Preview Mode Links will not work in preview mode

Thanks for joining us! Let me know if there are any topics you'd like us to cover by sending an email to me at craigpeterson . com!

Oct 18, 2019

Welcome Back!  

The big buzz word is Two-Factor or Multi-Factor Authentication when it comes to privacy, but there is a dirty little secret. In this segment, I will explain what is going on and why Biometrics is not the answer.

For more tech tips, news, and updates visit - CraigPeterson.com

---

Related Articles:

It is People and Shortcuts Not MFA thatโ€™s the Issue and Biometrics is not the Answer

---

Automated Machine-Generated Transcript:

Craig
Hello everybody quick waves everybody watching on video. Of course, we're are out on Facebook and YouTube. You can find me online Just go to Craig Peterson comm slash YouTube if that's what you want or slash Facebook, you'll see me there as well. Making sure all the equipment's working right, it looks like we are all set there. So let's get this whole thing going. There's the way there we go. Alright, so first up here, we were talking about some of the big problems that we have when it comes to encryption and the government's encroachment on the encryption. And it shouldn't come as a surprise to anybody because frankly, governments have been trying to monitor the people for a long time and that's why we have some of the laws and rights in the Constitution. And as I mentioned, I put an article wrote an article and put it up on my site at Craig Peterson dot com about all of this Well, now we're going to talk about the FBI. For those that aren't aware, I'm a member of something called the FBI infra guard program. And this is a program the FBI put together many years ago that's designed to help the FBI work with the critical infrastructure here in the US. And that means businesses that might be involved in financial transactions might be involved in manufacturing. In my case, I'm involved because of course, I do the security stuff. Hey, and if you're interested in working with me, let me know just me at Craig Peterson dot com, but you should be a member of FBI in regards to if you can pass a pretty simple background check near as I can tell, the background check is have you murdered anyone recently? Now this is not the normal FBI background check at all, but they want to make sure you're legit, you have a legitimate need to get this information and that you are going to participate in the program. So I have been involved with that for a while I get a lot of information from the FBI and from some other sources. I'm signing up also for some state of New Hampshire and, and mass and main sources to we'll see how that all goes. But the bottom line is, we need to know as the people who are the de facto security people in our organization or maybe we are trained security people, we need to know what's going on right now. So being a member of the info guard, and you can just go to info guard infragard.org enough regard as an infrastructure Guardian, I guess. infra guard.org you can sign up right there on the website. You can join your local chapter, there are chapters in pretty much every state. Some of them meet quarterly some of the monthly I was running for a couple of years. The FBI is online training the FBI infra guard webinars. As well as doing training for people. And of course, I continue to do a lot of that training. That's what this free training is that you guys sign up for and participate in. And then this week, of course, I've been doing the whole training on VPN. Next week, we're going to talk about mobile devices and then moving on to Wi Fi. And then we're moving on to security compliance for people might have compliance issues. But that's what I've been doing. And I've frankly, I've been really enjoying and helping out a lot of different people and businesses. So right now we have the FBI cyber Task Force, releasing what they call a pin now you'll get all of these pins as an infra garden member. Pin stands for private industry. Notice now these pins have different levels grades on them. A green means space that he can share with anybody and then it gets to yellow which is kind of a need to know basis. And then there's probably other colors that they just don't let me see or other infra garden members because they're not stupid. KC, but that that's what these pins are private industry notices. And they came out with one telling businesses to adopt biometric factors. Now, this, frankly, is a very big deal. And when we're talking about the biometric factors that we need to be worried about, they are

basically saying, Hey, listen, when you log in to a site, or when you have a way to authorize yourself, the best thing to do is have something you know, and something you have, well, something you know, would be a password. Something you have might be like what we use internally, it is called DUO.  In order to verify who we are, and it's a one-time password thing and it works great. But there might be something else too. And that is the biometric thing. So in some cases like on my MacBook Pro My laptop has a fingerprint reader that I can use to unlock things. Plus, I have a thumb key a USB key that I can stick into it that I have. And again, that's something I have. So biometric is really good for multifactor authentication. It's not perfect. It depends, right? We already know, to not use some of the older Samsung fingerprint readers because they can be easily defeated. But and there are problems as well with some of these facial recognition systems. But multifactor authentication is really where they're going. So this is an article from the Czech Republic that I have up on Craig peterson.com. And he's saying that Microsoft's group program manager for identity protection, Alex Weiner. So this is a guy that should know he's working for Microsoft, they have to keep their data You know, quiet, they have to keep it private. They want to keep their customer's data private. So this is a guy in the know, he said accounts that are using multi-factor authentication, we're more than 99.9% less likely to be compromised. Now, this is kind of interesting, because when we're going into Microsoft, and we're talking about Microsoft, there's something else that you might want to know. And that is that many managed services providers, and this includes some break, fix shops and things, but they are selling their customers office 365. And this includes huge companies, right? A lot of people go and buy from the big guys because then it's safer, right? And it's a bigger throat to choke and if something goes wrong, they can sue them and get the money out of them. All of which I disagree with entirely, right? Because the big guys don't care about you. They care about their bottom line. They have to, of course, keep their stock cool. Happy, there are smaller guys are paying more attention. But the IC the problem with most of the smaller guys is they don't keep up with these FBI pins, these private industry notices, they don't keep up with the latest in security. They're not moving their customers from one platform to another because they're selling them software as opposed to really selling them a service. So what we do and what I recommend you look for out there in a vendor is we have a monthly fee. And we will change the software that we're using to protect you will change to the hardware that we're using. If we're finding that there's something that's a lot better or if we find that there is a hole, we will fill that hole with new technology versus what normally what happens which is Okay, here you go. Here's the bill. Here's hardware, it's installed, See you later. The same thing over and over again. It's true with the, you know, anti-malware stuff, people are selling you, the Norton or the Symantec or some other sort of antivirus software, which, frankly, just plain old just doesn't work, right? It doesn't work well enough. So you got to be very, very careful. Google made a similar claim, by the way, in a blog post in May. So here's what happened. A huge, huge managed services provider got hacked. How did they get hacked? Well, it turns out they weren't using multifactor authentication, I already told you about how we are using multiple layers of multifactor authentication to protect our stuff, including we're using multifactor authentication for all of our Microsoft software and services that we're selling like the office 365, etc. So we're better than 99.9% less likely to be compromised, then these other guys and these big guys, what Microsoft has done now is they're forcing most these so-called managed services providers and people are just hanging up a shingle saying the managed services providers, and they can't manage services. They just don't know what they're doing. This is too complicated for them, but they hang up a shingle anyways. So Microsoft said, Okay, well, we're not going to stop them from selling our software because we want to make money.

We're going to go ahead and force them to use multi-factor authentication. So there you go. FBI has a big warning out Microsoft is now forcing people to start using multifactor authentication, for very, very good reasons. Sim swapping there. There's a whole bunch of stuff. Do you want to learn more about this? You can find this article up on my website that Craig Peterson dot com, stick around. When we get back, we're going to be talking about cyber theft. And, you know, if you think your data is not a target, you're wrong, and we'll explain why when we get back, you're listening to Craig Peterson and WGAN and online, Craig Peterson dot com

Transcribed by https://otter.ai

 

---

More stories and tech updates at:

www.craigpeterson.com

Don't miss an episode from Craig. Subscribe and give us a rating:

www.craigpeterson.com/itunes

Follow me on Twitter for the latest in tech at:

www.twitter.com/craigpeterson

For questions, call or text:

855-385-5553