Apple Reports Its Fiscal 4th Quarter – DTH

DTH-6-150x150Apple reports its fiscal 4th quarter, Microsoft employees lose free Xbox Game Pass Ultimate benefit, and legacy HBO Max subscribers lose 4K streaming…

MP3

Please SUBSCRIBE HERE.

You can get an ad-free feed of Daily Tech Headlines for $3 a month here.

A special thanks to all our supporters–without you, none of this would be possible.

Big thanks to Dan Lueders for the theme music.

Big thanks to Mustafa A. from thepolarcat.com for the logo!

Thanks to our mods, KAPT_Kipper, and PJReese on the subreddit

Send us email to feedback@dailytechnewsshow.com

Show Notes
To read the show notes in a separate page click here.

Remember Jan Pocalypse? – DTNS 4638

What do the latest earnings calls from chipmaker mean for the PC market and longer term will the growing popularity of AI help the industry? And can two former Google Nest engineers disrupt the robotic vacuum market? Plus Comcast is ready to let go of Hulu, but Disney still needs to agree to a price.

Starring Tom Merritt, Sarah Lane, Justin Robert Young, Roger Chang, Joe.

MP3 Download


Using a Screen Reader? Click here

Download the (VIDEO VERSION), here.

Follow us on Twitter Instgram YouTube and Twitch

Please SUBSCRIBE HERE.

Subscribe through Apple Podcasts.

A special thanks to all our supporters–without you, none of this would be possible.

If you enjoy what you see you can support the show on Patreon, Thank you!

Become a Patron!

Big thanks to Dan Lueders for the headlines music and Martin Bell for the opening theme!

Big thanks to Mustafa A. from thepolarcat.com for the logo!

Thanks to our mods Jack_Shid and KAPT_Kipper on the subreddit

Send to email to feedback@dailytechnewsshow.com

Show Notes
To read the show notes in a separate page click here!


Disney To Become The Sole Owner Of Hulu – DTH

DTH-6-150x150Disney is buying Comcast’s remaining stake in Hulu, Nokia is suing Amazon and HP for patent infringement, and Apple’s new M3 Max performs about like the M2 Ultra…

MP3

Please SUBSCRIBE HERE.

You can get an ad-free feed of Daily Tech Headlines for $3 a month here.

A special thanks to all our supporters–without you, none of this would be possible.

Big thanks to Dan Lueders for the theme music.

Big thanks to Mustafa A. from thepolarcat.com for the logo!

Thanks to our mods, KAPT_Kipper, and PJReese on the subreddit

Send us email to feedback@dailytechnewsshow.com

Show Notes
To read the show notes in a separate page click here.

About Authenticator Apps

KALM-150x150"

What if you could have a secure password generated fresh each time you need it? Authenticator apps do just that. Tom explains how.

Featuring Tom Merritt.

MP3

Please SUBSCRIBE HERE.

A special thanks to all our supporters–without you, none of this would be possible. Become a supporter at the Know A Little More Patreon page for exclusive content and ad-free episodes.

Thanks to Kevin MacLeod of Incompetech.com for the theme music.

Thanks to Garrett Weinzierl for the logo!

Thanks to our mods, Kylde, Jack_Shid, KAPT_Kipper, and scottierowland on the subreddit

Send us email to feedback@dailytechnewsshow.com

Episode transcript:

If you’ve heard our episode on multifactor authentication, you probably already know that authenticator apps are one of your choices for securing an account. If you haven’t, here’s a quick explanation. Multifactor authentication makes your account more secure by requiring two different types of authentication to log you in. Typically this is a password, something you know, and a second thing, something you have. The something you have could be a physical object like a Yubikey – that you stick in a USB port, or might could also be a text message with a code you need to type in, – making the something you have be your phone- which is probably the most common method people will experience these days. But SMS can be intercepted sometimes, so a more secure way, that is a bit more convenient than a physical key, is an authenticator app. The app generates a new numeric code on a set time scale. Typically a six-digit code every 30 seconds. When you log in you put in your password, then the site asks for your code. You open the authenticator app, look at the code, type it in, and you’re in.
It’s secure because you’re the only one who has your phone and the code is not traveling over the internet (or by text message), so nobody can intercept it. But if there’s no communication between the site and your authenticator app, how does it know your code is right?
Let’s help you know a little more about authenticator apps.
The code the authenticators generate is called a Time-based One-Time Password or TOTP. Why not TBOTP? I think you can immediately tell why.
Anyway It’s all right there in the name, time-based one-time. It’s a code that is only meant to be used once, and within a limited amount of time. It’s different from your regular password because you don’t know it. You have to look at the authenticator generating it, to know what it is at any given moment. And since you have the app, it counts as something you have.
So where does that code- that TOTP come from? How is that made. It is created by an algorithm. Identical versions of the algorithm run both in your authenticator app and the server you are trying to log into. To distinguish your code from all the other people trying to log in, you use a shared secret that only the server and the authenticator app have access to.
Typically the shared secret is created on the server and then shared with the authenticator app. It’s quite often a QR code you scan, since the apps usually run on phones with cameras. But it can also be a longer code you type in manually.
Either way the connection to the server is end-to-end encrypted to stop any eavesdropping. And the shared secrets are stored with strong encryption at rest on both ends.
That secret is unique to the device it’s on and to the user it’s associated with on the server. There’s a lot of complex math of course to make it hard to predict but essentially, to oversimplify, the algorithm makes what’s called a hash combining the current time to the nearest 30 seconds with your shared secret.
And no, you don’t need to be in the same time zone as the site you’re logging into.
The time isn’t your clock time, it’s UNIX time, so it’s not affected by time zones. Unix time is the number of seconds elapsed from January 1, 1970 00:00:00 UTC. The server and the device just need to have a way of tracking current time either by an internal clock or checking server time. Even so, there may be some drift between the two, especially because of internet latency and such. So the time is usually rounded to the nearest thirty seconds so your clocks just need to be close, not precisely the same. As long as the device you have can calculate the correct time within 30 seconds, then it will calculate the same number as the server.
That code refreshes with a new one every 30 seconds so that if someone were to see your code they couldn’t use it later. And because humans can be slow, some implementations will count the previous code as accurate, but that still limits the usefulness to 60 seconds.
Here’s another way to think about it.
Kelly and Al want to be certain that their text messages have not been compromised. So they agree on a system to put a code in their text messages so they can be sure it’s them. However they’re really paranoid, so they want to change the code every hour, that way somebody can’t just see one of their messages and have the code. But they also can’t always be checking in with each other on the code, or else why would they need to text right? So they agree to take their mutual favorite number, 1,590,876 and multiply it by the hour. So at 10 AM the code would be 15,908,760 but at 11 AM the code would be 17,499,636. Granted it wouldn’t be impossible for someone to reverse engineer this, so in practice TOTP systems use much more complicated hashing algorithms that are almost impossible to reverse engineer with current computer power.
The point of all this is that if your username and password gets leaked, an attacker would not be able to get into your account without also getting your authenticator code. And to get the code they would need to get your device away from you or crack into the server and get the algorithm and decrypt the shared secret. The server method is extremely hard. The device method would also be hard and made more difficult if you protect the phone on which you run the authenticator app with thumbprint or Face ID and a hard to crack passcode.
Of course the downside is that if you lose your phone, you lose the authenticator app. Most sites have a recovery mechanism in those cases but they intentionally make them very difficult to deter malicious actors. Apps like Authy let you share your secret between devices, and store it in the cloud but that does mildly reduce the security since you have more than one device that could be stolen. You’re also trusting their cloud encryption to protect your shared secret. Similar to how you trust the server of course, but now all your shared secrets are in one place.
But in the end it’s pretty simple. You share a secret securely between the app and the server you want to log into. Your app and the server use the same algorithm to calculate a code based on the UNIX time and your shared secret. That code changes every 30 seconds or so but all you need to do is have your phone on you and look at it and type it in when you need to log in. And your login is made more secure.
Passkeys are going to make this process even easier by automating some of this process for you so you don’t have to do anything but have the device. We have an episode about Passkeys as well if you want to find out more about those.
Thanks to BigJim for the email suggesting this topic! I hope he and you know a little more about authenticator apps.

CREDITS
Know A Little More is available without ads to direct supporters at patreon.com/knowalittlemore. It was researched, written and hosted by me, Tom Merritt. Editing and production provided by Anthony Lemos and Dog and Pony Show Audio. It’s issued under a Creative Commons Share Attribution 4.0 International License.

Will Bungie Bounce Back? – DTNS 4637

Sony-owned Bungie laid off around 100 people. What does it mean for the Destiny game and what does it say about the health of the industry? And YouTube has launched its ad-blocker prevention efforts worldwide. Plus which types of searches generated the most ad revenue for Google?

Starring Tom Merritt, Sarah Lane, Scott Johnson, Roger Chang, Joe.

MP3 Download


Using a Screen Reader? Click here

Download the (VIDEO VERSION), here.

Follow us on Twitter Instgram YouTube and Twitch

Please SUBSCRIBE HERE.

Subscribe through Apple Podcasts.

A special thanks to all our supporters–without you, none of this would be possible.

If you enjoy what you see you can support the show on Patreon, Thank you!

Become a Patron!

Big thanks to Dan Lueders for the headlines music and Martin Bell for the opening theme!

Big thanks to Mustafa A. from thepolarcat.com for the logo!

Thanks to our mods Jack_Shid and KAPT_Kipper on the subreddit

Send to email to feedback@dailytechnewsshow.com

Show Notes
To read the show notes in a separate page click here!


Governments Declare AI Should be Safe – DTH

DTH-6-150x150YouTube launches its ad-blocker fight worldwide and a Chinese phone maker breaks into the top 5 in the world.

MP3

Please SUBSCRIBE HERE.

You can get an ad-free feed of Daily Tech Headlines for $3 a month here.

A special thanks to all our supporters–without you, none of this would be possible.

Big thanks to Dan Lueders for the theme music.

Big thanks to Mustafa A. from thepolarcat.com for the logo!

Thanks to our mods, KAPT_Kipper, and PJReese on the subreddit

Send us email to feedback@dailytechnewsshow.com

Show Notes
To read the show notes in a separate page click here.

Streaming is a Horror – DTNS 4636

Charlotte Henry helps us understand how streaming is creating a boom in horror flicks. Plus Apple announced its new M3 SoC and new pricing on its MacBook’s. And an Alliance of countries have banded together to say no to paying ransom to cyber-criminals.

Starring Sarah Lane, Robb Dunewood, Charlotte Henry, Roger Chang, Joe.

MP3 Download


Using a Screen Reader? Click here

Download the (VIDEO VERSION), here.

Follow us on Twitter Instgram YouTube and Twitch

Please SUBSCRIBE HERE.

Subscribe through Apple Podcasts.

A special thanks to all our supporters–without you, none of this would be possible.

If you enjoy what you see you can support the show on Patreon, Thank you!

Become a Patron!

Big thanks to Dan Lueders for the headlines music and Martin Bell for the opening theme!

Big thanks to Mustafa A. from thepolarcat.com for the logo!

Thanks to our mods Jack_Shid and KAPT_Kipper on the subreddit

Send to email to feedback@dailytechnewsshow.com

Show Notes
To read the show notes in a separate page click here!


Apple Unveils M3 Chips, New MacBook Pros, And A New iMac – DTH

DTH-6-150x150Apple unveils the M3 family of Chips, X is valued at $19 billion, and the SEC sues Solarwinds…

MP3

Please SUBSCRIBE HERE.

You can get an ad-free feed of Daily Tech Headlines for $3 a month here.

A special thanks to all our supporters–without you, none of this would be possible.

Big thanks to Dan Lueders for the theme music.

Big thanks to Mustafa A. from thepolarcat.com for the logo!

Thanks to our mods, KAPT_Kipper, and PJReese on the subreddit

Send us email to feedback@dailytechnewsshow.com

Show Notes
To read the show notes in a separate page click here.

AI Defense is Ramping Up – DTNS 4635

Meta’s ad-free subscription version of Facebook and Instagram will be available in the EU, the EEA, and Switzerland starting next month. Google has announced research into audio plethysmography that uses the hardware for active noise canceling to sense heart rate. And US president Joe Biden has issued an executive order directing government agencies to develop safety guidelines around generative AI.

Starring Tom Merritt, Sarah Lane, Roger Chang, Joe.

MP3 Download


Using a Screen Reader? Click here

Download the (VIDEO VERSION), here.

Follow us on Twitter Instgram YouTube and Twitch

Please SUBSCRIBE HERE.

Subscribe through Apple Podcasts.

A special thanks to all our supporters–without you, none of this would be possible.

If you enjoy what you see you can support the show on Patreon, Thank you!

Become a Patron!

Big thanks to Dan Lueders for the headlines music and Martin Bell for the opening theme!

Big thanks to Mustafa A. from thepolarcat.com for the logo!

Thanks to our mods Jack_Shid and KAPT_Kipper on the subreddit

Send to email to feedback@dailytechnewsshow.com

Show Notes
To read the show notes in a separate page click here!


President Biden Signs Executive Order on AI – DTH

DTH-6-150x150Meta announces ad-free subscriptions for EU adults, Western Digital splits flash and hard drive businesses, Microsoft cuts off 3rd party Xbox accessories.

MP3

Please SUBSCRIBE HERE.

You can get an ad-free feed of Daily Tech Headlines for $3 a month here.

A special thanks to all our supporters–without you, none of this would be possible.

Big thanks to Dan Lueders for the theme music.

Big thanks to Mustafa A. from thepolarcat.com for the logo!

Thanks to our mods, KAPT_Kipper, and PJReese on the subreddit

Send us email to feedback@dailytechnewsshow.com

Show Notes
To read the show notes in a separate page click here.