Please Regulate Me – DTNS 4054

A bipartisan group of US Senators Brian Schatz, John Thune, Raphael Warnock, and John Kennedy proposed a bill Wednesday called the Unsubscribe Act. Companies would be required to make terms and conditions more transparent when offering a free trial. US Senator Kirsten Gillibrand has revamped the Data Protection Act she introduced last year. Co-sponsored by Senator Sherrod Brown, it would establish a federal agency to oversee data privacy in the country.

Starring Tom Merritt, Sarah Lane, Justin Robert Young, Roger Chang, Amos, Joe


MP3 Download


Using a Screen Reader? Click here

Multiple versions (ogg, video etc.) from Archive.org

Follow us on Twitter Instgram YouTube and Twitch

Please SUBSCRIBE HERE.

Subscribe through Apple Podcasts.

A special thanks to all our supporters–without you, none of this would be possible.

If you are willing to support the show or to give as little as 10 cents a day on Patreon, Thank you!

Become a Patron!

Big thanks to Dan Lueders for the headlines music and Martin Bell for the opening theme!

Big thanks to Mustafa A. from thepolarcat.com for the logo!

Thanks to our mods Jack_Shid and KAPT_Kipper on the subreddit

Send to email to feedback@dailytechnewsshow.com

Show Notes
To read the show notes in a separate page click here!

Google’s Tivoli To Use AI To Teach Foreign Languages in Search – DTH

DTH-6-150x150The Information’s sources say Google is working on a project called Tivoli to use AI to teach foreign languages in search, the Windows 11 UI leaks, and Chinese regulators launch an antitrust probe into Didi Chuxing.

MP3

Please SUBSCRIBE HERE.

You can get an ad-free feed of Daily Tech Headlines for $3 a month here.

A special thanks to all our supporters–without you, none of this would be possible.

Big thanks to Dan Lueders for the theme music.

Big thanks to Mustafa A. from thepolarcat.com for the logo!

Thanks to our mods, Kylde, Jack_Shid, KAPT_Kipper, and scottierowland on the subreddit

Send us email to feedback@dailytechnewsshow.com

Show Notes
To read the show notes in a separate page click here!

About Multi-Factor Authentication

KALM-150x150"Tom explains multi-factor authentication and why it may be the future of online security.

Featuring Tom Merritt.

MP3

Please SUBSCRIBE HERE.

A special thanks to all our supporters–without you, none of this would be possible.

Thanks to Kevin MacLeod of Incompetech.com for the theme music.

Thanks to Garrett Weinzierl for the logo!

Thanks to our mods, Kylde, Jack_Shid, KAPT_Kipper, and scottierowland on the subreddit

Send us email to feedback@dailytechnewsshow.com

Episode Script
This website wants me to sign up for text messages to log in but I heard that’s not secure?
But then everybody is telling me I should use 2FA?
Except for that one person who’s always telling me it’s MFA? Do I need an arts degree?
Are you confused?
Don’t be.
Let’s help you Know a Little more about Multi Factor Authentication

Multi-factor authentication or MFA is the idea that if you have to use more than one thing to log in to something, it will be harder for the bad folks to gain access to your login credentials.
You may be more familiar with the phrase two factor authentication. That is one of the most common forms of multi factor authentication. To successfully prove that you are you you– you have to have two things, say– something you know, like your password, and something you have, like a special USB key. The most common two-factor authentication is an ATM. You combine something you have, your ATM card with something you know, your PIN, to get access to something you want, your money.
In whatever case, MFA means that if someone has your password — or PIN–, your login is still protected because they don’t have the USB key or your ATM card. They need both and that’s harder to get. Not impossible but harder. And security is all about making things harder to breach.
There are four common factors that can be used in multi-factor authentication
Knowledge – something you know – like a password, a PIN or an answer to a security question
Possession – something you have, like a USB key, smart card, access badge or an app or text message that delivers one-time passwords (more on that later)
Inherence – which is a fancy way of saying something you are, like your face, retina, voice, iris or fingerprint. Behavioral analysis can also be used here, like your pattern of typing for instance.
And 4. Location- which could be GPS coordinates or connection to a specific computer network.
Now MFA systems don’t have to use all 4. Location for instance isn’t a factor that’s useful in all situations. But they use at least two or three.
Multi-factor authentication has come about because passwords are notoriously bad at protecting security. If you make a really long secure password, it may be hard to guess but it’s also hard to remember and to use. That’s why password managers are often recommended. They create a single point of failure, but that’s still more secure than using easily memorable — and therefore easily guessable– passwords or worse using the same password everywhere so that if it’s leaked in one place all your accounts are compromised.
Now you may reasonably ask, “Well why use a password at all? Why not just use the USB key?”
One answer is that not everything is accessible to a USB key. A more common second factor is a time-generated code or one-time password. Google Authenticator, Authy and other apps, or even battery-powered keychain dongles, can provide a code that changes every 30 seconds or so on a replicable mathematical principle that can be easy to sync up but really hard for an attacker to guess. This isn’t exactly something you know because even you can’t predict it easily, you have to have the app or dongle, so it counts as separate factor from your regular unchanging password.
But again, why not just use that code then? To be honest you could. If everybody used those authenticator apps you might see that. But it’s still not as secure as a second factor. If someone gets access to your phone with the Authy app on it for example they could then log in to all your accounts. So having a second factor– even just a PIN– makes it harder to get in because you have to breach two things.
And think about this. Having two factors, neither of which are a password is even more secure. Say, a fingerprint and an Authy code.
And if you want to be really secure, you can have more than two.
It’s understandable to let your mind drift toward wondering why everybody just doesn’t use the most secure system possible. But what system is that? Three factors? Four? How about seven factors? At a certain point you lose compliance because people don’t want to go through the trouble of using a dozen factors to log into something, even really sensitive stuff.
And when you’re talking about a Twitter account it’s hard enough to get people to use two factors.
So you not only need multiple factors but they need to be fairly easy for the user to use or the user will just end up finding a way to be insecure or possibly stop using the product.
That’s why text messages are often used as a second factor. A one-time text message code and a password is about the least secure MFA out there. That’s because the delivery of text messages are not robustly secured. We don’t have time to go into all the ways someone can get hold of your phone number and redirect text messages to themselves– sometimes without you even knowing– sometimes by tricking you into giving them the SMS code in a phishing attack. It takes some effort, so it doesn’t happen on a mass scale, but it can done and is. But most people have text messaging and it’s easy, so it has become the most widespread MFA.
And don’t forget we’re fallible humans. So we need backups systems. If you lose your USB key you might lose access to your account. So systems often provide backups. One fairly secure backup is a printout of pre-approved codes as a second factor -something you have. But you might misplace those too you know, forget where you put them. That’s why most often companies use text messaging as the backup. If you lose your USB key you can use text messaging as a backup. But remember, you’re only as secure as the weakest method in your security. So if you are using a hardware key for a second factor but ALSO have text messaging turned on as a backup method, you might as well not use the hardware key. The attackers will go after the text message factor if they go after you at all.
The other reason we don’t see MFA more often or see less secure version is cost.
While hardware-based keys are very secure they’re proprietary and you have to pay to use them on your system, sometimes annually. There are also support costs associated with handling cases where people lose their access because they lost a factor or are just confused how to make the whole work.
But there is hope as we talked about in our episode on FIDO. MFA can be collapsed into ways that are easy and secure. Face ID on a Phone for instance is technically two factors. Something you have, the phone, and something you are, the face.
And there’s something called Adaptive Authentication. It uses machine learning to estimate how likely a login attempt is to be valid. It looks at location, time, device and network among other data to estimate risk and adapt the security accordingly. The idea is that if you always login at the same time on the same network from the same computer at the same location, your login will speed along, because it’s not unusual. But if your account is being accessed from a different country than you are usually in, on a device the system has never seen from an IP address it doesn’t recognize in the middle of the night, the security barrier goes way up.
You can start to see how MFA can someday be used to make it very easy to log in securely to your accounts, and therefore every site will use it.
Until then turn on MFA on every account you can, and use the most secure version you can.
This won’t protect you from every possible threat but at least you’ll know you’re a little more secure than you were before.
In other words…I hope now you know a little more about MFA

Windows goes to 11 – DTNS 4053

Google will open its first retail store at 76 Ninth Avenue in New York City Thursday at 10 AM. The Wall Street Journal says in 2016 Apple began developing a way to offer primary-care through a subscription based personalized health program using data from devices combined with virtual and in-person primary care visits. And the entire Windows 11 interface has leaked online.

Starring Tom Merritt, Sarah Lane, Scott Johnson, Roger Chang, Amos, Joe


MP3 Download


Using a Screen Reader? Click here

Multiple versions (ogg, video etc.) from Archive.org

Follow us on Twitter Instgram YouTube and Twitch

Please SUBSCRIBE HERE.

Subscribe through Apple Podcasts.

A special thanks to all our supporters–without you, none of this would be possible.

If you are willing to support the show or to give as little as 10 cents a day on Patreon, Thank you!

Become a Patron!

Big thanks to Dan Lueders for the headlines music and Martin Bell for the opening theme!

Big thanks to Mustafa A. from thepolarcat.com for the logo!

Thanks to our mods Jack_Shid and KAPT_Kipper on the subreddit

Send to email to feedback@dailytechnewsshow.com

Show Notes
To read the show notes in a separate page click here!

Facebook’s Oversight Board Accepts Its First Policy Advisory Opinion – DTH

DTH-6-150x150Facebook’s Oversight Board received and accepted its first policy advisory opinion on rendering private information ‘publicly available,” Apple reported started a primary-care healthcare project in 2016, and Cyberpunk 2077 returns to the PlayStation Store.

MP3

Please SUBSCRIBE HERE.

You can get an ad-free feed of Daily Tech Headlines for $3 a month here.

A special thanks to all our supporters–without you, none of this would be possible.

Big thanks to Dan Lueders for the theme music.

Big thanks to Mustafa A. from thepolarcat.com for the logo!

Thanks to our mods, Kylde, Jack_Shid, KAPT_Kipper, and scottierowland on the subreddit

Send us email to feedback@dailytechnewsshow.com

Show Notes
To read the show notes in a separate page click here!

What Happens After You Brag About NFTs – DTNS 4052

NFTs have gotten a bad rap for being involved in crazy prices for questionable artwork but is there more to NFTs outside making digital art collectible? Christian Cantrell to give us what possibilities there are for the blockchain based token.

Starring Tom Merritt, Sarah Lane, Christian Cantrell, Roger Chang, Amos, Joe


MP3 Download


Using a Screen Reader? Click here

Multiple versions (ogg, video etc.) from Archive.org

Follow us on Twitter Instgram YouTube and Twitch

Please SUBSCRIBE HERE.

Subscribe through Apple Podcasts.

A special thanks to all our supporters–without you, none of this would be possible.

If you are willing to support the show or to give as little as 10 cents a day on Patreon, Thank you!

Become a Patron!

Big thanks to Dan Lueders for the headlines music and Martin Bell for the opening theme!

Big thanks to Mustafa A. from thepolarcat.com for the logo!

Thanks to our mods Jack_Shid and KAPT_Kipper on the subreddit

Send to email to feedback@dailytechnewsshow.com

Show Notes
To read the show notes in a separate page click here!