Insights Into Things Podcasts

00:00:02:15 – 00:00:07:05
Narrator
Insightful podcasts.

00:00:07:07 – 00:00:15:22
Narrator
By informative hosts for own.

00:00:15:25 – 00:00:23:29
Narrator
Insights into things through a podcast network.

00:00:24:01 – 00:00:51:19
Narrator
Welcome to insights into technology, a podcast exploring the latest in computers, networking, home automation, mobile computing and all things technology related. Our hosts will take a deeper dive into the latest and greatest in tech trends, and give you the information you need to enable your tech centric world.

00:00:51:21 – 00:01:22:20
Joseph
This is insights and a technology. Episode 21 hacked, tracked and Fact checked. I’m your host, Joseph Whalen, and this is your Tech News of the week. First up today is an article from Serge Gatlin at Bleeping Computer. The back door brouhaha tells us that Apple has discontinued its advanced data protection feature for iCloud in the United Kingdom, following a government demand for backdoor access to user data.

00:01:22:27 – 00:02:08:27
Joseph
Under the Investigation Investigatory Powers Act of 2016 and ADP, introduced in December of 2022, provided end to end encryption for iCloud data, ensuring only users could decrypt their information. As of February 21st, 2025 and new UK users cannot enable ATP, and existing users will be required to disable it to continue using iCloud services. Apple expressed disappointment, emphasizing the increasing need for robust data security amid rising breaches and privacy threats.

00:02:09:00 – 00:03:02:13
Joseph
Despite this, change and end encryption remains for services like iCloud, keychain, health data, iMessage, and FaceTime. The removal of ATP in the UK has significant implications for businesses relying on Apple’s ecosystem for secure data storage and communication. Organizations may need to reassess their data protection strategies, especially those handling sensitive information subject to regulatory compliance. The potential for government access to corporate data could deter businesses from using iCloud services, prompting a shift toward alternative solutions offering robust end to end encryption without backdoor access.

00:03:02:15 – 00:03:32:01
Joseph
So this brings up the entire discussion around data sovereignty and compliance. How does the UK’s demand for backdoor access affect multinational companies compliance with data protection regulations? Well, ironically enough, this is one of the main reasons why TikTok was pending a ban in the United States because China had this level of access to users data and it was deemed a national security threat.

00:03:32:03 – 00:04:07:05
Joseph
How the UK now demanding this access isn’t a national security threat is is kind of questionable. So companies must navigate conflicting laws between jurisdictions, balancing UK requirements with obligations under regulations like GDPR. So the suggestion here is really to implement data localization strategies and consult legal experts to ensure compliance across regions. This is where things tend to get a little gray here.

00:04:07:05 – 00:04:40:00
Joseph
And you’re going to need to bring in more legal savvy, less tech savvy people to sort some of this stuff out. I think. This also draws into question the trust in cloud services. There’s been this massive push to move everything to the cloud now for for my company, because we’re a DoD contractor, one of the requirements that we have is all of our data needs to be housed within the United States and only accessible to staff members that are in the United States, and in our case.

00:04:40:03 – 00:05:16:02
Joseph
We do a lot with Azure. So all the Microsoft, it must be, you know, American based servers and, employees that are dealing with it for us. But the question remains, will the removal of end to end encryption impact trust in cloud providers? And I think the answer is absolutely. You’re not going to find commercial or enterprise companies that are going to trust their data to cloud providers in areas where do you could potentially have back doors to the data access.

00:05:16:05 – 00:05:37:18
Joseph
And the fundamental problem with this whole philosophy is that as soon as you break encryption, as soon as you put a backdoor in for the purpose of the government using it, that is immediately available for the bad guys too. And the bad guys are already getting in the data left and right as it is. You don’t want to make it easier for them.

00:05:37:21 – 00:06:08:03
Joseph
Businesses may question the confidentiality of their data stored in the cloud, leading to potential shifts towards on premises solutions. Again. Now we we run a hybrid solution at my company. So I’m I’m less concerned about this than I would be under normal circumstances. But the lack of trust in cloud services that this is going to garner is going to have a significant impact on cloud adoption.

00:06:08:05 – 00:06:38:05
Joseph
Cloud providers should enhance transparency about their data access policies and invest in security measures to rebuild trust. The problem is, is that the genie is out of the bottle. With encryption. You can’t make it go away. At this point. You’ve got. Political wrangling. You’ve got law enforcement agencies. You’ve got all these people who are up in arms about encrypting your data.

00:06:38:07 – 00:06:57:10
Joseph
But, you know, it’s funny. If you go to these lawmakers and you tell them we’re giving your Social Security or whatever the equivalent is in the UK, and give me your home phone number and your home address and your bank account information. I guarantee you they don’t want to give it to you, but they’re asking everyone else in the country to give it to them.

00:06:57:12 – 00:07:35:13
Joseph
That’s a bit of a, quandary that they’re in there from a hypocritical standpoint. I don’t know if this is going to fly. It’s certainly going to have far reaching repercussions on the industry itself. And, you know, it’s I think it’s going to have a significant impact, more of an impact politically than I think anything else, because I think you’re going to find the politicians who are pushing for this may find themselves out of a job when when users realize they’re losing these rights and these privacy battles to politicians.

00:07:35:15 – 00:08:14:25
Joseph
We’ll see where it goes. Should be interesting. Next up is a record as a story from the records. Suzanne Smalley, when I pranks go toe to toe with security. On February 24th, 2025, employees at the U.S. Department of Housing and Urban Development, or HUD, were met with an unexpected display an AI generated video depicting President Donald Trump kissing Elon Musk’s feet, accompanied by the caption quote, long live the real king, unquote.

00:08:14:28 – 00:08:45:10
Joseph
This video looped for approximately five minutes on screens throughout the HUD headquarters, before staff managed to unplug the displays to halt the broadcast. The incident coincided with the mandated return to work office work, and ongoing tensions within federal agencies due to proposed workforce reductions and recent directives from Musk, who leads or does he lead the Department of Government Efficiency?

00:08:45:10 – 00:09:33:19
Joseph
That seems to be up in up in the air right now as to whether or not he leads it. A HUD spokesman, Casey Lovett, condemned the event as a misuse of taxpayers resources and indicated that appropriate actions would be taken. This event underscores the vulnerabilities present in organizational I.T infrastructures, even within the federal agencies. The unauthorized broadcast of manipulated media highlights the potential for similar attacks in commercial and enterprise environments, where the dissemination of false information could lead to reputation damage, operational disruptions, and security breaches.

00:09:33:21 – 00:09:54:29
Joseph
It emphasized the necessity for robust cybersecurity measures, including regular system audits, employee training, and security protocols, and the implementation of advanced threat detection systems to prevent unauthorized access and content manipulation.

00:09:55:01 – 00:10:33:12
Joseph
So obviously, when when a breach like this does happen, you have to look at enhancing your security protocols. What you have in place obviously is not getting the job done. So how can organizations strengthen the defenses against unauthorized access to internal communication systems? Regular audits, strict access control, and continuous monitoring are essential to identify and mitigate vulnerabilities, but organizations need to implement multi-factor authentication and conduct regular employee training to recognize and report security threats.

00:10:33:15 – 00:11:03:03
Joseph
Now, this kind of highlights the risks of AI generated content. We’ve seen some of these risks already in the wild. What challenges to AI generated media such as deepfakes pose to organizational integrity? We’ve seen deepfakes being used for fraud to to con people out of money, and for various other things. Deepfakes can spread misinformation, damage reputations, and erode trust in official communications.

00:11:03:06 – 00:11:43:03
Joseph
Organizations need to develop and deploy AI based detection tools to identify and flag manipulated media content promptly. As far as I know, this video in question was also transmitted and broadcast across several social media platforms as well. So it’s obviously wasn’t restricted to just the HUD system. This also requires organizations to take a look at their incident response planning as well, or current incident response plans adequate to address unconventional attacks like unauthorized media broadcasts.

00:11:43:06 – 00:12:15:12
Joseph
Many plans focus on data breaches, but may not account for attacks on communications channels. In the event of a breach, your communications channels are really the most vulnerable at that point in time because they’re the most required. There’s there’s a need to notify victims, the public, contractors, customers, you know, if you if your communication channels are under attack or worst case scenario, they’re being manipulated like this.

00:12:15:14 – 00:12:46:21
Joseph
The messaging that you send out in a breach could be a real issue. Expand your incident response strategies to include protocols for handling and mitigating the impact of information manipulation attacks. The effective you know, I don’t know how much in this case here, but there is an effect on employee morale and internal communications as well. You start to question the official channels and the official communications that come out.

00:12:46:24 – 00:13:25:00
Joseph
How does such security breaches affect employee trust and morale within an organization? I think it’s a valid question. Exposure to unauthorized and potentially offensive content can create a hostile work environment and diminish trust in the organization’s ability to protect itself and its staff. Organizations that are victimized by this need to maintain open lines of communication, provide support, resources, and involve employees in developing security practices to foster a culture of trust and resilience.

00:13:25:03 – 00:13:50:26
Joseph
Now, this is, I would say, almost a harmless example of a breach like this, but it certainly can be an embarrassing one. And again, you know, some people may have found that offensive. I think the content itself was relatively tame and obviously taken, for its satirical nature. But the fact of the matter is, there was a breach internally, I know, in that investigations for going further.

00:13:50:26 – 00:14:17:17
Joseph
There was an announcement today that the, perpetrator had been identified. I don’t know if they’d been apprehended or what the status is on that. We might follow up on that in a future episode to kind of close the gap on it. But what do you think? What what are your thoughts on somebody? Obviously disgruntled at what’s going on with the changes in the government right now?

00:14:17:17 – 00:14:49:01
Joseph
And possibly a bone to pick with the current administration? What are your thoughts on someone doing something like this that was not costly from a breach standpoint, but was certainly a violation of security protocols. Do you think they should be, you know, the full extent of the law should be brought against them. Do you think a disgruntled employee should have the right to make some kind of protest statement like this?

00:14:49:01 – 00:15:16:12
Joseph
Is this a protest statement, or is this just a straight up hack? I’d love to get your thoughts on it. Next up we have an article from Carly Page at TechCrunch. When the screen door breaks, the DSA Global Solutions, a prominent US employee screening and drug testing firm, has disclosed a data breach affecting more than 3 million individuals.

00:15:16:15 – 00:16:08:16
Joseph
The breach, discovered in on February 9th of 2024, allowed hackers to infiltrate the company’s network and access sensitive personal information, including social security numbers, dates of birth and medical histories. The unauthorized access remains remained undetected for over a year, raising significant concerns about data security and monitoring practices within the organization. This incident underscores the critical importance of robust cyber security measures in organizations handling sensitive personal data, and I don’t know of any organization that doesn’t, on some level, handle personal sensitive data for enterprises, especially those in sectors like employee screening and health care.

00:16:08:19 – 00:16:49:10
Joseph
The breach highlights vulnerabilities in data protection protocols and the potential for prolonged, undetected intrusions. The financial and reputational repercussions of such breaches can be severe, emphasizing the need for continuous monitoring, regular security audits, comprehensive incident response plans. The fact that this was such a lengthy, undetected period, now they’re claiming that they just detected this now. But that’s over a year that this has been in the wild or been breached.

00:16:49:13 – 00:17:15:21
Joseph
The hackers maintained access to the DSA network for over a year without detection, which raises questions about the effectiveness of the company’s security monitoring and intrusion detection systems. And, you know, it’s very difficult once someone gains access to your system if they’re smart to detect them. Most most attackers are not going to aggressively do anything within the network.

00:17:15:24 – 00:17:40:02
Joseph
Once they get a foothold in, they’re going to come in. They’re going to secure their entry points into the network itself. They might erase any tracks, any logs or anything like that of their breach. And then a lot of times you’re just going to sit there and soak up data like a sponge and start exfiltrating it. And once they get into that mode, it’s very difficult to detect them.

00:17:40:02 – 00:18:06:03
Joseph
You can throw honeypots in there and, use intrusion detection and, defense systems. But a lot of systems, if the attackers smart will not pick them up unless they do something significant. You look at an excessive amount of data extracted, you look at usage patterns on user accounts that are accessing data they might not normally be accessing and so forth.

00:18:06:06 – 00:18:40:03
Joseph
The scope of the compromised data was significant as well. The breach involved highly sensitive information, including social security numbers and medical histories, all of which can be used for identity theft and account exposures and so forth. This particular exposure of this data increases the risks of that identity theft and fraud. And it’s one of those things where it’s been out there for over a year now, which is just flabbergasting.

00:18:40:06 – 00:19:21:04
Joseph
And once it’s out there at all, the level of risk to the victims is increased. But when it’s out there for that long a time, I can only imagine the various underground markets. This data was probably sold and traded on. This also draws into question regulatory and legal implications. Handling sensitive personal data comes with stringent regulatory requirements. This breach may lead to legal actions and fines, prompting discussions on compliance and the adequacy of existing data protection laws.

00:19:21:07 – 00:19:45:24
Joseph
We don’t probably need more laws, but the laws that we have, at least in the United States, may need to be revised for their penalty portion. One of the things that GDPR is known for at this point in time is how severe their penalties can be, and that’s been demonstrated with a few select examples of very expensive breaches.

00:19:45:27 – 00:20:19:26
Joseph
Something like that may be needed over here in the United States as well, in around the world. I mean, if there’s no consequences to poor security, no one’s going to spend the money and the time and invest the effort to improve it. So what preventative measures and enterprises use in this incident serves as a reminder for companies to implement advanced security measures, penetration testing, cybersecurity training for your employees, the adoption of a zero trust architecture like we had covered previously.

00:20:19:28 – 00:20:44:09
Joseph
But at a minimum, you should be doing your multi-factor authentication, enforcing strong, password security. But this is one of those situations. Or, you know, it’s it’s hard to close the door once the horse is out of the barn here, but you have to go back and learn from your mistakes and keep things going. The last thing you want to do is have this type of thing occur multiple times.

00:20:44:12 – 00:21:11:19
Joseph
You’re already eroding your trust in your customers and employees. So we’ll see where this goes here. Hopefully we will see this type of thing minimized moving forward. But the aggressive nature of the attackers out there seems to suggest against that. We’re going to take a quick break now. But, before we go, I want a real quick invite folks to reach out, give us your feedback, tell us how we’re doing.

00:21:11:21 – 00:21:50:09
Joseph
You can email us at. Comments and insights into things.com. You can also call in and leave a voicemail for us. We’d love to get you on the show. You can reach us at eight, five, 64038788. That’s (856) 403-8788. Or you can find links to all of our contact points on our website at WW Ww.w that insights into things.com. We’ll be right back.

00:21:50:12 – 00:22:11:01
Narrator
Are you tired of your favorite gaming podcast finishing with a play? Oh no. Well, check out no credits roll where we play the games but rarely finish them. How’s it going folks? I’m Sam Whalen, your friendly host at No Credits rolled The Ultimate Gaming podcast, where we dish out the latest scoops and reviews on all your beloved video games.

00:22:11:03 – 00:22:33:09
Narrator
Hey, listen, not only that, but we spice things up with some guest interviews and even give you, yes, you a chance to have your say. Tune in every other week for a fresh dose of no credits roll available on all major podcast platforms, and hit us up on social media at no credits rolled. So why wait? Let’s dive into the gaming world together.

00:22:33:09 – 00:22:39:11
Narrator
We’re finishing games is optional, but the fun is guaranteed.

00:22:39:13 – 00:22:47:13
Narrator
We.

00:22:47:15 – 00:23:22:26
Joseph
Welcome back to insights into Technology. Our next story comes from Jason Kobler at 404 media. He tells us the right to repair revolution is underway and a significant milestone for consumer rights. All 50 states in the United States have now introduced right to repair legislation aiming to green consumers and independent technicians access to necessary tools, parts and information for repairing electronic devices, agricultural equipment, medical devices and more.

00:23:22:28 – 00:24:04:16
Joseph
While not all bills have been enacted, the nationwide legislative effort underscores a robust grassroots movement advocating for repair, autonomy and reduced electronic waste. The widespread adoption of right to repair laws holds considerable implications for commercial and enterprise computing sectors. Organizations often manage extensive inventories of electronic equipment, and the ability to repair devices in-house or through third party services can lead to significant cost savings and extended hardware lifespans.

00:24:04:18 – 00:24:45:20
Joseph
However, enterprises must also navigate potential challenges such as ensuring the repairs don’t compromise device security or violate warranty agreements. So the cost implications for enterprises obviously is significant. Here. How will the right to repair laws affect maintenance budgets of large organizations, and for facilitating in-house or third party repairs, can reduce reliance on manufacturers services, potentially lowering cost? A lot of times if you have a device that is out of warranty, you have to go back to the manufacturer.

00:24:45:20 – 00:25:08:04
Joseph
Apple is famous for this, and I’m not going to just bash on Apple, but that’s the first company that comes to mind with this. You have to go back to Apple and Apple charges a premium for the work that they do. So when you go back to Apple to repair a phone or tablet or laptop or whatever it is, you’re paying Apple fees for that.

00:25:08:04 – 00:25:37:06
Joseph
And there are people out there that don’t charge as much as Apple does for labor. Long as you can get the parts for, you can get someone to fix it, and this is going to significantly open up repair options and reduce costs. Hopefully, enterprises should assess their current maintenance expenditures and explore partnerships with certified independent repair providers to optimize savings.

00:25:37:08 – 00:26:09:19
Joseph
So there are security concerns with third party repairs. Do third party repairs pose security risks to enterprise devices? Unauthorized repairs might introduce vulnerabilities or compromise sensitive data. One of the things you run into with a lot of modern technology is you have security features built into them, whether they’re secure enclaves or biometric interfaces that you have to deal with and these components on the devices.

00:26:09:23 – 00:26:38:05
Joseph
Take a phone, for instance, that might have a fingerprint reader on it. The fingerprint readers themselves are often times keyed to the other hardware there. So when you replace a piece of hardware, you can potentially break some of the security that’s built into the devices themselves. The other problem you run into is when you turn your device over to a third party company for repair, the chance of them having access to data that’s on there.

00:26:38:05 – 00:27:06:10
Joseph
If they’re sensitive, data is extremely high. So implement stringent vetting processes for third party technicians and establish clear protocols to protect data during repairs. Make sure your drives are encrypting. You’re not giving your passwords out, or wipe the drives back to back the devices up. Wipe the devices if you can, and then send them. Sometimes you’re just dealing with a broken screen here, and there’s ways to get into the device.

00:27:06:10 – 00:27:26:17
Joseph
And, and put it in the maintenance mode and do what you need to do. The other issue that you have to be concerned with is manufacturer warranties. Well, if my device is under manufacturer warranty, first thing I want to do is reach out to the manufacturer. It should be covered parts and labor should be covered under most manufacturer warranties.

00:27:26:20 – 00:27:50:01
Joseph
The only time this becomes an issue really is when warranties are either not comprehensive. You know, you may have, an extended warranty on a laptop, but that warranty, for some reason, might not cover, a drop screen, a screen from a dropping. You may have to pay for the hardware for it. That’s where you tend to run into these types of issues.

00:27:50:03 – 00:28:14:22
Joseph
Some warranties may be voided if unauthorized repairs are performed, so you may be kind of shooting yourself in the foot there. If you go to a third party repair center to have them fix your devices, if they were under warranty, they might not be anymore. So you need to review your warranty terms carefully and advocate for legislative provisions to protect warranty rights as well.

00:28:14:22 – 00:28:39:10
Joseph
That’s probably the next step in this whole thing. The other concern is supply chain and availability of parts in the market meet the increased demand for repair parts and tools. I don’t think you’re going to see a a glut in the market or a major run on the market here, right? I don’t think people are going to actively damage their devices just because they can support them themselves now.

00:28:39:12 – 00:29:12:20
Joseph
And obviously, you have to assume that devices need to be repaired as it is now and in the markets meeting those. But enterprises might consider stocking essential components and collaborating with suppliers to ensure steady parts inventory. If you’ve got a remote sales force that’s standardized on Android phones, and you see a high percentage of screens that are damaged or batteries that are dying, you might want to keep those in stock and buy those ahead of time for the devices that you have.

00:29:12:22 – 00:29:41:29
Joseph
And the other consideration here is the environmental and sustainability considerations. How does the right to repair align with corporate sustainability goals? If your corporation is concerned about that? Enabling repairs extends the device’s lifespan and reduces electronic waste, and it reduces the environmental impact. That might not be important to your company, but it’s definitely a selling point on the entire thing.

00:29:42:01 – 00:30:06:08
Joseph
I think, you know, on all we’re getting to a point now where these considerations, like you used to be able to you used to be able to repair your stuff and, you know, used to be able to replace your batteries. The one of the earlier smartphones that I had, I had a, Samsung Evo, I think it was HTC Evo.

00:30:06:10 – 00:30:30:25
Joseph
And not only could you replace the battery, but you could put extended batteries on there. You had a lot of flexibility. You could you could, add additional memory to the devices. And this the to bring cost down and features up. A lot of this stuff is going away and your batteries are soldered in now. And in a lot of cases your memory and storage are built on the board right now.

00:30:30:27 – 00:30:54:02
Joseph
So it’s difficult to maintain these things yourself. It’s just like automobiles, you know, it’s gotten to a point where you need a certified technician to deal with any of this stuff now. So I think we’re moving in the right direction. I think having certified third parties handle these types of things is a good move, but obviously there’s more work that needs to be done here.

00:30:54:02 – 00:31:32:10
Joseph
And not all the states have enacted and put these laws into place just yet. But there’s movements in all 50 states, which is a good sign. Our next story comes from Zac Bowden at Windows Central. Microsoft Microsoft Office Experiment adds access and aggravation. Question mark Microsoft has begun testing a free, ad supported version of its office suite for windows users in select regions, including India.

00:31:32:12 – 00:32:12:11
Joseph
This version allows access to core applications like word, Excel, and PowerPoint without a Microsoft 365 subscription. However, it includes persistent banner ads and periodic 15 second video advertisements. Additionally, users are required to save documents exclusively to OneDrive as local storage options are disabled. Feature limitations include the absence of advanced tools such as drawing and design functionalities, and word and restricted capabilities in Excel and PowerPoint.

00:32:12:13 – 00:32:42:20
Joseph
But Microsoft has stated that this is a limited test with no immediate plans for a broader rollout. The introduction of an ad supported office. We could influence software deployment strategies within businesses. While the free version may appeal to small businesses and startups with limited budgets, the embedded advertisements and restricted features may not meet the productivity and security standards required by larger enterprises.

00:32:42:22 – 00:33:21:21
Joseph
Organizations must weigh the cost savings against potential drawbacks such as reduced functionality and possibly data privacy concerns associated with mandatory OneDrive storage. The idea of ad supported software in a professional setting isn’t new, but it’s also not particularly popular either. Can add support of applications, maintain productivity levels in a business environment while advertisements may distract your employees, potentially reducing efficiency.

00:33:21:23 – 00:33:32:14
Joseph
Businesses should assess whether cost savings justify the potential for decreased productivity due to ad interruptions.

00:33:32:16 – 00:34:10:03
Joseph
What are the implications of requiring OneDrive for document storage? A lot of people may have concerns about their mandatory cloud storage. Raises concerns about data sovereignty, which we talked about already, and compliance with industry specific regulation. Enterprises should evaluate their data, policies to ensure that using OneDrive aligns with their privacy and compliance requirements. How do these restrictions, how do the restricted functionalities impact business operations?

00:34:10:05 – 00:34:45:21
Joseph
The absence of advanced features may hinder tasks that rely on specialized tools affecting workflow efficiency. You need to identify critical features necessary for your operations and determine if the free version meets those needs. I mean, you’re kind of scraping the bottom of the barrel if you’re going with a free version of office at this point, the monthly cost of an office 365 subscription is fairly reasonable for small businesses, at least in my opinion.

00:34:45:23 – 00:35:15:12
Joseph
Is the free version a viable option for small businesses? A lot of small businesses just don’t have a budget for recurring costs like that. Microsoft has all but eliminated the option of buying office licenses outright now, so you’re kind of limited. There. While cost savings are attractive, limitations in the functionality and a potential security got to be considered, there, small businesses should conduct a thorough analysis to sign up.

00:35:15:12 – 00:35:48:08
Joseph
The free version aligns with their operational requirements and growth plan. You have to kind of question Microsoft’s market strategy here for what’s the move indicate about Microsoft’s approach to software accessibility. Offering a free, ad supported version may be an attempt to reach a broader audience than compete with alternative office suites. You know, there are numerous free suites out there open Office and Libra office, which I think used to be open office.

00:35:48:10 – 00:36:25:28
Joseph
So it’s hard to kind of justify going with a free limited version with all these downfalls and the fact that, you know, Microsoft is pushing this as I don’t know what direction they’re going, I can’t imagine that this is a desired it certainly isn’t a profitable direction, nor do I think you’re going to upsell people on licenses by giving them, you know, your free trial treat type thing here, especially when you’re throwing ads at them and you’re limiting the functionality of anything, you’re going to turn people off from using your product.

00:36:26:01 – 00:36:54:02
Joseph
So I don’t know where Microsoft is going with this. Monitoring the adoption and feedback from this task could provide insights into market demand for flexible software solutions. I don’t think an ad supported software is something that’s going to fly in a professional environment. Home users sure, I could totally see home users opting to go this route. They don’t need the advanced features.

00:36:54:04 – 00:37:25:12
Joseph
Home users tend to be far more tolerant of ad supported services as it is, and most home users either aren’t concerned as much about cloud storage for security reasons, or they just aren’t aware that it’s a it’s a risk. So I could totally see it being more of a consumer side rather than a commercial side. Our next article comes to us from West Davis at The Verge.

00:37:25:15 – 00:37:59:27
Joseph
Alexa, plus your new AI, BFF, or just another subscription. Amazon has introduced Alexa plus, they’ve talked about it for some time now. It’s an advanced version of its voice assistant, enhanced with generative AI capabilities. Because everything’s better with AI, right? Priced at 1999 per month or included with an Amazon Prime membership, Alexa Plus offers a more natural conversational experience and expanded functionalities.

00:38:00:00 – 00:38:47:15
Joseph
Users can now order groceries, send in, event invitations, and control smart home devices through intuitive voice commands. The assistant also integrates with various applications, allowing tasks like booking tickets and creating itineraries. Additionally, Alexa Plus can utilize I’m Sorry. It can analyze documents and generate music in collaboration with AI partners. This upgrade signifies a significant leap from the original Alexa positioning Amazon competitively in the evolving, AI driven assistant market.

00:38:47:17 – 00:39:32:10
Joseph
The launch of Alexa Plus highlights the growing integration of AI driven assistants in both consumer and enterprise environments. For businesses, this development opens avenues for creating more interactive and personalized customer experiences. Enterprises can leverage Alexa Plus to streamline operations, enhance customer service, and develop innovative applications that utilize its advanced capabilities. However, the introduction of a subscription model may influence how businesses adopt and integrate these technologies, potentially affecting budgetary and strategic planning.

00:39:32:12 – 00:40:08:25
Joseph
So this inscription model itself isn’t really appealing to most people. With it priced at 1999 a month, it’s a little expensive compared to what the other full functional AI subscriptions will get you really. Inclusion of the service and Amazon Prime Drive higher engagement probably. I could see a lot of people who are running Amazon products at home for smart home use and so forth, but have Prime memberships already.

00:40:08:28 – 00:40:30:27
Joseph
Taking advantage of this, I don’t know if that’s going to help with adoption in the commercial or enterprise space. I don’t think there’s a lot of adoption already for AI assistants or assistants in general, I should say technical assistants, virtual assistants.

00:40:30:29 – 00:41:14:03
Joseph
What are these AI enhanced capabilities? The ability for Alexa Plus to perform complex tasks such as document analysis and AI itinerary planning, showcases some of the AI enhancements, but but that’s. I have an Amazon A in my studio here, and clearly she’s listening to me say her name over and over. I don’t think that’s a selling point, because you get those types of services with Copilot and ChatGPT and and various other already best of breed solutions out there that you don’t need to have a special device to interface with.

00:41:14:05 – 00:41:43:09
Joseph
The integration with third parties is is probably one of the higher points from the consumer side of things. Collaboration with partners like OpenTable and Uber indicates a trend towards more seamless service integration. But the real question comes down to data privacy and security, as always, seems to be the case as they become more integrated into daily life and business operations.

00:41:43:11 – 00:42:12:18
Joseph
What measures should be in place to protect user data to ensure compliance with privacy regulations? Already people are complaining that your, your, virtual assistants are listening to them. My wife swears when we have a conversation about something and the next day she’s getting advertisements on her phone talking about those things that, you know, our assistants around the house are snooping on us.

00:42:12:20 – 00:42:45:11
Joseph
You don’t really have control. I know Karen, Amazon settings allow you to go in and remove searches and stuff like that, but if you’re involving documents here or itinerary plans or, travel plans or anything like that, that’s the only information that’s going out there to the cloud that obviously number one is going to be used and sold and exploited, however possible, because that’s the way information is these days.

00:42:45:13 – 00:43:18:29
Joseph
But it’s entirely possible that that information can be used for malicious stuff. If, for instance, you plan your entire trip through your AI assistant and somebody gets access to that, they know when people are available, when the house is empty, when you’re going to be out of town. So security like that is definitely a significant concern. I don’t see this going too far, commercial and enterprise wise, at least not in its current form.

00:43:19:01 – 00:43:46:03
Joseph
But I could see this being adopted enthusiastically on the consumer side. But yet people need to know what the risks are, and you need to take proper precautions. And we’ll see where this goes. And this may be another, nice to have thing that isn’t adopted, and Amazon may cancel it moving forward, as they did with some other services they did recently.

00:43:46:06 – 00:44:02:27
Joseph
We’re going to take another quick break here, and then we’re going to come back and finish up our deep dive on password security.

00:44:03:00 – 00:44:21:01
Narrator
Insights into entertainment a podcast series taking a deeper look into entertainment and media. Our husband and wife team of pop culture fanatics are exploring all things, from music and movies to television and fandom.

00:44:21:03 – 00:45:05:25
Narrator
We’ll look at the interesting and obscure entertainment news of the week. We’ll talk about theme park and pop culture news. We’ll give you the latest and greatest on pop culture conventions. We’ll give you a deep dive into Disney, Star Wars, and much more. Check out our video episodes at youtube.com. Backslash insights into things. Our audio episodes and podcast insights into entertainment.com, or check us out on the web at Insights into things.com.

00:45:05:28 – 00:45:30:29
Joseph
So what is the future of authentication? Well, on all things being equal, it looks like we’re going to be moving beyond passwords. I think there’s a need for it I think the technology is finally there. And I think the idea of username and passwords has already come and gone. Just a lot of people haven’t recognized that and accepted it.

00:45:31:01 – 00:46:12:04
Joseph
The traditional username password model is increasingly seen as insecure and inconvenient, prompting a shift toward more advanced authentication methods. The future of authentication focuses on passwordless security, behavioral biometrics, and AI driven enhancements while addressing challenges in usability and adoption. Passwordless authentication or eliminating passwords for stronger security measures, replaces traditional passwords with more secure and user friendly rapids.

00:46:12:07 – 00:46:53:02
Joseph
These could include biometric authentication such as fingerprints and facial recognition. I think, Apple’s face I.D. or Windows Hello. It could include iris scanning and voice recognition. We have hardware security tokens, physical devices like Uber Keys, which my company recently started to adopt, or the Google Titan security key, which provides cryptographic authentication. You have open standards like Fido too, and web often these are open standards allowing users to log in using biometrics or security keys.

00:46:53:02 – 00:47:19:00
Joseph
And instead of passwords that aren’t, these are. Nonproprietary and, available to anyone. The other option you have that people are exploring now are magic links or one time passwords. Your OTP, where users receive an email or an SMS with a temporary login link or code.

00:47:19:02 – 00:47:56:02
Joseph
Why does all this matter? Well, passwordless authentication reduces the risks of phishing, credential stuffing, and brute force attacks by eliminating password reliance. These are all things that we talked about in a previous episode. What place does behavioral authentication have on security based on, behavioral authentication continuously analyzes how users interact with their device rather than relying on static credentials.

00:47:56:04 – 00:48:38:11
Joseph
It looks at keystroke dynamics, your typing speed, your rhythm, your pressure. It’ll look at, mouse and touch patterns, our users navigating an interface. It’ll look at location and device recognition, identifying logging from unusual locations or devices. It’s AI driven anomaly detection, where machine learning flagging suspicious activity based on user behavior. A couple of UK use cases would include banking and finance to prevent authorized transactions, enterprise security, detecting compromised employee accounts and on e-commerce and payment platforms.

00:48:38:11 – 00:49:23:20
Joseph
Preventing fraud without disrupting user experiences. Behavioral authentication provides continuous security monitoring, making it difficult for attackers to replicate a user’s behavior. So what’s the role? We talk about AI on this podcast a lot. What is the role of AI in password security moving forward? Well, artificial intelligence. Is transforming authentication through adaptive security measures in real time threat detection AI powered threat detection identifies and blocks credential stuffing and phishing attacks.

00:49:23:22 – 00:50:07:12
Joseph
It recognizes bot driven login attempts that mimic human behavior. AI powered password managers create secure, unique passwords. Adaptive authentication adjusts security levels based on risk assessment. And predictive security and risk based authentication detects compromised credentials in breach databases. AI models predict potential security threats based on login patterns, so AI enhances authentication by making security more proactive, more intelligent, and resistant to cyber threats.

00:50:07:15 – 00:50:52:04
Joseph
Of course, as with any technology, there are limitations and challenges to passwordless systems. Despite all the benefits, there are several hurdles to face adoption and compatibility. Obviously, as one, legacy systems still rely on passwords requiring a gradual transition. And I would go even further and say that it doesn’t just require a gradual transition. It’s there’s an uphill battle in a lot of cases, not so much with the technology side of the business, but with senior management that has to sign off on the funding for projects like this.

00:50:52:06 – 00:51:27:07
Joseph
There’s this perception that what we have is good enough. We don’t need anything better. So it’s important to try to sell the risks involved in password management as legitimate risks to the business and what those potential outcomes could be. There’s also device dependency losing a hardware key, which I had a user thought they lost one this week. Or a biometric device can result in lockouts, which, you know, we talk about security and convenience.

00:51:27:07 – 00:51:52:22
Joseph
And when you’re starting to lock users out for losing a piece of technology, you can cause disruptions to work patterns. You also have privacy and biometric security. Unlike passwords, biometric data can’t be changed. If it’s compromise is something you get your fingerprint or your iris scan, or, has a facial scan of you, you can’t go in and change that.

00:51:52:24 – 00:52:22:09
Joseph
And that’s a real, real issue. So this is where multifactor authentication comes in, where your biometric security is just one aspect of it. There’s also user resistance. And we’ve we’ve talked about that uphill battle with users. Nobody likes change right. And I think a lot of it people have have come to that conclusion. Some users are hesitant to adopt new authentication methods due to unfamiliarity.

00:52:22:11 – 00:52:50:25
Joseph
People don’t want to carry a form around with them. They don’t want to have their biometrics scanned for something for the company. Then there’s obviously the cost and the implementation complexity that has to be dealt with. Enterprises must invest in new authentication infrastructure, new hardware, perhaps new tokens that have to be given out to people. You have to deal with replacement of those, failure of those, and so forth.

00:52:50:28 – 00:53:17:10
Joseph
In general, organizations need to balance security, usability and accessibility, ensuring backup recovery options for users who lose access. You have to have this plan in place before you try to implement anything, and really, before you try to even sell the idea to your senior management, you need to be able to answer these questions. So what is the future of passwordless?

00:53:17:12 – 00:53:40:02
Joseph
Well, passwordless authentication is going to become the new standard and relatively soon reducing the risk of stolen credentials behavior authentication. And I will enhance security while improving user experiences. Hopefully.

00:53:40:05 – 00:54:11:29
Joseph
Relying on password managers to generate and secure credentials securely is certainly a key to help the process. We talked about that previously. You need to beware of phishing scams and double check suspicious login requests. You need to enable your multifactor authentication everywhere possible. And that’s not just for internal, that’s for external as well. A lot of us have to manage vendor control, vendor accounts, vendor portals.

00:54:12:01 – 00:54:34:28
Joseph
When that happens, you need to make sure you’re employing all the same security protocols externally that you do internally, you have to act fast. If your passwords compromised, you can get dark web notifications now with password compromises for popular accounts. When that happens, you need to make sure you get out there and get your accounts changed or deactivated.

00:54:34:28 – 00:55:07:23
Joseph
If you have to. By following these recommendations, you can dramatically reduce the risk of cyber threats while keeping your online accounts safe. So we’re stuck with security by password for right now. There are methods to deal with it, to improve it, to enhance it. But ultimately, you know, it’s not going away anytime soon. But when it does, we need to be ready for the newer technologies, and you need to have a plan in place to implement them and get your company on board with them.

00:55:07:25 – 00:55:27:27
Joseph
So I think that was all that we had today. I think that, finishes up our password discussion. We can move on to some other topics for now. Before we do wrap up the episode, I had, one shout out to do to Bananarama, who followed us on Twitch this week. Thank you very much for that.

00:55:27:29 – 00:55:58:01
Joseph
Before we go, I want to, once again implore our listening and viewing audience. If you don’t already do so, subscribe to the podcast. You can find links to audio versions of this podcast, listed as insights in the Technology. You can find audio and video versions of all the networks. Podcast listed as insights into things, where anywhere you get a podcast these days, we’d also invite you to give us your feedback.

00:55:58:01 – 00:56:24:12
Joseph
Tell us how you’re doing. What’s your take on some of these stories? What’s your take on our take on some of these stories? You can email us at. Comments and insights into things that come. You can call in and leave a voicemail for us at eight, five, 64038788. That’s (856) 403-8788. We do stream five days a week on Twitch at Twitch.tv.

00:56:24:16 – 00:56:51:14
Joseph
Slash insights into things. If you’re an Amazon Prime subscriber, you do get. Not only do you get Alexa Plus, now you also get a free monthly Twitch Prime subscription. If you threw that our way, we’d be grateful you could find us, on blue Sky as insights into things. You can find us on LinkedIn as insights into things productions.

00:56:51:17 – 00:57:09:20
Joseph
We’re also on Facebook as Insights into Things podcast, Instagram, as insights into things. Or you can go to our website and get links to all that and more at insights in the things.com. That’s it. Another one in the books.