClassiquesPasskeys + Biométrie ComportementaleSensibilité au Phishing (Hameçonnage)100% (Vulnérable)0% (Immunisé)Temps moyen de connexion~15 secondes~2,5 secondesTaux d’échec à l’authentification~14% (Erreurs de saisie)Moins de 0,5% Le principe repose sur la cryptographie asymétrique. Lorsque vous créez un compte, votre téléphone génère une paire de clés : une clé publique émise au site internet, et une clé privée, jalousement gardée dans l’enclave matérielle sécurisée de votre processeur (le Secure Element). La biométrie comportementale sert uniquement de déclencheur physique pour “libérer” cette clé privée locale. Le site distant ne reçoit jamais vos données comportementales ; il reçoit simplement une validation mathématique. Focus sur les Passkey Le principe fondamental d’un Passkey est qu’il n’existe aucun secret partagé entre vous et le service en ligne (Netflix, votre banque, Amazon). Contrairement à un mot de passe classique, qui est stocké sur les serveurs de l’entreprise (et donc vulnérable aux fuites de données), le Passkey sépare la sécurité en deux éléments mathématiques distincts et indissociables. [ Votre Appareil ] [ Serveur Web ] Clé Privée (Secrète) ── Chiffre le défi ──> Clé Publique (Connue) (Reste dans le SE) (Ne sert qu'à vérifier) Comment se déroule une connexion passkey ? 1.La génération de la paire de clés :Lors de l’inscription. Le gestionnaire de Passkeys de votre appareil génère une clé privée (qui reste enfermée dans la puce physique sécurisée de votre téléphone) et une clé publique (qui est envoyée au serveur du site). 2.L’envoi du défi (Challenge) :Lors de la connexion. Lorsque vous voulez vous connecter, le site web envoie un “défi” (un message aléatoire chiffré) à votre appareil. 3.Le déverrouillage biométrique :Validation locale. Votre appareil vous demande de valider votre identité (via FaceID, empreinte ou la fameuse biométrie comportementale). Cette action locale sert d’autorisation pour réveiller la clé privée. 4.La signature mathématique :Finalisation. La clé privée signe le défi envoyé par le site et renvoie la réponse. Le serveur utilise votre clé publique pour vérifier la signature. Si le calcul correspond, vous êtes connecté. Aucun mot de passe n’a voyagé sur le réseau. Les deux grandes familles de solutions Passkeys L’écosystème de 2026 se divise en deux approches techniques pour gérer ces clés cryptographiques. Elles répondent à des besoins de mobilité ou de sécurité informatique différents. 1. Les Passkeys Synchronisés (Multi-appareils / Synced Passkeys) C’est la solution grand public par excellence, intégrée nativement dans nos systèmes d’exploitation. La clé privée est stockée dans le trousseau Cloud du constructeur (Apple iCloud Keychain, Google Password Manager, Microsoft Account). Le fonctionnement : Si vous créez un Passkey sur votre iPhone, il est automatiquement disponible sur votre Mac ou votre iPad via iCloud. Le mécanisme de secours : Si vous perdez votre smartphone, vos Passkeys ne sont pas perdus : ils sont restaurés dès que vous vous reconnectez à votre compte cloud principal avec une authentification forte. Le cas du cross-platform : Si vous êtes sur un PC Windows et voulez vous connecter à un site avec le Passkey de votre iPhone, le PC affiche un QR Code. Votre iPhone le scanne, vérifie via une liaison Bluetooth de proximité que les deux appareils sont dans la même pièce, et valide la connexion. 2. Les Passkeys Matériels Liés (Single-device / Hardware-bound Passkeys) Cette approche est privilégiée par les entreprises, les banques ou les profils à haute visibilité (journalistes, politiciens). La clé privée est générée à l’intérieur d’un composant matériel dont elle ne pourra jamais sortir, interdisant toute copie dans le cloud. Les clés de sécurité physiques : Les clés USB/NFC (comme les YubiKeys de Yubico) matérialisent ce principe. La clé privée est scellée dans la puce de l’objet. Pour se connecter, il faut impérativement insérer la clé ou la badger contre son téléphone. Le niveau de sécurité supérieur : Même si votre compte iCloud ou Google est piraté, personne ne peut voler vos Passkeys matériels car ils n’existent nulle part sur internet. Les acteurs du marché des passkey en 2026 Le marché des solutions s’est considérablement structuré autour de trois grands types d’acteurs : Les natifs (Les OS) : Apple, Google et Microsoft fournissent l’infrastructure de base gratuite. C’est transparent pour l’utilisateur mais cela tend à verrouiller ce dernier dans leur écosystème respectif. Les gestionnaires indépendants (Cross-platform) : Des logiciels comme 1Password, Dashlane ou l’alternative open-source Bitwarden permettent de stocker et de synchroniser vos Passkeys de manière agnostique (fonctionne aussi bien entre un téléphone Android et un navigateur Safari sur Mac). Les solutions d’infrastructure (B2B) : Des plateformes comme Okta ou Ping Identity déploient ces architectures au sein des réseaux d’entreprises pour supprimer définitivement le risque de piratage interne. Le Passkey résout définitivement la faille numéro un de la sécurité informatique : l’erreur humaine. Un algorithme ne peut pas se faire berner par un faux site d’hameçonnage (phishing), car la clé publique est mathématiquement liée au nom de domaine exact du site. Si l’URL change d’une seule lettre, l’appareil refuse tout simplement de signer le défi. Sécurité absolue et friction zéro Pour l’utilisateur comme pour l’économie numérique, les bénéfices de cette numérisation invisible de la sécurité sont colossaux. Immunité totale contre le Phishing : Le rapport annuel de Verizon sur les fuites de données rappelle que 74% des cyberattaques impliquent encore un facteur humain (vol d’identifiants ou ingénierie sociale). N’ayant plus de mot de passe à taper, vous ne pouvez plus vous le faire voler par un faux email ou un site miroir. L’accessibilité universelle : Pour les personnes âgées ou en situation de handicap, la fin des barrières de saisie de codes complexes supprime la principale cause de l’exclusion numérique. La rentabilité pour les plateformes : Les géants du e-commerce constatent déjà une hausse de 5% à 7% des taux de conversion lors de l’étape de paiement depuis que les processus d’authentification contraignants ont été remplacés par la validation passive en arrière-plan. L’authentification invisible Le mot de passe était une anomalie ergonomique, une interface artificielle qui forçait l’humain à parler le langage de la machine. En 2026, la technologie est enfin devenue assez mature pour s’adapter à l’humain. En observant nos mouvements et nos rythmes sans jamais les trahir, nos appareils transforment nos gestes du quotidien en la plus sûre des clés. La haute sécurité n’est plus une contrainte, elle est devenue une seconde nature. Références et publications scientifiques pour approfondir : Le standard industriel et statistiques d’adoption : Pour comprendre l’architecture des clés d’accès décentralisées, consultez le portail officiel de la FIDO Alliance sur la technologie Passkey. Recherche en informatique et taux de précision : Pour les fondements scientifiques de l’analyse du rythme de frappe, voir les études indexées par le IEEE Xplore Digital Library sur les Keystroke Dynamics. Statistiques sur les cyberattaques : Consultez les rapports d’analyse des menaces sur le Verizon Data Breach Investigations Report pour les données liées au vol d’identifiants. The post Quand le mot de passe c'est vous first appeared on XY Magazine.
Jake and Michael discuss all the latest Laravel releases, tutorials, and happenings in the community.Show linksGenerate HTML Password Rules Attribute in Laravel 13.9.0Storage Cache Store in Laravel 13.10.0Scrollbar Styling and Container Size Utilities in Tailwind CSS v4.3.0Laravel Introduces First-Party Passkey Authentication SupportLaravel's AI SDK adds sub-agentsDHH Joins Laravel Live Denmark 2026 for Fireside Chat with Taylor OtwellManage Laravel Cloud Deployments Inside PhpStormMoat: A Security Review for Your GitHub AccountModel-Based Scheduling for Laravel with CadenceLarapanda: A Type-Safe Lightpanda Browser SDK for LaravelUse a Google Sheet as Your Laravel Database with the Google Sheets Database DriverDrag-and-Drop Sorting for Eloquent Models with Reorderable for LaravelPiper: Laravel-Style Array and String Helpers for PHP's Pipe OperatorSimple Feature Flags for Laravel with Laravel ToggleLaravel Paper: A Flat-File Eloquent DriverTutorialsLaravel MongoDB Full-Text Search tutorial: The Art of the RelevancyShip AI with Laravel: Real-Time Streaming Chat UI with Livewire
Dashlane's CTO pulls back the curtain on how password managers are actually using AI, why it's more complicated than hype suggests, and what the rise of AI-powered code review means for the next wave of digital security. Nvidia Rides Blistering Chip Sales to Another Record Quarter Mind-Blowing Growth Is About to Propel Anthropic Into Its First Profitable Quarter SpaceX Filing Starts Countdown to Massive IPO Gemini 3.5 Flash: more expensive, but Google plan to use it for everything Google's Gemini Spark is an agentic AI assistant - Engadget Anthropic's Co-Founder to Launch Encyclical on AI With Pope Leo (21) Andrej Karpathy on X: "Personal update: I've joined Anthropic. I think the next few years at the frontier of LLMs will be especially formative. I am very excited to join the team here and get back to R&D. I remain deeply passionate about education and plan to resume my work on it in time." / X Most U.S. doctors are quietly using this AI tool. Few patients know about it. Greg Brockman Officially Takes Control of OpenAI's Products in Latest Shakeup Amazon's Alexa+ Now Produces AI-Generated 'Podcasts' Featuring Chats Between Two Robot 'Co-Hosts' AI chatbots are giving out people's real phone numbers Geoffrey Fowler and the Launch of the Youth AI Safety Institute We let four AIs run radio stations. Here's what happened. | Andon Labs The last six months in LLMs in five minutes Lake Tahoe Power Crisis: How AI Data Centers Are Cutting Power to 50,000 Residents What happens when you post a real Monet and say it's AI? The coolest art social experiment I've seen in a while. Thank you @SHL0MS Book on Truth in the Age of A.I. Contains Quotes Made Up by A.I. OpenClaw's Peter Steinberger's tokenmaxxing 'Obvious markers of AI': doubts raised over winner of short story prize Man drives Cybertruck into Grapevine Lake Stewart Brand's Maintenance of Everything Sports Illustrated Just Deleted Every Article by One of Its Writers After Accusation of AI Plagiarism The great digital media valuation collapse Sperm racing Hosts: Leo Laporte, Jeff Jarvis, and Paris Martineau Guest: Frederic Rivain Download or subscribe to Intelligent Machines at https://twit.tv/shows/intelligent-machines. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: outsystems.com/twit monarch.com with code IM zscaler.com/security XBOW.com
Dashlane's CTO pulls back the curtain on how password managers are actually using AI, why it's more complicated than hype suggests, and what the rise of AI-powered code review means for the next wave of digital security. Nvidia Rides Blistering Chip Sales to Another Record Quarter Mind-Blowing Growth Is About to Propel Anthropic Into Its First Profitable Quarter SpaceX Filing Starts Countdown to Massive IPO Gemini 3.5 Flash: more expensive, but Google plan to use it for everything Google's Gemini Spark is an agentic AI assistant - Engadget Anthropic's Co-Founder to Launch Encyclical on AI With Pope Leo (21) Andrej Karpathy on X: "Personal update: I've joined Anthropic. I think the next few years at the frontier of LLMs will be especially formative. I am very excited to join the team here and get back to R&D. I remain deeply passionate about education and plan to resume my work on it in time." / X Most U.S. doctors are quietly using this AI tool. Few patients know about it. Greg Brockman Officially Takes Control of OpenAI's Products in Latest Shakeup Amazon's Alexa+ Now Produces AI-Generated 'Podcasts' Featuring Chats Between Two Robot 'Co-Hosts' AI chatbots are giving out people's real phone numbers Geoffrey Fowler and the Launch of the Youth AI Safety Institute We let four AIs run radio stations. Here's what happened. | Andon Labs The last six months in LLMs in five minutes Lake Tahoe Power Crisis: How AI Data Centers Are Cutting Power to 50,000 Residents What happens when you post a real Monet and say it's AI? The coolest art social experiment I've seen in a while. Thank you @SHL0MS Book on Truth in the Age of A.I. Contains Quotes Made Up by A.I. OpenClaw's Peter Steinberger's tokenmaxxing 'Obvious markers of AI': doubts raised over winner of short story prize Man drives Cybertruck into Grapevine Lake Stewart Brand's Maintenance of Everything Sports Illustrated Just Deleted Every Article by One of Its Writers After Accusation of AI Plagiarism The great digital media valuation collapse Sperm racing Hosts: Leo Laporte, Jeff Jarvis, and Paris Martineau Guest: Frederic Rivain Download or subscribe to Intelligent Machines at https://twit.tv/shows/intelligent-machines. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: outsystems.com/twit monarch.com with code IM zscaler.com/security XBOW.com
Dashlane's CTO pulls back the curtain on how password managers are actually using AI, why it's more complicated than hype suggests, and what the rise of AI-powered code review means for the next wave of digital security. Nvidia Rides Blistering Chip Sales to Another Record Quarter Mind-Blowing Growth Is About to Propel Anthropic Into Its First Profitable Quarter SpaceX Filing Starts Countdown to Massive IPO Gemini 3.5 Flash: more expensive, but Google plan to use it for everything Google's Gemini Spark is an agentic AI assistant - Engadget Anthropic's Co-Founder to Launch Encyclical on AI With Pope Leo (21) Andrej Karpathy on X: "Personal update: I've joined Anthropic. I think the next few years at the frontier of LLMs will be especially formative. I am very excited to join the team here and get back to R&D. I remain deeply passionate about education and plan to resume my work on it in time." / X Most U.S. doctors are quietly using this AI tool. Few patients know about it. Greg Brockman Officially Takes Control of OpenAI's Products in Latest Shakeup Amazon's Alexa+ Now Produces AI-Generated 'Podcasts' Featuring Chats Between Two Robot 'Co-Hosts' AI chatbots are giving out people's real phone numbers Geoffrey Fowler and the Launch of the Youth AI Safety Institute We let four AIs run radio stations. Here's what happened. | Andon Labs The last six months in LLMs in five minutes Lake Tahoe Power Crisis: How AI Data Centers Are Cutting Power to 50,000 Residents What happens when you post a real Monet and say it's AI? The coolest art social experiment I've seen in a while. Thank you @SHL0MS Book on Truth in the Age of A.I. Contains Quotes Made Up by A.I. OpenClaw's Peter Steinberger's tokenmaxxing 'Obvious markers of AI': doubts raised over winner of short story prize Man drives Cybertruck into Grapevine Lake Stewart Brand's Maintenance of Everything Sports Illustrated Just Deleted Every Article by One of Its Writers After Accusation of AI Plagiarism The great digital media valuation collapse Sperm racing Hosts: Leo Laporte, Jeff Jarvis, and Paris Martineau Guest: Frederic Rivain Download or subscribe to Intelligent Machines at https://twit.tv/shows/intelligent-machines. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: outsystems.com/twit monarch.com with code IM zscaler.com/security XBOW.com
Dashlane's CTO pulls back the curtain on how password managers are actually using AI, why it's more complicated than hype suggests, and what the rise of AI-powered code review means for the next wave of digital security. Nvidia Rides Blistering Chip Sales to Another Record Quarter Mind-Blowing Growth Is About to Propel Anthropic Into Its First Profitable Quarter SpaceX Filing Starts Countdown to Massive IPO Gemini 3.5 Flash: more expensive, but Google plan to use it for everything Google's Gemini Spark is an agentic AI assistant - Engadget Anthropic's Co-Founder to Launch Encyclical on AI With Pope Leo (21) Andrej Karpathy on X: "Personal update: I've joined Anthropic. I think the next few years at the frontier of LLMs will be especially formative. I am very excited to join the team here and get back to R&D. I remain deeply passionate about education and plan to resume my work on it in time." / X Most U.S. doctors are quietly using this AI tool. Few patients know about it. Greg Brockman Officially Takes Control of OpenAI's Products in Latest Shakeup Amazon's Alexa+ Now Produces AI-Generated 'Podcasts' Featuring Chats Between Two Robot 'Co-Hosts' AI chatbots are giving out people's real phone numbers Geoffrey Fowler and the Launch of the Youth AI Safety Institute We let four AIs run radio stations. Here's what happened. | Andon Labs The last six months in LLMs in five minutes Lake Tahoe Power Crisis: How AI Data Centers Are Cutting Power to 50,000 Residents What happens when you post a real Monet and say it's AI? The coolest art social experiment I've seen in a while. Thank you @SHL0MS Book on Truth in the Age of A.I. Contains Quotes Made Up by A.I. OpenClaw's Peter Steinberger's tokenmaxxing 'Obvious markers of AI': doubts raised over winner of short story prize Man drives Cybertruck into Grapevine Lake Stewart Brand's Maintenance of Everything Sports Illustrated Just Deleted Every Article by One of Its Writers After Accusation of AI Plagiarism The great digital media valuation collapse Sperm racing Hosts: Leo Laporte, Jeff Jarvis, and Paris Martineau Guest: Frederic Rivain Download or subscribe to Intelligent Machines at https://twit.tv/shows/intelligent-machines. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: outsystems.com/twit monarch.com with code IM zscaler.com/security XBOW.com
Dashlane's CTO pulls back the curtain on how password managers are actually using AI, why it's more complicated than hype suggests, and what the rise of AI-powered code review means for the next wave of digital security. Nvidia Rides Blistering Chip Sales to Another Record Quarter Mind-Blowing Growth Is About to Propel Anthropic Into Its First Profitable Quarter SpaceX Filing Starts Countdown to Massive IPO Gemini 3.5 Flash: more expensive, but Google plan to use it for everything Google's Gemini Spark is an agentic AI assistant - Engadget Anthropic's Co-Founder to Launch Encyclical on AI With Pope Leo (21) Andrej Karpathy on X: "Personal update: I've joined Anthropic. I think the next few years at the frontier of LLMs will be especially formative. I am very excited to join the team here and get back to R&D. I remain deeply passionate about education and plan to resume my work on it in time." / X Most U.S. doctors are quietly using this AI tool. Few patients know about it. Greg Brockman Officially Takes Control of OpenAI's Products in Latest Shakeup Amazon's Alexa+ Now Produces AI-Generated 'Podcasts' Featuring Chats Between Two Robot 'Co-Hosts' AI chatbots are giving out people's real phone numbers Geoffrey Fowler and the Launch of the Youth AI Safety Institute We let four AIs run radio stations. Here's what happened. | Andon Labs The last six months in LLMs in five minutes Lake Tahoe Power Crisis: How AI Data Centers Are Cutting Power to 50,000 Residents What happens when you post a real Monet and say it's AI? The coolest art social experiment I've seen in a while. Thank you @SHL0MS Book on Truth in the Age of A.I. Contains Quotes Made Up by A.I. OpenClaw's Peter Steinberger's tokenmaxxing 'Obvious markers of AI': doubts raised over winner of short story prize Man drives Cybertruck into Grapevine Lake Stewart Brand's Maintenance of Everything Sports Illustrated Just Deleted Every Article by One of Its Writers After Accusation of AI Plagiarism The great digital media valuation collapse Sperm racing Hosts: Leo Laporte, Jeff Jarvis, and Paris Martineau Guest: Frederic Rivain Download or subscribe to Intelligent Machines at https://twit.tv/shows/intelligent-machines. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: outsystems.com/twit monarch.com with code IM zscaler.com/security XBOW.com
Dashlane's CTO pulls back the curtain on how password managers are actually using AI, why it's more complicated than hype suggests, and what the rise of AI-powered code review means for the next wave of digital security. Nvidia Rides Blistering Chip Sales to Another Record Quarter Mind-Blowing Growth Is About to Propel Anthropic Into Its First Profitable Quarter SpaceX Filing Starts Countdown to Massive IPO Gemini 3.5 Flash: more expensive, but Google plan to use it for everything Google's Gemini Spark is an agentic AI assistant - Engadget Anthropic's Co-Founder to Launch Encyclical on AI With Pope Leo (21) Andrej Karpathy on X: "Personal update: I've joined Anthropic. I think the next few years at the frontier of LLMs will be especially formative. I am very excited to join the team here and get back to R&D. I remain deeply passionate about education and plan to resume my work on it in time." / X Most U.S. doctors are quietly using this AI tool. Few patients know about it. Greg Brockman Officially Takes Control of OpenAI's Products in Latest Shakeup Amazon's Alexa+ Now Produces AI-Generated 'Podcasts' Featuring Chats Between Two Robot 'Co-Hosts' AI chatbots are giving out people's real phone numbers Geoffrey Fowler and the Launch of the Youth AI Safety Institute We let four AIs run radio stations. Here's what happened. | Andon Labs The last six months in LLMs in five minutes Lake Tahoe Power Crisis: How AI Data Centers Are Cutting Power to 50,000 Residents What happens when you post a real Monet and say it's AI? The coolest art social experiment I've seen in a while. Thank you @SHL0MS Book on Truth in the Age of A.I. Contains Quotes Made Up by A.I. OpenClaw's Peter Steinberger's tokenmaxxing 'Obvious markers of AI': doubts raised over winner of short story prize Man drives Cybertruck into Grapevine Lake Stewart Brand's Maintenance of Everything Sports Illustrated Just Deleted Every Article by One of Its Writers After Accusation of AI Plagiarism The great digital media valuation collapse Sperm racing Hosts: Leo Laporte, Jeff Jarvis, and Paris Martineau Guest: Frederic Rivain Download or subscribe to Intelligent Machines at https://twit.tv/shows/intelligent-machines. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsors: outsystems.com/twit monarch.com with code IM zscaler.com/security XBOW.com
In our World Password Day Special, we're digging into credentials, identity, and authentication — and where security is heading next.
SummaryIn this episode, Andy and Adam discuss a recent vulnerability in the Signal messaging app that allowed the FBI to recover deleted messages from an iPhone due to a flaw in Apple's notification system. They emphasize the importance of user settings and the need for regular updates. The conversation then shifts to the UK National Cyber Security Centre's endorsement of passkeys as a preferred login method for consumers, highlighting the shift away from traditional passwords. Finally, they address the challenges of open source software security, referencing Marcus Hutchins' insights on the lack of bug bounty programs and the potential risks associated with unmonitored code.----------------------------------------------------YouTube Video Link: https://youtu.be/yXuUc32MPL4----------------------------------------------------Documentation: https://arstechnica.com/tech-policy/2026/04/apple-stops-weirdly-storing-data-that-let-cops-spy-on-signal-chats/https://www.infosecurity-magazine.com/news/ncsc-backs-passkeys-new-era-of/----------------------------------------------------Contact Us:Website: https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: https://www.linkedin.com/company/bluesecpodYouTube: https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: https://www.linkedin.com/in/andyjaw/Email: andy@bluesecuritypod.com----------------------------------------------------Adam BrewerTwitter: https://twitter.com/ajbrewerLinkedIn: https://www.linkedin.com/in/adamjbrewer/Email: adam@bluesecuritypod.com
SummaryIn this episode, Andy and Adam discuss a recent vulnerability in the Signal messaging app that allowed the FBI to recover deleted messages from an iPhone due to a flaw in Apple's notification system. They emphasize the importance of user settings and the need for regular updates. The conversation then shifts to the UK National Cyber Security Centre's endorsement of passkeys as a preferred login method for consumers, highlighting the shift away from traditional passwords. Finally, they address the challenges of open source software security, referencing Marcus Hutchins' insights on the lack of bug bounty programs and the potential risks associated with unmonitored code.----------------------------------------------------YouTube Video Link: https://youtu.be/yXuUc32MPL4----------------------------------------------------Documentation: https://arstechnica.com/tech-policy/2026/04/apple-stops-weirdly-storing-data-that-let-cops-spy-on-signal-chats/https://www.infosecurity-magazine.com/news/ncsc-backs-passkeys-new-era-of/----------------------------------------------------Contact Us:Website: https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: https://www.linkedin.com/company/bluesecpodYouTube: https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: https://www.linkedin.com/in/andyjaw/Email: andy@bluesecuritypod.com----------------------------------------------------Adam BrewerTwitter: https://twitter.com/ajbrewerLinkedIn: https://www.linkedin.com/in/adamjbrewer/Email: adam@bluesecuritypod.com
Apple's leadership shake-up, the rise of passkeys, and the future of smart security are here. Steven Scott dives into Tim Cook's departure, Apple's next moves, and Ring's innovative 4K doorbell features. [Sponsor] Entries are still open for the Double Tap competition in partnership with Pneuma Solutions, with a closing date of May 1st. Listeners have the chance to win subscriptions to powerful accessibility tools including Remote Incident Manager for accessible remote tech support and Scribe for creating screen reader-friendly documents quickly. To enter, send an email to feedback@doubletaponair.com, a WhatsApp message to (613) 481-0144, or call (877) 803-4567, making sure to include your name and contact details so the team can get in touch if you win. This episode of Double Tap Mainstream brings together breaking tech news and security insights. Steven Scott tackles Apple's major announcement: Tim Cook steps down, naming long-time hardware leader John Ternus as CEO. Technology journalist Will Guyatt joins to explore Apple's strategy, Silicon transitions, AI integration, and what's next for wearables and AR. Then, Dave Ward of Ring unveils the company's newest 2K and 4K video doorbells, complete with Familiar Faces recognition and smart video descriptions—features designed to enhance home security without compromising privacy. Closing the show, Karolis Arbaciauskas from NordVPN explains why passkeys are the future of authentication, how they improve safety over passwords, and how users can start adopting them today. Call to Action Subscribe for more in-depth tech insights and accessibility-focused tech coverage. Share your thoughts in the comments, and don't forget to hit like if you found this episode helpful! Relevant Links Ring: https://www.ring.com NordVPN: https://nordvpn.com ----Follow on:YouTube: https://www.doubletaponair.com/youtubeX (formerly Twitter): https://www.doubletaponair.com/xInstagram: https://www.doubletaponair.com/instagramTikTok: https://www.doubletaponair.com/tiktokThreads: https://www.doubletaponair.com/threadsFacebook: https://www.doubletaponair.com/facebookLinkedIn: https://www.doubletaponair.com/linkedinSubscribe to the Podcast:Apple: https://www.doubletaponair.com/appleSpotify: https://www.doubletaponair.com/spotifyRSS: https://www.doubletaponair.com/podcastiHeadRadio: https://www.doubletaponair.com/iheartAbout Double TapHosted by the insightful duo, Steven Scott and Shaun Preece, Double Tap is a treasure trove of information for anyone who's blind or partially sighted and has a passion for tech. Steven and Shaun not only demystify tech, but they also regularly feature interviews and welcome guests from the community, fostering an interactive and engaging environment. Tune in every day of the week, and you'll discover how technology can seamlessly integrate into your life, enhancing daily tasks and experiences, even if your sight is limited."Double Tap" is a registered trademark of Double Tap Productions Inc. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
In the first part of this annual check-in, Carolyn Woodard and Matthew Eshleman dive into the findings from the eighth annual Nonprofit Cybersecurity Incident Report. Analyzing data from thousands of client endpoints throughout 2025, they discuss how the landscape has shifted—specifically how AI is being used by threat actors to lower the barrier for sophisticated attacks. This episode provides a high-level look at the trends that defined the past year and the foundational layers every nonprofit needs to protect its mission in 2026.The conversation covers the rise of financially motivated scams, the increasing frequency of partisan digital attacks, and why data is transitionally moving from an organizational asset to a potential liability. Matthew explains:How AI tools are accelerating attack vectors through automated scripts and convincing phishing.Why your organization's cybersecurity foundation must be built on policy and frequent, vibrant staff training rather than just annual videos.The evolution of multi-factor authentication (MFA) and the shift toward phish-resistant methods like Passkeys or physical keys like FIDO keys.Why data retention policies are becoming a necessity to mitigate legal risks and data leakage.The importance of governing how staff interact with free AI tools to prevent institutional data from entering the public domain.Resources MentionedNonprofit IT Management Reddit CommunityCybersecurity Playbook for NonprofitsNGO ISACKnowBe4 Security Awareness Training _______________________________Start a conversation :)Register to attend a webinar in real time, and find all past transcripts at https://communityit.com/webinars/email Carolyn at cwoodard@communityit.comon LinkedIn on reddit/r/nonprofitITmanagementon the Community IT websiteThanks for listening.
Unlock the ultimate guide to building a future-proof cybersecurity career and mastering the complex world of AI security! Join us for an exclusive interview with Ben Wilcox, CTO and CSO of ProArch, as he unveils his unparalleled insights forged over three decades in digital defense. This video is your essential roadmap to navigating the rapidly evolving landscape of AI security, securing enterprise AI, and understanding the critical challenges and opportunities in cyber defense.Whether you're looking to break into cybersecurity, advance your tech career, or are a seasoned IT veteran, Ben's journey—from early internet hustles to a leadership role in cloud and application security—provides invaluable, practical guidance. Discover the foundational knowledge, crucial soft skills, and continuous learning strategies vital for anyone aspiring to a successful cybersecurity career. Ben highlights the immense value of professional certifications and the unique advantages gained through diverse experiences, especially within consultancies.Dive deep into what truly keeps Chief Security Officers (CSOs) awake at night, including the growing threat of identity-driven attacks and the rapidly emerging security challenges posed by sophisticated AI agents. We explore the critical importance of implementing zero trust architectures and how advanced security tools are becoming indispensable to manage the expanding AI attack surface effectively. Ben offers actionable cybersecurity career advice for newcomers: embrace every learning opportunity, cultivate strong communication and people skills, and actively network within the industry. Tune in for expert insights on cybersecurity leadership, sustainable career growth, robust security best practices, and truly securing the future in an age of artificial intelligence.This comprehensive deep dive into AI security, strategic career development, and cutting-edge security strategies is an absolute must-watch for anyone interested in AI's profound impact on cyber defense and professional growth. Learn directly from an industry leader how to not only secure your own career but also contribute to securing our digital world against advanced threats. Don't miss out on mastering AI security concepts and significantly advancing your professional journey in cybersecurity.Timestamps:0:00 Introduction: CTO Ben Wilcox & AI Security Career Map13:00 Breaking Into Cyber Today: AI's Impact & Essential Skills17:49 CSO Concerns: Identity Attacks, Passkeys & Agentic AI Risks22:41 Enterprise AI Security: Zero Trust & Attack Surface Management26:14 Career Growth Advice: Networking, Soft Skills & Future-ProofingConnect with Ben Wilcox on LinkedIn: https://www.linkedin.com/in/ben-wilcox/Learn more about Breaking Into Cybersecurity:Website: https://www.cyberhubpodcast.com/breakingintocybersecurityPodcast: https://podcasters.spotify.com/pod/show/breaking-into-cybersecuriYouTube: https://www.youtube.com/c/BreakingIntoCybersecurityLinkedIn: https://www.linkedin.com/company/breaking-into-cybersecurity/Check out our books:The Cybersecurity Advantage - https://leanpub.com/the-cybersecurity-advantageDevelop Your Cybersecurity Career Path: How to Break into Cybersecurity at Any Level - https://amzn.to/3443AUIHack the Cybersecurity Interview: Navigate Cybersecurity Interviews with Confidence - https://www.amazon.com/Hack-Cybersecurity-Interview-Interviews-Entry-level/dp/1835461298/Hacker Inc.: Mindset For Your Career - https://www.amazon.com/Hacker-Inc-Mindset-Your-Career/dp/B0DKTK1R93/About the Hosts:Renee Small, CEO of Cyber Human Capital: https://www.linkedin.com/in/reneebrownsmall/Christophe Foulon, Cybersecurity Strategist: https://www.linkedin.com/in/christophefoulon/Find out more about CPF-Coaching: https://www.cpf-coaching.comSponsored by CPF Coaching LLC - http://cpf-coaching.com
Pre-show: The new Ceramic Shield 2 in the iPhone 17 Pro is the real deal UniFi Travel Router Cascades trail Shenandoah National Park
Summary On this episode of Chattinn Cyber, Marc is chattin' with Ben Wilcox, Chief Technology Officer and Chief Information Security Officer at ProArch. Their chat opens by focusing on high-impact, practical ways organizations can reduce cyber risk. Ben highlights identity as the top priority: his team moved to passkeys to remove passwords and lower the attack surface. He stresses that threat actors increasingly use man-in-the-middle techniques and that AI has accelerated the automation of credential-theft, which makes strengthening identity controls essential. The chat then moves to AI and data governance. Ben describes rolling out visibility tools to monitor internal AI use — what prompts users run and what data is fed into models — and pairing that with data labeling and classification. He warns organizations to restrict where AI tools are allowed and to implement compensating data controls to prevent accidental or intentional leaks of sensitive information. Ben cautions that AI and cybersecurity must be adopted in parallel, because AI will reveal existing misconfigurations and permission drift. He gives practical examples (like Copilot showing information a user shouldn't see because of incorrect permissions) to illustrate how AI surfaces weaknesses in access controls. The takeaway is that AI can be a force-multiplier but also a magnifier of existing security gaps. On leadership and tradeoffs, Ben explains how combining CTO and CSO responsibilities can be an enabler if balanced correctly. He argues for marrying a product/technology lens with a risk lens, leveraging internal expertise, and making business enablement and security complementary so organizations can move quickly while maintaining the right groundwork. Finally, Ben addresses translating cyber risk into financial terms for CFOs and boards. He recommends business impact analysis—linking key system outages (e.g., Active Directory) to production downtime costs—to quantify risk and justify security investments. He shares real incident cost ranges (low seven figures to tens of millions in some cases), underscores the role of compensating controls, and concludes with a call to monitor industry trends, assess outage and reputational costs, and prioritize risk reduction. Key Points Identity-first approach: move away from passwords (passkeys) and reduce reliance on MFA tokens that can be intercepted or automated by attackers. AI visibility and data controls: monitor internal AI usage, restrict sites/tools, and enforce labeling/classification to prevent data leakage. AI exposes existing weaknesses: adopting AI without fixing permission drift and misconfigurations surfaces risks rather than hiding them. Speed and detection advantage: AI can accelerate detection and response in SOCs—gaining even seconds can materially reduce impact. Translate risk to business terms: use business impact analysis to quantify downtime costs and build the financial case for security investments and insurance. Key Quotes “Last year we took the initiative and we moved to pass keys.” “AI has sped up that weaponization and being able to turn that around and get those tokens automatically.” “AI is going to expose the weaknesses that are inherent within your security controls that you already have in place.” “If we can get even 5 seconds faster or 10 seconds faster or 20 seconds faster, sometimes that makes a difference.” “And that’s why they should have bought cyber insurance.” About Our Guest Ben Wilcox is a seasoned technology leader with over 25 years of experience driving innovation and solving complex business challenges. Serving as both Chief Technology Officer and Chief Information Security Officer at ProArch, Ben combines a forward-looking vision with a hands-on approach to cybersecurity. He is passionate about leveraging technology to accelerate business outcomes while embedding security best practices into organizational culture and operations. Ben's strategic mindset and dedication to excellence have strengthened ProArch's resilience and helped protect clients' data and systems. Outside of work, Ben channels his relentless drive into racing as an instructor and competitor with the Northeast Audi Club, and enjoys gardening, cooking, and spending quality time with his family. As he puts it, “Security isn’t just about defending against threats—it’s about enabling trust, protecting growth, and ensuring every decision we make strengthens the foundation of the business.” Follow Our Guest LinkedIn | Website About Our Host National co-chair of the Cyber Center for Excellence, Marc Schein, CIC,CLCS is also a Risk Management Consultant at Marsh McLennan Agency. He assists clients by customizing comprehensive commercial insurance programs that minimize the burden of financial loss through cost effective transfer of risk. By conducting a Total Cost of Risk (TCoR) assessment, he can determine any gaps in coverage. As part of an effective risk management insurance team, Marc collaborates with senior risk consultants, certified insurance counselors, and expert underwriters to examine the adequacy of existing client programs and develop customized solutions to transfer risk, improve coverage and minimize premiums. Follow Our Host Website | LinkedIn
Friday - Clark Stinks day! Christa shares Clark Stinks posts with Clark. Submit yours at Clark.com/ClarkStinks. Also today - security risks keep morphing via phone and/or account takeover attempts. Clark covers a specific threat targeting iPhone users and the simple fix, plus - the next generation of online security – Passkeys. Clark Stinks: Segments 1 & 2 Prevent Hackers: Segment 3 Ask Clark: Segment 4 Mentioned on the show: Buy Now, Pay Later: A Helpful Tool or a Debt Trap? - Clark Howard Roth IRA Withdrawal Rules What Is a Credit Union? - Clark Howard Why Clark Howard Thinks You Need a Digital Passport Best Free Password Managers: 10 Top Picks - Clark Howard New Ways to Keep Your Online Accounts Safe Military and Veterans Guide: Free Resources for Your Finances Charitable Contributions Deduction: What It Is and How It Works Understanding Donor-Advised Funds: Pros and Cons Clark.com resources: Episode transcripts Community.Clark.com / Ask Clark Clark.com daily money newsletter Consumer Action Center Free Helpline: 636-492-5275 Learn more about your ad choices. Visit megaphone.fm/adchoices
In today's episode of the Analyst Chat, Matthias Reinwarth welcomes John Tolbert to take a deep dive into the rapidly evolving world of Consumer Identity and Access Management (CIAM). As organizations manage millions, or even billions, of identities, CIAM is shifting from a standalone capability to a core component of broader digital ecosystems. Key topics: ✅ Consumer vs. B2B IAM segmentation✅ Passkeys adoption and UX gaps✅ Identity lifecycle and account recovery✅ CIAM integrations and platform ecosystems✅ AI agents and identity governance Increasing scale, regulatory pressure, and user expectations are reshaping CIAM requirements. AI agents begin to act on behalf of users, introducing new risks, but also new opportunities for automation and innovation.
Leo Laporte takes to the expo floor at RSAC 2026 in San Francisco's Moscone Center for a rapid-fire series of conversations with leading security vendors and thinkers. From Thinkst Canary's honeypot deception tactics to Bitwarden's new Agent Access SDK, Tailscale's AI gateway, and Aikido Security's fully autonomous AI pen testers, the dominant theme is clear: the AI agent era has arrived and security hasn't caught up. Plus, a surprise meeting with WannaCry kill-switch hero Marcus Hutchins. Thinkst Canary, ThreatLocker, and Bitwarden are sponsors of the TWiT.tv Network. 0:29 Haroon Meer | Thinkst Canary – Honeypots & Deception Tech 6:35 Bob Boyle | Torq – AI-Powered Security Automation 9:50 Juan Quesada | Yubico – FIDO2, Passkeys & Pre-Registered YubiKeys 12:33 Rob Allen | ThreatLocker – Zero Trust & Deny by Default 25:53 Arun Singh | Drata – Trust Management & Compliance 27:34 Jelmer Snoeck | Keycard Labs – Ephemeral Tokens for AI Agents 35:26 Kasey Babcock | Bitwarden – Agent Access SDK 41:52 Roeland Delrue | Aikido Security – Autonomous AI Pen Testing 48:56 Bill Keeler | Semperis – Identity Security & "Midnight in the War Room" 52:08 MalwareTech Marcus Hutchins & Cybersecurity Girl Caitlin Sarian 54:30 Chris Hughes | Zenity – Securing AI Agents at Runtime 1:01:35 Jillian Murphy | Tailscale – Networking, Aperture & Free Forever Host: Leo Laporte Guests: Haroon Meer, Rob Allen, Bob Boyle, Juan Quesada, Arun Signh, Kasey Babcock, Roeland Delrue, Bill Keeler, Marcus Hutchins, Caitlin Sarian, Chris Hughes, and Jillian Murphy Download or subscribe to TWiT Events at https://twit.tv/shows/twit-events. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit
Leo Laporte takes to the expo floor at RSAC 2026 in San Francisco's Moscone Center for a rapid-fire series of conversations with leading security vendors and thinkers. From Thinkst Canary's honeypot deception tactics to Bitwarden's new Agent Access SDK, Tailscale's AI gateway, and Aikido Security's fully autonomous AI pen testers, the dominant theme is clear: the AI agent era has arrived and security hasn't caught up. Plus, a surprise meeting with WannaCry kill-switch hero Marcus Hutchins. Thinkst Canary, ThreatLocker, and Bitwarden are sponsors of the TWiT.tv Network. 0:29 Haroon Meer | Thinkst Canary – Honeypots & Deception Tech 6:35 Bob Boyle | Torq – AI-Powered Security Automation 9:50 Juan Quesada | Yubico – FIDO2, Passkeys & Pre-Registered YubiKeys 12:33 Rob Allen | ThreatLocker – Zero Trust & Deny by Default 25:53 Arun Singh | Drata – Trust Management & Compliance 27:34 Jelmer Snoeck | Keycard Labs – Ephemeral Tokens for AI Agents 35:26 Kasey Babcock | Bitwarden – Agent Access SDK 41:52 Roeland Delrue | Aikido Security – Autonomous AI Pen Testing 48:56 Bill Keeler | Semperis – Identity Security & "Midnight in the War Room" 52:08 MalwareTech Marcus Hutchins & Cybersecurity Girl Caitlin Sarian 54:30 Chris Hughes | Zenity – Securing AI Agents at Runtime 1:01:35 Jillian Murphy | Tailscale – Networking, Aperture & Free Forever Host: Leo Laporte Guests: Haroon Meer, Rob Allen, Bob Boyle, Juan Quesada, Arun Signh, Kasey Babcock, Roeland Delrue, Bill Keeler, Marcus Hutchins, Caitlin Sarian, Chris Hughes, and Jillian Murphy Download or subscribe to TWiT Events at https://twit.tv/shows/twit-events. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit
Leo Laporte takes to the expo floor at RSAC 2026 in San Francisco's Moscone Center for a rapid-fire series of conversations with leading security vendors and thinkers. From Thinkst Canary's honeypot deception tactics to Bitwarden's new Agent Access SDK, Tailscale's AI gateway, and Aikido Security's fully autonomous AI pen testers, the dominant theme is clear: the AI agent era has arrived and security hasn't caught up. Plus, a surprise meeting with WannaCry kill-switch hero Marcus Hutchins. Thinkst Canary, ThreatLocker, and Bitwarden are sponsors of the TWiT.tv Network. 00:00:00 Intro – Leo Laporte at RSAC 2026, Moscone Center 00:00:29 Haroon Meer | Thinkst Canary – Honeypots & Deception Tech 00:06:35 Bob Boyle | Torq – AI-Powered Security Automation 00:09:50 Juan Quesada | Yubico – FIDO2, Passkeys & Pre-Registered YubiKeys 00:12:33 Rob Allen | ThreatLocker – Zero Trust & Deny by Default 00:25:53 Arun Singh | Drata – Trust Management & Compliance 00:27:34 Jelmer Snoeck | Keycard Labs – Ephemeral Tokens for AI Agents 00:35:26 Kasey Babcock | Bitwarden – Agent Access SDK 00:41:52 Roeland Delrue | Aikido Security – Autonomous AI Pen Testing 00:48:56 Bill Keeler | Semperis – Identity Security & "Midnight in the War Room" 00:52:08 MalwareTech Marcus Hutchins & Cybersecurity Girl Caitlin Sarian 00:54:30 Chris Hughes | Zenity – Securing AI Agents at Runtime 01:01:35 Jillian Murphy | Tailscale – Networking, Aperture & Free Forever Host: Leo Laporte Guests: Haroon Meer, Rob Allen, Bob Boyle, Juan Quesada, Arun Signh, Kasey Babcock, Roeland Delrue, Bill Keeler, Marcus Hutchins, Caitlin Sarian, Chris Hughes, and Jillian Murphy Download or subscribe to TWiT Events at https://twit.tv/shows/twit-events. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit
Leo Laporte takes to the expo floor at RSAC 2026 in San Francisco's Moscone Center for a rapid-fire series of conversations with leading security vendors and thinkers. From Thinkst Canary's honeypot deception tactics to Bitwarden's new Agent Access SDK, Tailscale's AI gateway, and Aikido Security's fully autonomous AI pen testers, the dominant theme is clear: the AI agent era has arrived and security hasn't caught up. Plus, a surprise meeting with WannaCry kill-switch hero Marcus Hutchins. Thinkst Canary, ThreatLocker, and Bitwarden are sponsors of the TWiT.tv Network. 00:00:00 Intro – Leo Laporte at RSAC 2026, Moscone Center 00:00:29 Haroon Meer | Thinkst Canary – Honeypots & Deception Tech 00:06:35 Bob Boyle | Torq – AI-Powered Security Automation 00:09:50 Juan Quesada | Yubico – FIDO2, Passkeys & Pre-Registered YubiKeys 00:12:33 Rob Allen | ThreatLocker – Zero Trust & Deny by Default 00:25:53 Arun Singh | Drata – Trust Management & Compliance 00:27:34 Jelmer Snoeck | Keycard Labs – Ephemeral Tokens for AI Agents 00:35:26 Kasey Babcock | Bitwarden – Agent Access SDK 00:41:52 Roeland Delrue | Aikido Security – Autonomous AI Pen Testing 00:48:56 Bill Keeler | Semperis – Identity Security & "Midnight in the War Room" 00:52:08 MalwareTech Marcus Hutchins & Cybersecurity Girl Caitlin Sarian 00:54:30 Chris Hughes | Zenity – Securing AI Agents at Runtime 01:01:35 Jillian Murphy | Tailscale – Networking, Aperture & Free Forever Host: Leo Laporte Guests: Haroon Meer, Rob Allen, Bob Boyle, Juan Quesada, Arun Signh, Kasey Babcock, Roeland Delrue, Bill Keeler, Marcus Hutchins, Caitlin Sarian, Chris Hughes, and Jillian Murphy Download or subscribe to TWiT Events at https://twit.tv/shows/twit-events. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit
Is Apple's Passwords app a true contender for your digital life, or does it fall short for tech-savvy households? Find out how it stacks up against premium managers and where it still leaves power users wanting more. How shared password groups work in the Passwords app Step-by-step walkthrough: creating and managing shared groups Apple Passwords sharing vs. third-party apps like 1Password, Bitwarden (TWiT sponsor) Wi-Fi password management and sharing via QR codes Passwords app limitations: organization, secure notes, file storage, platform support Migration challenges from other password managers Travel needs and sensitive data: third-party travel mode vs. Passwords app Who should use Apple's Passwords app and who needs more advanced tools Hybrid approaches: combining Apple Passwords with third-party managers Host: Mikah Sargent Download or subscribe to Hands-On Apple at https://twit.tv/shows/hands-on-apple Want access to the ad-free audio and video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord. Sponsor: threatlocker.com/twit
Is Apple's Passwords app a true contender for your digital life, or does it fall short for tech-savvy households? Find out how it stacks up against premium managers and where it still leaves power users wanting more. How shared password groups work in the Passwords app Step-by-step walkthrough: creating and managing shared groups Apple Passwords sharing vs. third-party apps like 1Password, Bitwarden (TWiT sponsor) Wi-Fi password management and sharing via QR codes Passwords app limitations: organization, secure notes, file storage, platform support Migration challenges from other password managers Travel needs and sensitive data: third-party travel mode vs. Passwords app Who should use Apple's Passwords app and who needs more advanced tools Hybrid approaches: combining Apple Passwords with third-party managers Host: Mikah Sargent Download or subscribe to Hands-On Apple at https://twit.tv/shows/hands-on-apple Want access to the ad-free audio and video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord. Sponsor: threatlocker.com/twit
Is Apple's Passwords app a true contender for your digital life, or does it fall short for tech-savvy households? Find out how it stacks up against premium managers and where it still leaves power users wanting more. How shared password groups work in the Passwords app Step-by-step walkthrough: creating and managing shared groups Apple Passwords sharing vs. third-party apps like 1Password, Bitwarden (TWiT sponsor) Wi-Fi password management and sharing via QR codes Passwords app limitations: organization, secure notes, file storage, platform support Migration challenges from other password managers Travel needs and sensitive data: third-party travel mode vs. Passwords app Who should use Apple's Passwords app and who needs more advanced tools Hybrid approaches: combining Apple Passwords with third-party managers Host: Mikah Sargent Download or subscribe to Hands-On Apple at https://twit.tv/shows/hands-on-apple Want access to the ad-free audio and video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord. Sponsor: threatlocker.com/twit
Is Apple's Passwords app a true contender for your digital life, or does it fall short for tech-savvy households? Find out how it stacks up against premium managers and where it still leaves power users wanting more. How shared password groups work in the Passwords app Step-by-step walkthrough: creating and managing shared groups Apple Passwords sharing vs. third-party apps like 1Password, Bitwarden (TWiT sponsor) Wi-Fi password management and sharing via QR codes Passwords app limitations: organization, secure notes, file storage, platform support Migration challenges from other password managers Travel needs and sensitive data: third-party travel mode vs. Passwords app Who should use Apple's Passwords app and who needs more advanced tools Hybrid approaches: combining Apple Passwords with third-party managers Host: Mikah Sargent Download or subscribe to Hands-On Apple at https://twit.tv/shows/hands-on-apple Want access to the ad-free audio and video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord. Sponsor: threatlocker.com/twit
Is Apple's Passwords app a true contender for your digital life, or does it fall short for tech-savvy households? Find out how it stacks up against premium managers and where it still leaves power users wanting more. How shared password groups work in the Passwords app Step-by-step walkthrough: creating and managing shared groups Apple Passwords sharing vs. third-party apps like 1Password, Bitwarden (TWiT sponsor) Wi-Fi password management and sharing via QR codes Passwords app limitations: organization, secure notes, file storage, platform support Migration challenges from other password managers Travel needs and sensitive data: third-party travel mode vs. Passwords app Who should use Apple's Passwords app and who needs more advanced tools Hybrid approaches: combining Apple Passwords with third-party managers Host: Mikah Sargent Download or subscribe to Hands-On Apple at https://twit.tv/shows/hands-on-apple Want access to the ad-free audio and video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord. Sponsor: threatlocker.com/twit
Passkeys are supposed to make signing in easier and safer, but what happens when it stops working or your device is gone? I'll show you what to do if your passkey fails or is lost and a technique that makes passkeys work everywhere.
What if logging in didn't mean juggling passwords and SMS codes? This episode demonstrates how Apple's Passwords app could make passkeys your new security upgrade and what may help protect your digital life. Understanding and setting up two-factor authentication codes in Passwords How to scan and autofill TOTP codes on macOS and iOS Best practices for migrating 2FA codes from other authenticator apps Passkeys setup, security benefits, and workflow Passkey vs. password: what to expect when logging in Apple security recommendations: flagged, reused, weak, and leaked passwords Prioritizing which flagged passwords to fix first Homework: add verification codes, create a passkey, and fix at-risk accounts Host: Mikah Sargent Download or subscribe to Hands-On Apple at https://twit.tv/shows/hands-on-apple Want access to the ad-free audio and video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord. Sponsor: outsystems.com/twit
What if logging in didn't mean juggling passwords and SMS codes? This episode demonstrates how Apple's Passwords app could make passkeys your new security upgrade and what may help protect your digital life. Understanding and setting up two-factor authentication codes in Passwords How to scan and autofill TOTP codes on macOS and iOS Best practices for migrating 2FA codes from other authenticator apps Passkeys setup, security benefits, and workflow Passkey vs. password: what to expect when logging in Apple security recommendations: flagged, reused, weak, and leaked passwords Prioritizing which flagged passwords to fix first Homework: add verification codes, create a passkey, and fix at-risk accounts Host: Mikah Sargent Download or subscribe to Hands-On Apple at https://twit.tv/shows/hands-on-apple Want access to the ad-free audio and video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord. Sponsor: outsystems.com/twit
What if logging in didn't mean juggling passwords and SMS codes? This episode demonstrates how Apple's Passwords app could make passkeys your new security upgrade and what may help protect your digital life. Understanding and setting up two-factor authentication codes in Passwords How to scan and autofill TOTP codes on macOS and iOS Best practices for migrating 2FA codes from other authenticator apps Passkeys setup, security benefits, and workflow Passkey vs. password: what to expect when logging in Apple security recommendations: flagged, reused, weak, and leaked passwords Prioritizing which flagged passwords to fix first Homework: add verification codes, create a passkey, and fix at-risk accounts Host: Mikah Sargent Download or subscribe to Hands-On Apple at https://twit.tv/shows/hands-on-apple Want access to the ad-free audio and video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord. Sponsor: outsystems.com/twit
What if logging in didn't mean juggling passwords and SMS codes? This episode demonstrates how Apple's Passwords app could make passkeys your new security upgrade and what may help protect your digital life. Understanding and setting up two-factor authentication codes in Passwords How to scan and autofill TOTP codes on macOS and iOS Best practices for migrating 2FA codes from other authenticator apps Passkeys setup, security benefits, and workflow Passkey vs. password: what to expect when logging in Apple security recommendations: flagged, reused, weak, and leaked passwords Prioritizing which flagged passwords to fix first Homework: add verification codes, create a passkey, and fix at-risk accounts Host: Mikah Sargent Download or subscribe to Hands-On Apple at https://twit.tv/shows/hands-on-apple Want access to the ad-free audio and video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord. Sponsor: outsystems.com/twit
Apple's standalone Passwords app gives Keychain a proper home! Ready to clean up your secure digital life? This episode walks you through using Apple's Passwords app to spot weak logins, organize old accounts, and take control of your online security with tools already built into your devices. Quick history: Keychain to iCloud Keychain to Passwords app How to access the Passwords app on iPadOS, iOS, and macOS Passwords app interface tour: categories, search, and shared groups What autofill and notifications options you can enable in Passwords Exploring the main categories: All, Passkeys, Codes, Wi-Fi, Security, Deleted Viewing, editing, and sharing individual logins in the Passwords app Manually adding, updating, or deleting passwords and usernames Using search and sort to find and organize your saved logins How autofill password suggestions work in Safari and system settings Tweaking autofill and 3rd-party password manager integration Homework: review and clean up your Passwords app before next episode Host: Mikah Sargent Download or subscribe to Hands-On Apple at https://twit.tv/shows/hands-on-apple Want access to the ad-free audio and video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord. Sponsor: Melissa.com/twit
Apple's standalone Passwords app gives Keychain a proper home! Ready to clean up your secure digital life? This episode walks you through using Apple's Passwords app to spot weak logins, organize old accounts, and take control of your online security with tools already built into your devices. Quick history: Keychain to iCloud Keychain to Passwords app How to access the Passwords app on iPadOS, iOS, and macOS Passwords app interface tour: categories, search, and shared groups What autofill and notifications options you can enable in Passwords Exploring the main categories: All, Passkeys, Codes, Wi-Fi, Security, Deleted Viewing, editing, and sharing individual logins in the Passwords app Manually adding, updating, or deleting passwords and usernames Using search and sort to find and organize your saved logins How autofill password suggestions work in Safari and system settings Tweaking autofill and 3rd-party password manager integration Homework: review and clean up your Passwords app before next episode Host: Mikah Sargent Download or subscribe to Hands-On Apple at https://twit.tv/shows/hands-on-apple Want access to the ad-free audio and video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord. Sponsor: Melissa.com/twit
Apple's standalone Passwords app gives Keychain a proper home! Ready to clean up your secure digital life? This episode walks you through using Apple's Passwords app to spot weak logins, organize old accounts, and take control of your online security with tools already built into your devices. Quick history: Keychain to iCloud Keychain to Passwords app How to access the Passwords app on iPadOS, iOS, and macOS Passwords app interface tour: categories, search, and shared groups What autofill and notifications options you can enable in Passwords Exploring the main categories: All, Passkeys, Codes, Wi-Fi, Security, Deleted Viewing, editing, and sharing individual logins in the Passwords app Manually adding, updating, or deleting passwords and usernames Using search and sort to find and organize your saved logins How autofill password suggestions work in Safari and system settings Tweaking autofill and 3rd-party password manager integration Homework: review and clean up your Passwords app before next episode Host: Mikah Sargent Download or subscribe to Hands-On Apple at https://twit.tv/shows/hands-on-apple Want access to the ad-free audio and video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord. Sponsor: Melissa.com/twit
Can Microsoft's push for cloud PCs and AI-powered agents redefine where and how we work? If you keep to the defaults, Windows 11 is secure. Copilot+ PC is even more secure. But you can take additional steps to secure it either way, and you should. Plus, Paul's been trying to play different types of games, and Resident Evil Requiem is better (in his opinion) than Silent Hill f and Silent Hill 2 remake... if you want a horror game. Also, there's a cheaper new Audible plan thanks to Spotify! Windows 11 Shenanigans? If you use a third-party AI client in Edge Canary... you will not be amused. Bitwarden (TWiT sponsor) is (possibly the 1st?) third-party password manager to support passkey sign-ins on Windows 11 New Canary, Dev, and Beta builds last Friday- Canary is more of the same, Dev/Beta get shared audio improvements, narrator improvements, new IT policies ASUS and Dell will soon sell Windows 365 Cloud PCs Google is moving Chrome to a two-week dev schedule. Should we assume Microsoft will follow suit with Edge? Dell is up 39 percent, but because of AI servers not PCs NVIDIA revenues up 73 percent to $68.1 billion AI/dev OpenAI closes $110 billion funding round as the AI circle jerk continues Microsoft brings Copilot Tasks to consumer Copilot Google introduces AppFunctions for Android, it's way to make mobile apps work like MCP (be semantic), similar to what Microsoft is doing in Windows Windows App Development CLI updated to 0.02 with Store CLI integration and .NET project support Build 2026 is in San Francisco, as expected, but in June - overlap with WWDC? Xbox and gaming Here come the first Game Pass titles of March Microsoft highlights some indie games to consider Xbox ROG Ally gets AI-based game recaps Legion Go Fold is the star of the new PCs at MWC Sony might be backtracking on its PC games plans Developing: Epic/Google settlement was approved Tips & picks App pick of the week: Resident Evil Requiem Tip of the week: Secure your Windows 11 PC RunAs Radio this week: Hiring in 2026 with Suzi Edwards-Alexander Brown liquor pick of the week: St. Augustine Florida Straight Bourbon Hosts: Paul Thurrott, Richard Campbell, and Mikah Sargent Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsor: threatlocker.com/twit
Can Microsoft's push for cloud PCs and AI-powered agents redefine where and how we work? If you keep to the defaults, Windows 11 is secure. Copilot+ PC is even more secure. But you can take additional steps to secure it either way, and you should. Plus, Paul's been trying to play different types of games, and Resident Evil Requiem is better (in his opinion) than Silent Hill f and Silent Hill 2 remake... if you want a horror game. Also, there's a cheaper new Audible plan thanks to Spotify! Windows 11 Shenanigans? If you use a third-party AI client in Edge Canary... you will not be amused. Bitwarden (TWiT sponsor) is (possibly the 1st?) third-party password manager to support passkey sign-ins on Windows 11 New Canary, Dev, and Beta builds last Friday- Canary is more of the same, Dev/Beta get shared audio improvements, narrator improvements, new IT policies ASUS and Dell will soon sell Windows 365 Cloud PCs Google is moving Chrome to a two-week dev schedule. Should we assume Microsoft will follow suit with Edge? Dell is up 39 percent, but because of AI servers not PCs NVIDIA revenues up 73 percent to $68.1 billion AI/dev OpenAI closes $110 billion funding round as the AI circle jerk continues Microsoft brings Copilot Tasks to consumer Copilot Google introduces AppFunctions for Android, it's way to make mobile apps work like MCP (be semantic), similar to what Microsoft is doing in Windows Windows App Development CLI updated to 0.02 with Store CLI integration and .NET project support Build 2026 is in San Francisco, as expected, but in June - overlap with WWDC? Xbox and gaming Here come the first Game Pass titles of March Microsoft highlights some indie games to consider Xbox ROG Ally gets AI-based game recaps Legion Go Fold is the star of the new PCs at MWC Sony might be backtracking on its PC games plans Developing: Epic/Google settlement was approved Tips & picks App pick of the week: Resident Evil Requiem Tip of the week: Secure your Windows 11 PC RunAs Radio this week: Hiring in 2026 with Suzi Edwards-Alexander Brown liquor pick of the week: St. Augustine Florida Straight Bourbon Hosts: Paul Thurrott, Richard Campbell, and Mikah Sargent Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsor: threatlocker.com/twit
Can Microsoft's push for cloud PCs and AI-powered agents redefine where and how we work? If you keep to the defaults, Windows 11 is secure. Copilot+ PC is even more secure. But you can take additional steps to secure it either way, and you should. Plus, Paul's been trying to play different types of games, and Resident Evil Requiem is better (in his opinion) than Silent Hill f and Silent Hill 2 remake... if you want a horror game. Also, there's a cheaper new Audible plan thanks to Spotify! Windows 11 Shenanigans? If you use a third-party AI client in Edge Canary... you will not be amused. Bitwarden (TWiT sponsor) is (possibly the 1st?) third-party password manager to support passkey sign-ins on Windows 11 New Canary, Dev, and Beta builds last Friday- Canary is more of the same, Dev/Beta get shared audio improvements, narrator improvements, new IT policies ASUS and Dell will soon sell Windows 365 Cloud PCs Google is moving Chrome to a two-week dev schedule. Should we assume Microsoft will follow suit with Edge? Dell is up 39 percent, but because of AI servers not PCs NVIDIA revenues up 73 percent to $68.1 billion AI/dev OpenAI closes $110 billion funding round as the AI circle jerk continues Microsoft brings Copilot Tasks to consumer Copilot Google introduces AppFunctions for Android, it's way to make mobile apps work like MCP (be semantic), similar to what Microsoft is doing in Windows Windows App Development CLI updated to 0.02 with Store CLI integration and .NET project support Build 2026 is in San Francisco, as expected, but in June - overlap with WWDC? Xbox and gaming Here come the first Game Pass titles of March Microsoft highlights some indie games to consider Xbox ROG Ally gets AI-based game recaps Legion Go Fold is the star of the new PCs at MWC Sony might be backtracking on its PC games plans Developing: Epic/Google settlement was approved Tips & picks App pick of the week: Resident Evil Requiem Tip of the week: Secure your Windows 11 PC RunAs Radio this week: Hiring in 2026 with Suzi Edwards-Alexander Brown liquor pick of the week: St. Augustine Florida Straight Bourbon Hosts: Paul Thurrott, Richard Campbell, and Mikah Sargent Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsor: threatlocker.com/twit
Can Microsoft's push for cloud PCs and AI-powered agents redefine where and how we work? If you keep to the defaults, Windows 11 is secure. Copilot+ PC is even more secure. But you can take additional steps to secure it either way, and you should. Plus, Paul's been trying to play different types of games, and Resident Evil Requiem is better (in his opinion) than Silent Hill f and Silent Hill 2 remake... if you want a horror game. Also, there's a cheaper new Audible plan thanks to Spotify! Windows 11 Shenanigans? If you use a third-party AI client in Edge Canary... you will not be amused. Bitwarden (TWiT sponsor) is (possibly the 1st?) third-party password manager to support passkey sign-ins on Windows 11 New Canary, Dev, and Beta builds last Friday- Canary is more of the same, Dev/Beta get shared audio improvements, narrator improvements, new IT policies ASUS and Dell will soon sell Windows 365 Cloud PCs Google is moving Chrome to a two-week dev schedule. Should we assume Microsoft will follow suit with Edge? Dell is up 39 percent, but because of AI servers not PCs NVIDIA revenues up 73 percent to $68.1 billion AI/dev OpenAI closes $110 billion funding round as the AI circle jerk continues Microsoft brings Copilot Tasks to consumer Copilot Google introduces AppFunctions for Android, it's way to make mobile apps work like MCP (be semantic), similar to what Microsoft is doing in Windows Windows App Development CLI updated to 0.02 with Store CLI integration and .NET project support Build 2026 is in San Francisco, as expected, but in June - overlap with WWDC? Xbox and gaming Here come the first Game Pass titles of March Microsoft highlights some indie games to consider Xbox ROG Ally gets AI-based game recaps Legion Go Fold is the star of the new PCs at MWC Sony might be backtracking on its PC games plans Developing: Epic/Google settlement was approved Tips & picks App pick of the week: Resident Evil Requiem Tip of the week: Secure your Windows 11 PC RunAs Radio this week: Hiring in 2026 with Suzi Edwards-Alexander Brown liquor pick of the week: St. Augustine Florida Straight Bourbon Hosts: Paul Thurrott, Richard Campbell, and Mikah Sargent Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Sponsor: threatlocker.com/twit
From generating passkeys and payment autofill to dark web monitoring, today's password managers aren't what you remember. Paul Thurrott breaks down the must-have features and surprising pitfalls for anyone using Windows 11. Host: Paul Thurrott Download or subscribe to Hands-On Windows at https://twit.tv/shows/hands-on-windows Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord. Sponsor: bitwarden.com/twit
From generating passkeys and payment autofill to dark web monitoring, today's password managers aren't what you remember. Paul Thurrott breaks down the must-have features and surprising pitfalls for anyone using Windows 11. Host: Paul Thurrott Download or subscribe to Hands-On Windows at https://twit.tv/shows/hands-on-windows Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord. Sponsor: bitwarden.com/twit
Forget the built-in Windows tools—Paul shares why third-party password managers are the secret to making passkeys smarter, more powerful, and truly universal across all your devices. Host: Paul Thurrott Download or subscribe to Hands-On Windows at https://twit.tv/shows/hands-on-windows Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord. Sponsor: canary.tools/twit - use code: TWIT
Curious about the reality behind Microsoft's passkey promise? Find out how Windows 11's latest update makes your logins both safer and simpler across all your devices, and why Paul Thurrott thinks you shouldn't rely on the default options. Host: Paul Thurrott Download or subscribe to Hands-On Windows at https://twit.tv/shows/hands-on-windows Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord. Sponsor: threatlocker.com/twit
Ready to purge old passwords and shore up your Microsoft account? Paul Thurrott breaks down the tactics hackers hope you'll ignore—and the must-have steps to keep your digital life safe this year. Host: Paul Thurrott Download or subscribe to Hands-On Windows at https://twit.tv/shows/hands-on-windows Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.
Today we're going to talk about a crazy thing that's been bugging the crap out of me called Passkeys and bringing on my right hand, left hand head, top man, low man. I don't know what you call him, Larry Guerrera. It's good to help you figure this stuff out. I know you're seeing more of these all the time. Screw The Commute Podcast Show Notes Episode 1069 How To Automate Your Business - https://screwthecommute.com/automatefree/ Internet Marketing Training Center - https://imtcva.org/ Higher Education Webinar – https://screwthecommute.com/webinars See Tom's Stuff – https://linktr.ee/antionandassociates 00:23 Tom's introduction to Passkeys 01:32 Passwords are broken 06:10 What is a Passkey? 12:35 Generating a Passkey 19:09 This is where you should start 25:25 Many websites are ready to use Passkeys 27:57 Keeping notes to make it easier to remember Entrepreneurial Resources Mentioned in This Podcast Higher Education Webinar - https://screwthecommute.com/webinars Screw The Commute - https://screwthecommute.com/ Screw The Commute Podcast App - https://screwthecommute.com/app/ Screw The Commute Podcast Producer - https://screwthecommute.com/larryguerrera/ College Ripoff Quiz - https://imtcva.org/quiz Know a young person for our Youth Episode Series? Send an email to Tom! - orders@antion.com Have a Roku box? Find Tom's Public Speaking Channel there! - https://channelstore.roku.com/details/267358/the-public-speaking-channel How To Automate Your Business - https://screwthecommute.com/automatefree/ Internet Marketing Retreat and Joint Venture Program - https://greatinternetmarketingtraining.com/ This is the shopping cart system Tom uses! Kartra - https://screwthecommute.com/kartra/ Copywriting901 - https://copywriting901.com/ Become a Great Podcast Guest - https://screwthecommute.com/greatpodcastguest Training - https://screwthecommute.com/training Disabilities Page - https://imtcva.org/disabilities/ Tom's Patreon Page - https://screwthecommute.com/patreon/ Tom on TikTok - https://tiktok.com/@digitalmultimillionaire/ Email Tom: Tom@ScrewTheCommute.com Internet Marketing Training Center - https://imtcva.org/ Related Episodes Slick Signups - https://screwthecommute.com/1037/ One Business Mistake - https://screwthecommute.com/1068/ More Entrepreneurial Resources for Home Based Business, Lifestyle Business, Passive Income, Professional Speaking and Online Business I discovered a great new headline / subject line / subheading generator that will actually analyze which headlines and subject lines are best for your market. I negotiated a deal with the developer of this revolutionary and inexpensive software. Oh, and it's good on Mac and PC. Go here: http://jvz1.com/c/41743/183906 The Wordpress Ecourse. Learn how to Make World Class Websites for $20 or less. https://screwthecommute.com/wordpressecourse/