Artwork for podcast The Backup Wrap-Up
Largest Data Breach in History: What You Need to Know
23rd June 2025 • The Backup Wrap-Up • W. Curtis Preston (Mr. Backup)
00:00:00 00:49:09

Share Episode

Transcripts

Speaker:

You found the backup wrap up your go-to podcast for all things

Speaker:

backup recovery and cyber recovery.

Speaker:

In this episode, we talk about what's being called the largest

Speaker:

data breach in history, a massive 16 billion login credentials exposed

Speaker:

across 30 different databases.

Speaker:

I'm joined by my co-author, Dr. Mike Saylor and my co-host Prasanna Malaiyandi.

Speaker:

And we break down what this means for you and your organization.

Speaker:

We'll talk about how this is actually not one breach, but a compilation of a

Speaker:

number of breaches stolen, using probably info stealer malware, why your browser

Speaker:

habits might be at risk, and what you need to do right now to protect yourself.

Speaker:

Mike shares some uncomfortable truths about browser security that,

Speaker:

uh, might make you question those.

Speaker:

50 tabs like I have.

Speaker:

Anyway, uh, this is a really good episode.

Speaker:

If you don't know who I am, I'm w Curtis Preston, AKA, Mr. Backup,

Speaker:

and I've been handling backup and recovery for over 30 years ever since.

Speaker:

I had to tell my boss that we had no backups of that production database

Speaker:

that we had just lost . On this podcast, we turn unappreciated backup

Speaker:

admins into cyber recovery heroes.

Speaker:

This is the backup wrap up.

Speaker:

Welcome to the show.

Speaker:

Hi, I am w Curtis Preston, AKA, Mr. Backup, and today is a special day.

Speaker:

We actually have a couple of folks with us, and of course.

Speaker:

We will start as always, with my favorite world traveler Prasanna.

Speaker:

Molly.

Speaker:

Andi, welcome back to my time zone.

Speaker:

Thank you Curtis.

Speaker:

It's good to be back and I think my jet lag is crossing

Speaker:

my fingers almost all gone now.

Speaker:

I, uh, am no longer waking up at like three 30 in the morning.

Speaker:

Um, it was great from a productivity perspective because you can

Speaker:

get a lot of work done when no one else is awake, but it

Speaker:

Yeah.

Speaker:

kind of painful when you're trying to stay awake at like 6:00 PM so I'm glad to be

Speaker:

Right.

Speaker:

time zone.

Speaker:

Yeah, I can, I, I can understand that.

Speaker:

And we also have like, I don't know, I'm gonna say the best co-author

Speaker:

I've ever had since I've never had another co-author, Mike Sailor.

Speaker:

How's it going, Mike?

Speaker:

It's going well guys.

Speaker:

Good to, good to be back on the air with you.

Speaker:

You and I are, we are in the final throes of the rough draft of our upcoming book,

Speaker:

learning Ransomware Response and Recovery.

Speaker:

Um, it's, um, I, I, what, what's it been like for you to, to, to write this?

Speaker:

I will tell you it's been, uh, it's been great for me, uh,

Speaker:

having a co-author, uh, the,

Speaker:

Have it only do, have to only do part of it.

Speaker:

Absolutely.

Speaker:

Well, and, and, someone, uh, someone that I can say, uh, you know, we're,

Speaker:

we're right there together, right?

Speaker:

So, uh, I'm

Speaker:

yeah,

Speaker:

because we're both behind.

Speaker:

yeah.

Speaker:

There is.

Speaker:

There is that.

Speaker:

There is like we're constantly, yeah.

Speaker:

Um, and um.

Speaker:

Yeah, it's, it's been great.

Speaker:

And, and I like that, you know, there, obviously there are areas where, you

Speaker:

know, I'm the SME and there's areas where you're the SME and there's, and, and,

Speaker:

and many of those areas we often pretend to be the SME, uh, 'cause, you know, you

Speaker:

gotta fake it till you make it right.

Speaker:

But we, it, it's great that we have, we could say, okay, look, I,

Speaker:

I did this part of the chapter and I really need you to take a look at it,

Speaker:

Right.

Speaker:

to make sure that, uh, you know, it's, it's correct.

Speaker:

Um, and that's been great.

Speaker:

How you guys are splitting up the book between Mike dealing with a lot

Speaker:

of security stuff, you dealing with

Speaker:

Yeah.

Speaker:

stuff, it's just like an organization, right?

Speaker:

If the two organiza or two business units, right, security and backup

Speaker:

don't talk to each other, right?

Speaker:

Then you're gonna have a very poor ransomware recovery, um,

Speaker:

solution as a company, right?

Speaker:

Yeah.

Speaker:

Versus if you actually work together, then you can actually come up with great ways

Speaker:

I.

Speaker:

and recover from these issues.

Speaker:

So what

Speaker:

Yeah.

Speaker:

And

Speaker:

is exactly how like

Speaker:

We're setting an example, Curtis,

Speaker:

Exactly.

Speaker:

we're setting an example and it's great because, you know, even on the areas

Speaker:

where you know, you know more than I do, or I know more than you do, like.

Speaker:

We're still giving feedback on that area.

Speaker:

Right.

Speaker:

Um, and, um, because even if you're, if you're not a specialist in something,

Speaker:

you can still, uh, you know, Prasanna, we joke about, you know, when you first,

Speaker:

you and I first started doing this recording, you know, so you said you

Speaker:

were playing the dumb guy in the room.

Speaker:

You, you were, you, you have been, although you were absolutely

Speaker:

not the dumb guy in the room.

Speaker:

One of your best traits here is that you ask really great questions, right?

Speaker:

And, um, so yeah.

Speaker:

Anyway, so I'm, I'm excited that we're getting, um, you know, really close

Speaker:

to being done with the rough draft.

Speaker:

Then we just have to edit.

Speaker:

Um, and hopefully there's not too, you know, and we go through the

Speaker:

tech review process, which is, uh,

Speaker:

so

Speaker:

um,

Speaker:

when can they

Speaker:

yeah,

Speaker:

this?

Speaker:

Is

Speaker:

Well have

Speaker:

that's a great question.

Speaker:

there is a.

Speaker:

this year?

Speaker:

I.

Speaker:

is an early release version already out there and Curtis, I don't know if you've

Speaker:

looked at that, but they weren't kidding.

Speaker:

Yeah,

Speaker:

unedited, I mean, there are spelling mistakes and I mean, I was

Speaker:

yeah,

Speaker:

did

Speaker:

yeah,

Speaker:

it out?

Speaker:

yeah.

Speaker:

If you sign up for the O'Reilly Learning Platform, uh, you can get the, you

Speaker:

know, the, you can get a, you can get access to the, um, to the 100%

Speaker:

there's

Speaker:

unedited.

Speaker:

Um.

Speaker:

Yeah.

Speaker:

Yeah.

Speaker:

Um, and we've written now like 10 or 11 chapters.

Speaker:

Uh, so they get, it goes through some, some review, but very, very

Speaker:

little, and then it goes out.

Speaker:

So yeah, you can get, uh, access to, uh, the unedited version now and, uh,

Speaker:

I

Speaker:

yeah.

Speaker:

look at the unedited version of chapter one, it's gonna look a lot different than

Speaker:

the final version from what I understand.

Speaker:

Uh, I did see the, the editor's notes on.

Speaker:

Uh, some of the, some of the things that I put into chapter one that

Speaker:

Mm-hmm.

Speaker:

take out, but I think chapter one, as it is, has a ton of information, even

Speaker:

though it might be kind of, uh, diluted a little bit to, to line up better with

Speaker:

the, the chapter flow and although the book flow and, and some of those other

Speaker:

Yeah.

Speaker:

early

Speaker:

Yeah,

Speaker:

one, I think is a value,

Speaker:

yeah.

Speaker:

Yeah.

Speaker:

So, uh.

Speaker:

Yeah.

Speaker:

Yeah, yeah.

Speaker:

It's been, um, yeah, it, it's, you know, because for those that don't

Speaker:

know, . There's a copy edit review, but there's also a tech review, right?

Speaker:

So we have a team of people who have Google Docs, uh, access, uh, not a

Speaker:

sponsor, um, Google Docs access to, uh, you know, basically the, the chapters

Speaker:

as we finish them, we give 'em in there.

Speaker:

They have a folder they go in and then they, you know,

Speaker:

they tell us what they think.

Speaker:

Um, and that's, that's, I think that's one of the best parts about how O'Reilly

Speaker:

writes books, um, is that that copy at Pro and you can invite as many people as

Speaker:

you are willing to take, uh, input from.

Speaker:

Right.

Speaker:

Um, so, um, Mike, I brought you in today because, uh, you know, there's

Speaker:

this article that, you know, I, I happen to see it in Forbes, but,

Speaker:

this, this, this link in Cyber News.

Speaker:

It seems to be original reporting.

Speaker:

Um, but there is this, this, you know, they're, they're calling it

Speaker:

the largest data breach in history, including 16 billion login credentials,

Speaker:

which for the record is two logins.

Speaker:

Per human on the planet.

Speaker:

Um, that's a lot there.

Speaker:

You know, they're saying there's over, there's gonna be overlapping credentials.

Speaker:

We don't really know what the credentials are.

Speaker:

We don't know.

Speaker:

We don't know where they came from.

Speaker:

Um, and so I just thought it'd be a great time to bring you

Speaker:

on and talk about this stuff.

Speaker:

Um, where do you think would be a good place to start?

Speaker:

Just give your overall thoughts about this, this, they're calling it a

Speaker:

breach, but I, I think it's actually many different breaches, right?

Speaker:

Well, I think similar to the Farmer's Almanac where we can use historical data

Speaker:

to predict future events, uh, I think we need a cyber almanac because this,

Speaker:

this, uh, largest breach in history happens about every two to three years.

Speaker:

Uh.

Speaker:

So there's this cycle, um, and the cycle is, primarily driven by complacency.

Speaker:

So this bad thing happens and we get really diligent and aware,

Speaker:

and then that dwindles and then the bad thing happens again.

Speaker:

And then we're hypervigilant and aware for a period of time and that just wears off.

Speaker:

And the, the things that we do to try to keep people more aware, um,

Speaker:

unfortunately don't rise to the level of newsworthy.

Speaker:

Right.

Speaker:

So being in the news is what concerns a lot of people and companies, and

Speaker:

everything below that is just kind of stuff we have to check the box and

Speaker:

do, and don't pay much attention to.

Speaker:

Um, and so I think that's, that's what drives a lot of the, the vulnerability

Speaker:

that results in these data breaches.

Speaker:

Um, but in this case, the, you know, it's just another large data breach.

Speaker:

Uh.

Speaker:

the idea that, you know, two, two credentials per human on the planet

Speaker:

and, if you narrow it down to just humans that have internet access, it's

Speaker:

probably more than two per person.

Speaker:

Right.

Speaker:

probably have.

Speaker:

Not to mention, not to mention adults and or people old enough to, you

Speaker:

know, use the internet, you know?

Speaker:

it's, the adults are probably the ones that got compromised.

Speaker:

The younger kids are like, there's no way, you know, my, my

Speaker:

stuff's gonna get compromised.

Speaker:

They, they do all the right things.

Speaker:

Uh, it's, it's

Speaker:

Right.

Speaker:

uh, in the, in our older years that are still trying to get acclimated

Speaker:

to, things that the, didn't,

Speaker:

Yeah, I,

Speaker:

we still don't read the manual.

Speaker:

Right.

Speaker:

right.

Speaker:

What's a what?

Speaker:

they

Speaker:

What's a manual?

Speaker:

Maybe AI reads it to them or their friends.

Speaker:

It's all peer, peer pressured, uh, security diligence, uh, on in the

Speaker:

Right?

Speaker:

younger crowd.

Speaker:

I have a. Question for your clarification.

Speaker:

So they talk about this as a data breach.

Speaker:

In my mind, a data breach involves sort of an attacker gaining access to

Speaker:

credentials by attacking the provider.

Speaker:

So a Facebook, a Google, a Apple, right, or LinkedIn, right In this.

Speaker:

Whatever company it is.

Speaker:

Um, but I was reading another article on bleeping computer where they mentioned it

Speaker:

may not have been a data breach where the provider was, uh, breached, but it might

Speaker:

be like an info stealer where someone had installed something on the user's laptop

Speaker:

and had stolen credentials that way.

Speaker:

And so I just wanna get your thoughts on that,

Speaker:

Sure.

Speaker:

it's like 16 billion passwords.

Speaker:

That seems like a lot.

Speaker:

I don't, I don't have the book here on my desk, but there's a

Speaker:

good book, uh, written by Sean tma.

Speaker:

He's a, he's an attorney, specializes in in, in cyber and, and incident response.

Speaker:

And his book is about the need for general counsel

Speaker:

uh.

Speaker:

It leadership to have a good relationship.

Speaker:

And one of those, one of the things he speaks about in his book, and

Speaker:

something I harp on a lot is what is the definition of an event?

Speaker:

An incident and a breach?

Speaker:

Because those may be different to different organizations, but they are the

Speaker:

same among insurance companies, law firms, you know, when it gets to litigation.

Speaker:

So if you use the term incident when really it's not, you've,

Speaker:

you've got that communicated out.

Speaker:

As an incident that can be used against you?

Speaker:

In your, in your example, uh, uh, a laptop was compromised with, uh, we,

Speaker:

we call it a credential harvester.

Speaker:

Uh, so its objective was to, to, to identify and exfiltrate

Speaker:

login, pa login IDs and passwords.

Speaker:

Mm-hmm.

Speaker:

so thinking, uh, or, or the thought perspective that.

Speaker:

Uh, that approach was not a data breach or a breach, and I think there's,

Speaker:

there's two different, there's a data breach and a normal breach.

Speaker:

There was a breach that allowed this malware to get on a computer, and

Speaker:

then that resulted in a data breach.

Speaker:

And even then, there's definitions there.

Speaker:

So is the, is the theft or collection of credentials really a data breach,

Speaker:

or is your data breach defined as client data or financial data or

Speaker:

So,

Speaker:

data?

Speaker:

And who's

Speaker:

Well, let me,

Speaker:

Oh, sorry,

Speaker:

well, let, let me follow on that, Mike.

Speaker:

So, so really it wasn't a breach, it was millions of little breaches.

Speaker:

Right?

Speaker:

So you're saying that in this case the breach was the, the end user's laptop.

Speaker:

Right.

Speaker:

And then this info stealer grabs all the passwords that, that, um, user

Speaker:

happens to, uh, interact with during the time that that malware is present.

Speaker:

Right.

Speaker:

Um, and so what I, I think what Prasanna was saying is it wasn't a breach

Speaker:

of Google or a breach of Facebook.

Speaker:

It was a breach of these individual people, uh, you know, and then

Speaker:

their, their information was stolen.

Speaker:

Is that, uh,

Speaker:

and, and,

Speaker:

go ahead.

Speaker:

a, that's a good, um, uh, a good of, of that situation.

Speaker:

But if, if we, if we bring it up a level.

Speaker:

Mm-hmm.

Speaker:

bad guys aren't gonna think, oh, we need to compromise 8 million

Speaker:

people to get the passwords we need.

Speaker:

They're gonna

Speaker:

Mm-hmm.

Speaker:

what do 8 million people generally use?

Speaker:

Well, they use third party apps on their phones.

Speaker:

They use, uh, cloud, cloud services, they use public wifi, so they're

Speaker:

gonna strategize about the lowest effort to get the most return.

Speaker:

so compromising 8 million people is not low effort, so they're gonna.

Speaker:

Think of what, what is the most common denominator and

Speaker:

let's go attack that thing.

Speaker:

'cause that thing

Speaker:

Okay.

Speaker:

a million user credentials.

Speaker:

And then let's take the example of a, a, a password vault.

Speaker:

I don't have to hack

Speaker:

Right.

Speaker:

If I hack the, the password vault that a million users are using, I

Speaker:

don't just get a million credentials.

Speaker:

I get.

Speaker:

you know, one to many credentials per user that's using the password vault.

Speaker:

So

Speaker:

Right.

Speaker:

And that's what happened in the prior biggest breach in history is bad guys

Speaker:

went after all these third party apps that, that are seemingly, you know,

Speaker:

not a big deal, uh, that don't have the robust security that you know more the.

Speaker:

Um, you know, leading, leading apps like Facebook or Google would have, they

Speaker:

don't have the, the robust security.

Speaker:

They're just a, a mobile app that was maybe designed with best practice,

Speaker:

but not, you know, good cyber, you know, maturity or, or what have you.

Speaker:

So they, they, they attack these third party apps and sure, maybe I'm only

Speaker:

gonna get Curtis's one credential.

Speaker:

But I know human nature that Curtis's One credential in this third party app

Speaker:

is the same password that he uses for his bank or his business, and what they

Speaker:

found in that prior breach Was, even though it was a third party app, people

Speaker:

with.gov.edu dot mill, they were using that email address and those credentials

Speaker:

to sign up for that third party app.

Speaker:

So now I have

Speaker:

Mm.

Speaker:

work account because you use those credentials and 'cause

Speaker:

we're lazy humans and bad

Speaker:

Right.

Speaker:

So in this case, I think it was a combination of info stealers.

Speaker:

So whether that's just embedded malware and stuff we download like.

Speaker:

You know, pirated movies or software or templates for PowerPoint

Speaker:

or you know, whatever it is.

Speaker:

So there's that, but that's the.

Speaker:

the, probably the smallest percent of, uh, compromised data.

Speaker:

But then they're gonna go after, um, you know, these, these other data sets.

Speaker:

And so that dataset could be at a, a third party app.

Speaker:

It could be at a cloud service, it could be anywhere, because that's

Speaker:

the, you know, that's throwing the, that's throwing the net instead of,

Speaker:

you know, the single fish in line.

Speaker:

and then, you know, there's no honor among thieves.

Speaker:

You know, they'll steal from each other also.

Speaker:

Uh, but they also, they also

Speaker:

Hmm.

Speaker:

with each other, so.

Speaker:

Um, I don't know if you've ever seen some of the, the, the kind of funny commercials

Speaker:

where there's two people that, that are selling something right next to each other

Speaker:

and one has four melons for, you know, $4 a piece, and the other one has six

Speaker:

melons for, you know, three 50 a piece.

Speaker:

And the

Speaker:

Mm-hmm.

Speaker:

aren't selling.

Speaker:

So he makes an offer to the guy with six, and the guy with six

Speaker:

says, I'll pay you $2 a melon.

Speaker:

And then he has those melons and raises his price to $5.

Speaker:

Right.

Speaker:

So that's, that's normal business.

Speaker:

Well,

Speaker:

Yeah.

Speaker:

doing that too.

Speaker:

So I can, I can get a million credentials and you have 250,000.

Speaker:

I'll give you something for your two 50 because 1.2 million is

Speaker:

more valuable than my million.

Speaker:

And

Speaker:

Hmm.

Speaker:

deals like that.

Speaker:

And there are, they're, I mean, data brokers is a job, uh, that bad

Speaker:

Right.

Speaker:

uh, so.

Speaker:

Collection, brokering, selling, uh, uh, using, uh, those credentials.

Speaker:

Those are all different, uh, parts of the, the bad guy ecosystem.

Speaker:

And so this, this biggest breach is probably a collection

Speaker:

of a lot of different things.

Speaker:

Yeah, and especially if you could start linking together different

Speaker:

pieces of data from different websites or different aspects, like maybe

Speaker:

one breach has addresses and email addresses, another has like email

Speaker:

addresses and social security numbers, or emails and logging credentials.

Speaker:

And so now you're able to piece together, basically you're

Speaker:

building the user's profile.

Speaker:

Well, and, and to make it even kinda worse, scarier, uh, it, um, you know,

Speaker:

now let's, let's involve ai and so I can give AI this data set and tell

Speaker:

it to go out to the world of things.

Speaker:

Just everything that has a login portal, try all these credentials.

Speaker:

And so

Speaker:

Hmm.

Speaker:

and, and if I have five of Curtis's credentials.

Speaker:

The AI's gonna try every combination of all those five things on this one

Speaker:

portal, and it's gonna do that in an automated, um, you know, hands-off

Speaker:

fashion that bad guys are just gonna, you know, they, that that's when

Speaker:

they're gonna take a, a, a longest vacation they've, they've ever had.

Speaker:

But, um, so they're gonna try all of those, those all these credentials

Speaker:

on that next data set that may have more credentials for that one user.

Speaker:

so this is just gonna grow now that they have.

Speaker:

A library of credentials.

Speaker:

They can, they can try on any number of things.

Speaker:

Um, so what.

Speaker:

Man, so many, so many questions.

Speaker:

So in the, that article that I was looking at, they mentioned that some of the data

Speaker:

sets appear to have, uh, session IDs and, uh, you know, handshake credentials.

Speaker:

I think that's the right term.

Speaker:

Um, what, what does that tell you in terms of, does that tell

Speaker:

you anything in terms of how that particular data was, was taken?

Speaker:

there's two ways of collecting that kind of data.

Speaker:

One is from a browser.

Speaker:

Uh,

Speaker:

Mm-hmm.

Speaker:

was, uh, either infected or you concurrently or coincidentally, uh,

Speaker:

went to an infected website while you were logged into something.

Speaker:

and so

Speaker:

Hmm.

Speaker:

I'll, I'll, I'll give some, some kind of ps, you know, public service.

Speaker:

Uh, at this point, if you're logging into something sensitive like your bank

Speaker:

or your retirement fund, or your health

Speaker:

Mm-hmm.

Speaker:

or your health records, don't do anything else while you're doing that, right?

Speaker:

So open a browser window fresh with that one tab.

Speaker:

Log into that thing.

Speaker:

don't open any other browsers or, or windows in, or tabs in that

Speaker:

browser while you're doing that.

Speaker:

And when you log off and do, click the log off, that's gonna send the

Speaker:

end session note, uh, notice to the, to wherever you're logged in, and

Speaker:

then close that browser and reopen it again to do something else.

Speaker:

So that is going to completely end your session with that, whatever that.

Speaker:

That, uh, activity was, and if

Speaker:

So as, okay, go ahead.

Speaker:

I was just gonna say, if you don't, if you don't follow those

Speaker:

guidelines, you could end up on a bad website or, uh, have a bad plugin.

Speaker:

'cause there there are, there is such a thing, a, a, a malicious plugin and they

Speaker:

can steal not only your session, but also your multifactor authentication token.

Speaker:

They can

Speaker:

Right.

Speaker:

that through the browser.

Speaker:

it to replay your, your authentication to that site while

Speaker:

the session is still active.

Speaker:

And that's what's important about logging off and closing your browser.

Speaker:

Okay.

Speaker:

Okay.

Speaker:

So that, so those two pieces of information are only

Speaker:

valuable at that moment.

Speaker:

Um, uh, but, but as long as that session is active, they could take that data

Speaker:

and then basically pretend to be you.

Speaker:

Yep.

Speaker:

And the other way to do

Speaker:

Okay.

Speaker:

they've got, if they've compromised your, your whole computer, then that stuff

Speaker:

Yeah.

Speaker:

cached in memory and temporary internet files and yeah,

Speaker:

Yeah, so, so let me make sure I understand.

Speaker:

As a person who's currently sitting here with, I don't know,

Speaker:

57 tabs on his browser, um,

Speaker:

Bad

Speaker:

is this, thank you.

Speaker:

Uh, I, I'm, I'm just learning this now.

Speaker:

Um, so I mean, you know, I'm doing a, a lot of the other

Speaker:

things that are good Right.

Speaker:

You know, from a obviously password manager and, and, and I do.

Speaker:

Um, uh, but my question is, when you talked about that, so like right now

Speaker:

I have a separate browser, uh, session that is, um, that being used for

Speaker:

this and it's not part of the, the, the cluster o tabs over over there.

Speaker:

I, is that what you're talking about, like, or is it, does it need to

Speaker:

be like, do, do, does that window with all my other tabs, does that

Speaker:

need to be completely shut down?

Speaker:

Are you just talking about inside this little session right here that, because

Speaker:

I have like three tabs on this session.

Speaker:

browser, like edge, even if you

Speaker:

Yeah,

Speaker:

tab out into its own window, it's still part

Speaker:

it's still the same.

Speaker:

Yeah.

Speaker:

Okay.

Speaker:

Well that's not the answer I was looking for, Mike.

Speaker:

So thanks.

Speaker:

so

Speaker:

Um,

Speaker:

do, so my, and, and this is what I do because I log into so many

Speaker:

Microsoft environments, I can't, I

Speaker:

um.

Speaker:

you know, my Black Swan account plus the, the colleges I

Speaker:

teach at plus the nonprofit.

Speaker:

I can't log into all three of those or more of those, uh uh, Microsoft

Speaker:

accounts in the same browser.

Speaker:

it's gonna, it, it logs me out of the other if I log into to one of these.

Speaker:

So I have to have different, so I use, I use all of them.

Speaker:

I use Firefox, Chrome, and, and so I'm, I'm

Speaker:

So you go between them.

Speaker:

can you

Speaker:

Interesting.

Speaker:

just use incognito when

Speaker:

You could,

Speaker:

using

Speaker:

however, uh, incognito or the in private browsing doesn't, doesn't, um,

Speaker:

cookie?

Speaker:

has an issue with maintaining your session between, like, you can log

Speaker:

into web mail, but if, if, uh, like oh 365, but then if you want to go

Speaker:

to SharePoint, it, it has an issue.

Speaker:

Or Teams, teams doesn't work in an in

Speaker:

Uh.

Speaker:

uh, browser.

Speaker:

So there's some

Speaker:

Also my password manager, which is browser based, um, doesn't work in incognito.

Speaker:

problem.

Speaker:

People even, even even in, in, uh, acceptable use in company policy that

Speaker:

says, don't, uh, you know, don't auto save or autofill, but then you get this

Speaker:

browser that keeps wanting you to do that.

Speaker:

And so at

Speaker:

Yes.

Speaker:

people are gonna go, fine, stop asking me.

Speaker:

Just do it.

Speaker:

And now we've got credentials saved in browsers.

Speaker:

And that's the other thing too, with multifactor authentication.

Speaker:

If you log into O 365 and Edge.

Speaker:

And it goes, Hey, uh, you know, you've logged in good.

Speaker:

I sent you a code to your phone or, or your, or your, uh, your

Speaker:

MFA app, and you enter that code.

Speaker:

A lot of people check that box that says, remember me so I

Speaker:

don't have to do this again.

Speaker:

Well, guess what?

Speaker:

That MFA token is now stored in your browser bad guys can steal that.

Speaker:

Yeah.

Speaker:

Hmm.

Speaker:

True, true.

Speaker:

Like effective MFA requires that you do MFA every single time.

Speaker:

Every ti.

Speaker:

Every time.

Speaker:

Yeah.

Speaker:

So.

Speaker:

So going back to the breach, right?

Speaker:

So there are a bunch of passwords, right?

Speaker:

And you mentioned Mike, that hey, you might be reusing your password

Speaker:

across multiple accounts and all the rest, so now it's available.

Speaker:

What about for those who say like Curtis, who says, Hey,

Speaker:

I'm using a password manager.

Speaker:

I don't need to worry about this breach because I have a password manager

Speaker:

that's auto generating passwords.

Speaker:

I'm not using it across multiple sites.

Speaker:

this something that they still need to worry about?

Speaker:

they do because you don't know what was, what was taken.

Speaker:

back to the, the session.

Speaker:

So if, if I logged in today with a password and I did not log out,

Speaker:

but at some point it, it maybe, I, I read this article and I think

Speaker:

I need to change that password.

Speaker:

And so I used my phone 'cause I read this on, you know, at the airport,

Speaker:

uh, I used my phone to change my password, but my computer at home

Speaker:

is still logged in with the old one.

Speaker:

Them.

Speaker:

So I still have an active session with the old password.

Speaker:

So depending on what bad guys took, was it the session?

Speaker:

You know, all the session information, you know, was it the old pass?

Speaker:

Whatever it is, they still may have access if you did not log off, close

Speaker:

your browser, you know, all those, all those things, uh, it's still possible.

Speaker:

Hmm,

Speaker:

So Curtis,

Speaker:

I am really not liking this recording, Mike.

Speaker:

This is not one of my favorite, uh, sessions.

Speaker:

it's a constant, it's a, historic battle, you know, uh, fabled tale, you

Speaker:

know, however you wanna say it, the, the battle between convenience and security.

Speaker:

Uh, I

Speaker:

Right, right.

Speaker:

that's why convenience stores get robbed, right?

Speaker:

They're convenient, they're too convenient, so.

Speaker:

The, if they're open 24 7, the door's not locked.

Speaker:

There's one person in there.

Speaker:

It's too convenient.

Speaker:

Uh, you have to find the balance, and the industry is still catering to the

Speaker:

convenience more than the security.

Speaker:

So the

Speaker:

Mm.

Speaker:

says, oh, we need multifactor, but then what we get is, well, you can just save

Speaker:

that so you don't have to do it again.

Speaker:

And then we get

Speaker:

Right.

Speaker:

do you wanna maintain the session?

Speaker:

Do you want me to remember you?

Speaker:

Do you All these things that just make life easier for us as consumers and

Speaker:

users that are still catering to the bad guy's ability to, to compromise us

Speaker:

Having 50 tabs open that shouldn't allow that.

Speaker:

um, uh.

Speaker:

It's not 50, it's like 47.

Speaker:

But, um, I'm working on the book, Mike, like I got stuff going on.

Speaker:

Um, but I wanna say, I, I do wanna say that it's not just, you know, like.

Speaker:

So, so there's a lot of people I think like me that are trying

Speaker:

to do the right thing, but, but aren't doing all the right things.

Speaker:

Right?

Speaker:

So it sounds like I, I need to add a new right thing, which is to stop

Speaker:

doing this, but it, it, look, I, I'm, I'm just trying to figure out like

Speaker:

how that changes my workflow because a lot of the reasons that I often have

Speaker:

a bunch of tabs open is 'cause, so I don't have to remember which ones.

Speaker:

You know, where I have the 57 different articles or whatever.

Speaker:

Right.

Speaker:

Um, wow.

Speaker:

The number just went up to 57.

Speaker:

But I do think that if that's interesting about the saving of the, the saving

Speaker:

of the account, um, I. Uh, but I do think that password management

Speaker:

plus MFA is a big deal, right?

Speaker:

Um, those two things I think MFA is, is good, MFA, right?

Speaker:

Not, not using your, your phone.

Speaker:

Um, and that, um.

Speaker:

And having a, and not just using a password manager to putting in

Speaker:

the biggest password that you can.

Speaker:

Right.

Speaker:

So to, to lower the chance of guessing.

Speaker:

Uh, but I do think those two things together with MFA reduces your,

Speaker:

your chances of, of being in touch.

Speaker:

Even if they got the, the username and password, uh, they

Speaker:

wouldn't necessarily be able to.

Speaker:

Breach your account if you have MFA enabled.

Speaker:

If you don't have the thing you were just talking about, about the

Speaker:

stealing it from the browser, which is a little disconcerting, but

Speaker:

Well in the.

Speaker:

what do you, what do you think about that comment?

Speaker:

I.

Speaker:

So there, there's, there's pieces to, to, to good cyber, uh, diligence.

Speaker:

There's the, the thought, so I want to do this.

Speaker:

There's the application of that and, and the, the good,

Speaker:

the good application of that.

Speaker:

Well, then there's, it doesn't matter how good you are, it's

Speaker:

gonna happen at eventually, right?

Speaker:

So you, you can have the best setup ever.

Speaker:

Bad guys really want what you have.

Speaker:

They're, they're gonna get it.

Speaker:

So the, the

Speaker:

That's kind of the, that's kind of the point of, that's kind of

Speaker:

the point our, of our book, right?

Speaker:

We're basically, we're going from an assumed breach.

Speaker:

You're going to get

Speaker:

mm-hmm.

Speaker:

so you need to set up the, you know, you need to set yourself

Speaker:

up to be able to respond to it.

Speaker:

Anyway, go ahead.

Speaker:

And absolutely so that, all right, so I think I'm doing everything right and

Speaker:

then this biggest Breach Ever article comes out, how do I know if I, I'm

Speaker:

compromised and what can I do if I am?

Speaker:

Uh, how would I know?

Speaker:

And so that alerting is, uh, is important.

Speaker:

So I always get, I, I've set up as many accounts as I can to tell

Speaker:

me when weird stuff happens or if just unexpected things happen.

Speaker:

Like on my bank account, anything over a dollar in or out, I get a text message.

Speaker:

Mm.

Speaker:

I know I I, and, and it happens instantly when I'm at the store or buying.

Speaker:

I used to buy gas, uh, or a car wash, uh, I'd get a text message,

Speaker:

right then you spent this, or a deposit or a wire or whatever.

Speaker:

At least I know, and I have a transaction log there, so immediately, and I do

Speaker:

not, um, you know, you, you wanna do it smartly, so you're not over.

Speaker:

You know, you, you don't become, um.

Speaker:

Uh,

Speaker:

Fatigued.

Speaker:

fatigued by it.

Speaker:

You're right.

Speaker:

You, you

Speaker:

Yeah.

Speaker:

at it every time it happens.

Speaker:

Alright, well you can do the same thing with a lot of your logins.

Speaker:

Like with Google, it'll tell you when a new device connects to your account.

Speaker:

Uh,

Speaker:

Right.

Speaker:

uh, same with LinkedIn.

Speaker:

And LinkedIn did something, uh, new recently where even if I'm logged

Speaker:

in, in one tab, if I open a new tab, it has the security feature to make

Speaker:

sure I'm not a robot or something.

Speaker:

Hmm.

Speaker:

I've

Speaker:

Mm-hmm.

Speaker:

That's just happened in the last week or so.

Speaker:

but for as many of your accounts as possible, definitely turn on MFA.

Speaker:

Definitely turn on any kind of logging, especially your financial accounts,

Speaker:

uh, and alerting, uh, and set those thresholds low so that you're, I mean, $25

Speaker:

is still a lot of money to some people.

Speaker:

I've set mine at $1.

Speaker:

same with your, your credit cards.

Speaker:

Uh, all those things.

Speaker:

Just look at what you have and the capabilities of alerting you, uh, and,

Speaker:

uh, auditing or logging in that stuff and use 'em to the extent possible.

Speaker:

Alright, well then.

Speaker:

So now you're breached.

Speaker:

What do you do?

Speaker:

I've asked so many people, you know, cyber, cyber isn't relatable to a lot of

Speaker:

people, so I, I bring it back to identity.

Speaker:

What would you do today if you learned your identity was stolen?

Speaker:

I have no idea what's gonna happen.

Speaker:

So you might wanna look into that the timeliness, just like

Speaker:

in cyber, fast and effective you respond makes a huge difference.

Speaker:

So, if you get an alert today that your identity's stolen and it's

Speaker:

Friday at, you know, Friday morning.

Speaker:

Are you gonna spend the rest of your Friday dealing with that?

Speaker:

Or you're like, I'll deal with it after work.

Speaker:

I've got too much to do today, or I don't, I have no idea.

Speaker:

So I've gotta call somebody and wait for them to call me back.

Speaker:

Well, that's time that bad guys are now opening accounts and doing a

Speaker:

bunch of fraud, and who knows what I.

Speaker:

I,

Speaker:

Interesting.

Speaker:

it's very uncomfortable talking to you, Mike,

Speaker:

So

Speaker:

like, I don't know.

Speaker:

I don't know what I would do right now if, if I got that, if I got that alert.

Speaker:

Right.

Speaker:

Um, I mean, the good news is like, so one of the things I do Prasannally, you

Speaker:

know, when you talk about like, identity stuff, one of the things I have is like, I

Speaker:

have all my credit reports locked, right?

Speaker:

Or frozen, right?

Speaker:

Because fro free freezing, I dunno what the difference is between freezing

Speaker:

and locking, but freezing is free.

Speaker:

And, um, you know, I've got them all frozen.

Speaker:

Uh, and so, so that at least I've got, I, I've got a relatively decent.

Speaker:

Uh, belief that they're not gonna go and open, um, random accounts in my name.

Speaker:

But, um, anyway, prana, you were, you were about to say something.

Speaker:

two questions, Mike.

Speaker:

the first is with this password breach, I, when you look through it, right, a

Speaker:

lot of it is like login and password.

Speaker:

I know one of the things you mentioned is, hey, if you had

Speaker:

logged in with your E or used your email address as your login, right?

Speaker:

Then they might try that same combination across multiple different

Speaker:

websites and other things like that.

Speaker:

Um.

Speaker:

One of the things that I started doing recently is I don't use the

Speaker:

same username across all my sites.

Speaker:

Just like you don't use the same password, why is there even a

Speaker:

need to use the same username?

Speaker:

And it bugs me when websites don't allow you to use something

Speaker:

other than email address.

Speaker:

Well,

Speaker:

Hmm.

Speaker:

cool, what's cool is if you use a Google email address or Gmail.

Speaker:

A lot of people don't know this.

Speaker:

so let's just say my, my as an example, let's say my, my Google,

Speaker:

my Gmail is Mike at gmail.

Speaker:

And I want to create an account with Facebook.

Speaker:

I can do Mike Facebook at Gmail,

Speaker:

Hmm.

Speaker:

and I still get the email to Mike at gmail.

Speaker:

Gmail allows you to do that.

Speaker:

That, uh, I don't know, I don't know what to call it.

Speaker:

That, that add-on, that extension to your primary username, which does two things.

Speaker:

It allows you to use different.

Speaker:

Credentials, uh, with your Gmail account, but it also allows you

Speaker:

to know if that account ever sold your information to a third party.

Speaker:

So now

Speaker:

Right.

Speaker:

unsolicited spam using that email.

Speaker:

You're like, yep, that's where that came from.

Speaker:

And you can shut that

Speaker:

What,

Speaker:

Just a

Speaker:

what?

Speaker:

But, so

Speaker:

oh, sorry, Curtis, before you,

Speaker:

go ahead.

Speaker:

a quick question, Mike.

Speaker:

Is it a dot or a plus?

Speaker:

Because I've seen the Plus.

Speaker:

I haven't seen

Speaker:

Hmm.

Speaker:

So

Speaker:

Maybe it is.

Speaker:

Maybe it is a plus.

Speaker:

Okay.

Speaker:

But don't the bad guys.

Speaker:

Just know that and just take the plus off.

Speaker:

They could, but they're lazy.

Speaker:

So they're gonna out,

Speaker:

Oh, okay.

Speaker:

out of these

Speaker:

This is like the, this is like the bike lock theory, right?

Speaker:

Just make it a little bit harder than the other guy.

Speaker:

Right.

Speaker:

Okay.

Speaker:

so,

Speaker:

Okay.

Speaker:

I.

Speaker:

my first question, and the second question I had is, I know you also talked about

Speaker:

session tokens and being able to steal it in the web browser, and nowadays

Speaker:

there's a lot of push on pass keys.

Speaker:

Do pass keys change any of what we're seeing today in terms of these breaches,

Speaker:

uh, from like info stealers or things happening in the web browser, et cetera?

Speaker:

They, they do currently, you know, back in the day, if you remember back in

Speaker:

the day when we had the RSA token, so if you wanted a remote access in, you

Speaker:

had to have this little dongle and you push a button and it tells you a code.

Speaker:

Well, that's all math based and that's what sessions and all

Speaker:

these tokens, it's all math based.

Speaker:

And even MFA to a degree, when you have to enter a code, that's all math.

Speaker:

Because how in the world would the, the place I'm logging into know

Speaker:

that the code that I got out of this third party app is, it's all math.

Speaker:

Right?

Speaker:

and so currently, and, and we'll back it up a bit.

Speaker:

So the, the different factors of multifactor is what you have,

Speaker:

what you know, and what you are.

Speaker:

So biometrics is what you are, and even where you are now, GPS, uh, so

Speaker:

biometrics, face, eyes, fingerprints, what you know is your credentials.

Speaker:

What you have would be a dongle, like a pass key, uh, like an UBI

Speaker:

key or an, is it ubi, Obi, UBI Key,

Speaker:

Ubi.

Speaker:

uh, and then where you are.

Speaker:

So I can only log in with what I know, what I have, and.

Speaker:

Where I am, like I can't log in from the Middle East if I have that

Speaker:

configured and, and if, if it's not configurable, then you can alert on it.

Speaker:

'cause a lot of those geo ips.

Speaker:

But then if bad guys know that, that, but again, back to 8 million, they're

Speaker:

not gonna know to try, you know, I'll go to VP n into Dallas, Texas to make

Speaker:

sure I can log into Mike's account.

Speaker:

They don't know that that's an evolution of their attack and that's not gonna

Speaker:

They know it now.

Speaker:

That's, yeah,

Speaker:

They know it now.

Speaker:

I, I do know that I, I, I give out misinformation from time to time.

Speaker:

Uh, I, I've played this game, uh, but yes, what you have like a USB

Speaker:

and, and, and, and there's actually a USB, uh, called an iron key.

Speaker:

Uh, that's pretty, pretty legit.

Speaker:

It's military grade.

Speaker:

If you pry it open to try to get the data itself destructs, it's

Speaker:

kind of mission impossible stuff.

Speaker:

it's not only a storage USB, it's also a password manager and a pass key.

Speaker:

And so to your point, if even if I knew my credentials and I had MFA, it's still

Speaker:

wouldn't let me authenticate if I didn't have that plugged into my computer.

Speaker:

To, to get that, that

Speaker:

Hmm.

Speaker:

bit of math, uh, from the pass key to, to add to it.

Speaker:

Gotcha.

Speaker:

Hmm.

Speaker:

it looks like pass keys would be secure from the sort of data

Speaker:

breach that we just saw, or the

Speaker:

If your computer's not compromised,

Speaker:

Okay, so let's say your computer was compromised and

Speaker:

someone stole your pass key.

Speaker:

It somehow figured out how to steal

Speaker:

so the way,

Speaker:

let's say.

Speaker:

that would work, all that authentication happens before your session.

Speaker:

Mm-hmm.

Speaker:

Right.

Speaker:

So once I'm fully authenticated with however many factors of

Speaker:

multifactor I've used, I now have a session and a session key,

Speaker:

Mm.

Speaker:

And a token.

Speaker:

So if my computer's compromised, the bad guy just has to wait until

Speaker:

you've finished authenticating, and now I can steal that and use it

Speaker:

Gotcha.

Speaker:

unless you're

Speaker:

Yeah, if your computer's compromised it, it seems like all bets are off, right?

Speaker:

My thing with, so far, I've been trying to use PAs keys where I can.

Speaker:

My thing has been that, um, the, the vendor, you know, the

Speaker:

website, um, their implementation of PAs keys has been very varied,

Speaker:

back to the

Speaker:

right?

Speaker:

They, they've gotta cater to the lowest common denominator.

Speaker:

Yeah.

Speaker:

And, and the, the one that, the one that, um, is the least helpful.

Speaker:

And, and again, it's that, that the, um, the convenience

Speaker:

versus security into it, right?

Speaker:

Which I use quite a bit, right?

Speaker:

I use, I use QuickBooks and I use, uh, TurboTax.

Speaker:

Um, the way they implemented Passkey is that every, if, if

Speaker:

I, if I choose to use a passkey.

Speaker:

It requires me to, and again, I, I use Dashlane, right?

Speaker:

And, um, Dashlane doesn't do this elsewhere.

Speaker:

When I go to put in the pass key, it requires me to enter my Dashlane password,

Speaker:

which is something I normally don't enter every single time because I, you

Speaker:

know, again, convenience for, right.

Speaker:

Um, and, um.

Speaker:

It's just, it's a really long password.

Speaker:

Uh, whereas others, it's like, if I'm at this computer with this login,

Speaker:

you know, um, I'm not sure, I'm not sure how it all works on behind

Speaker:

the scenes, but anyway, I dunno.

Speaker:

Got, I hope that part just doesn't make me sound.

Speaker:

versus

Speaker:

It's that convenience.

Speaker:

Yeah.

Speaker:

Yeah.

Speaker:

Um, it's just like with, with the password manager, uh, I deliberately

Speaker:

made a, like a very long.

Speaker:

Password.

Speaker:

It's a very long password, but it's an easy password for me to remember, but it's

Speaker:

quite a bit to type if I have to type it every single time, you know what I mean?

Speaker:

Um, anyway, um,

Speaker:

back to

Speaker:

yeah.

Speaker:

earlier about your 50 tabs,

Speaker:

Yeah.

Speaker:

and not wanting to remember.

Speaker:

You know, or forget how to get to an article or something.

Speaker:

Uh, create a, a text file or a notepad on your desktop and just put all those

Speaker:

URLs in there and they're clickable.

Speaker:

Um,

Speaker:

Yeah.

Speaker:

and, and that way you can just go back and forth.

Speaker:

We do that a lot when we do security assessments.

Speaker:

'cause you go from one, one host or, or one, uh, target to the next.

Speaker:

And you want to keep notes, uh, without

Speaker:

Mm-hmm.

Speaker:

open because tabs consume resources.

Speaker:

If you look at your task manager right now.

Speaker:

Uh, whatever browser you using, it's probably at like 700.

Speaker:

Uh, gig of

Speaker:

That's why I have 47 gigabytes of Ram.

Speaker:

Um,

Speaker:

you

Speaker:

Mike, um.

Speaker:

You've, you've addressed the convenience part all.

Speaker:

Um, uh, all right, so what would you given, given this thing has happened?

Speaker:

Um, you know, other than the usual of, you know, password manager and MFA and,

Speaker:

uh, and I like this and, and honestly, I, I don't know how, I didn't know

Speaker:

this before, the whole browser thing, and I'm definitely gonna rethink that.

Speaker:

I think for me, what I'm gonna do is I'm going to switch to a different.

Speaker:

Browser, like a different product.

Speaker:

I, you know, I pretty much stay in the same browser all the time, but

Speaker:

I'm thinking that for things that are dangerous, like bank stuff, right?

Speaker:

I'm thinking about using a completely different browser product.

Speaker:

One that is supported by my password manager, which it

Speaker:

supports like the top five, right?

Speaker:

Um, and.

Speaker:

Uh, and when I'm doing bank stuff, that kind of stuff, I go there and use that and

Speaker:

then do the things and then that minimizes the, I'm not, I'm not sure how good I'm

Speaker:

gonna be at closing all my 57 tabs, um, because you know, when you, what's that?

Speaker:

Ease into it.

Speaker:

He said, so make it 47 tenths.

Speaker:

Um.

Speaker:

tomorrow, 38 next week.

Speaker:

30

Speaker:

Yeah.

Speaker:

You sound like, uh, back when my, um, when my doctor was trying to get me

Speaker:

to give up, uh, sodas, she's like, you know, 'cause I was, I was, I

Speaker:

was, at one time I was drinking like, like 2, 2 6 packs of sodas a day.

Speaker:

That's a lot.

Speaker:

And there were diet sodas, but it, but it was, it was causing, uh.

Speaker:

Yeah,

Speaker:

Yeah.

Speaker:

Yeah.

Speaker:

Um, and, um, uh, well, it wasn't, it was the, it was just the sparkling

Speaker:

water stuff, but what it was, was it was causing me, uh, it was

Speaker:

causing me, uh, shut up prassana.

Speaker:

I didn't ask you.

Speaker:

Um, it was causing, uh, digestive issues.

Speaker:

Yeah, yeah, yeah, yeah.

Speaker:

Anyway, she's like, you know, you don't have to go to zero, you know, you

Speaker:

can go to like 10 and then, you know.

Speaker:

Yeah.

Speaker:

Anyway.

Speaker:

Anyway, uh, okay, so.

Speaker:

I like that.

Speaker:

What about, you know, h how concerned should people at this

Speaker:

point, should they go out and like change a bunch of passwords?

Speaker:

That's what, that's, you know,

Speaker:

It's probably something they need to do anyway 'cause they're using, they haven't

Speaker:

done it and who knows, maybe never.

Speaker:

Uh, but

Speaker:

I.

Speaker:

to think about and, and, and you know, like for me, I've got dozens of accounts,

Speaker:

so, which I don't have time to do that.

Speaker:

Well, if you don't have time to do all of them, focus on the important ones.

Speaker:

Your bank.

Speaker:

Your primary email accounts, uh, all your, all your financial health, you

Speaker:

know, Prasannal record stuff, change those, but then uh, or, or at least

Speaker:

put some thought to, do you have like password recovery accounts?

Speaker:

So, you know, Mike at Gmail is the one I use every day, but if I,

Speaker:

if I get locked outta my Facebook account or someone compromises

Speaker:

it, or I can't remember the email.

Speaker:

A lot of times that password reset does not come to the email

Speaker:

account that you use to set it up.

Speaker:

It comes to, you have to create some other accounts,

Speaker:

Right.

Speaker:

your, your spouse or you know, some, you know, Mike too at Yahoo or

Speaker:

Yeah.

Speaker:

Uh, so, and, and those are accounts that people have forgotten about,

Speaker:

you know, years ago also, that, you know, I've never had to do that and

Speaker:

it's just outta sight outta mind.

Speaker:

So you've gotta remember that too, because.

Speaker:

you, if if bad guys have your Facebook account today and you change the

Speaker:

password, and they go, well, oh, I'm gonna, I'm gonna try to for, you know,

Speaker:

do the, I forgot my password because I've also got the credentials to

Speaker:

your Yahoo and your Gmail, and if you didn't change those, then I've got the

Speaker:

link to reset your Facebook account.

Speaker:

Uh,

Speaker:

Yeah, I like that.

Speaker:

that.

Speaker:

And

Speaker:

I like that.

Speaker:

Yeah.

Speaker:

For me, by the way, it would be the Amazon, I gotta change my Amazon

Speaker:

password 'cause it, you know, I buy way too much stuff over there.

Speaker:

account.

Speaker:

And that's the other thing

Speaker:

Yeah,

Speaker:

Do not store your payment information.

Speaker:

That's just as

Speaker:

yeah,

Speaker:

as storing your.

Speaker:

yeah.

Speaker:

Your password.

Speaker:

So if, if someone got into my Amazon account, you could see my order history,

Speaker:

but you couldn't buy something new.

Speaker:

'cause I don't store my, my payment information

Speaker:

Right, right.

Speaker:

and, and I've entered my payment information enough that I've

Speaker:

got it memorized so I don't have to go look for my wallet.

Speaker:

I can just bang it out.

Speaker:

So the back to the browser though.

Speaker:

So using different browsers is, is great.

Speaker:

That's a great first step.

Speaker:

But also configure them well.

Speaker:

Do not store passwords.

Speaker:

Do not store payment

Speaker:

Yeah.

Speaker:

Uh, it would be difficult for a lot of people, but you can also

Speaker:

configure it so that it deletes all your session data and history.

Speaker:

Every time you close your browser.

Speaker:

Some

Speaker:

Hmm.

Speaker:

to just start typing and it remembers where you were.

Speaker:

Um.

Speaker:

That's not, you know, your history's probably not as important as

Speaker:

your session data, uh, but you can configure that to, to purge.

Speaker:

Uh, more often than never, I.

Speaker:

All right.

Speaker:

Interesting.

Speaker:

Well, I think you've given us enough to think about.

Speaker:

Um,

Speaker:

spending this weekend, uh, updating all of his, uh.

Speaker:

yeah.

Speaker:

I,

Speaker:

Procedures.

Speaker:

I, I, I do think I'm gonna go out and change a bunch of the, the, like you

Speaker:

said, the important data passwords.

Speaker:

Um,

Speaker:

um, you got me a little freaked out, but, uh, but like, you

Speaker:

know, there, well, whatever.

Speaker:

Anyway, I'm not gonna argue.

Speaker:

I know I'm in the wrong whatever.

Speaker:

Um, but, uh, so tha thanks again, Mike, for coming on.

Speaker:

I do what I can.

Speaker:

You'll, you'll, you'll lose all of your hair like me at some point.

Speaker:

And thank you again, Prasanna.

Speaker:

No thank you, although I don't know if this was necessarily how I wanted

Speaker:

to start my weekend, but it's okay.

Speaker:

I will be changing lots of passwords again.

Speaker:

Yeah.

Speaker:

Yeah.

Speaker:

Um, and uh, thanks to the listeners.

Speaker:

I hope we didn't depress you too much.

Speaker:

And also, uh, well in this case, this goes live Monday morning,

Speaker:

so hope we didn't ruin your week.

Speaker:

Um, that is a wrap.

Links

Chapters

Video

More from YouTube