The Passwords Are the Problem with Thierry Gagnon and Philippe Desmarais
Release Date: 10/18/2023
Easy Prey
Cybercriminals are accelerating their attacks in ways that weren’t possible a few years ago. Artificial intelligence is giving them the ability to spin up phishing campaigns, voice clones, and deepfakes in minutes instead of days. As a result, the gap between what’s genuine and what’s fake is closing fast, making it harder for both individuals and organizations to defend themselves. I’m thrilled to welcome Brett Winterford, Vice President of Okta Threat Intelligence. Brett has had a front row seat to these changes. His team analyzes identity-based attacks and delivers insights to help...
info_outlineEasy Prey
Trying to erase yourself from the internet sounds simple until you start counting up old accounts, scattered social media posts, and the hundreds of data brokers quietly collecting and selling your information. The reality is messy, and for most people, the idea of fully disappearing online is more myth than possibility. But there are practical steps you can take to cut down what’s out there and regain some control. My guest, Max Eddy, is a senior staff writer at Wirecutter who covers privacy, security, and software platforms. For one of his projects, he set out to see how much of his own...
info_outlineEasy Prey
Cyberattacks aren’t just about hackers in hoodies anymore. Today, we’re up against professionalized, well-funded organizations that run like businesses. They use AI to crack defenses, run labs that simulate the tools we rely on, and rake in trillions while defenders struggle to keep pace. The scary part? Even the strongest companies and governments can fall behind when the threat landscape moves this fast. My guest, Evan Powell, has spent nearly 30 years in the cybersecurity world. He’s the founder and CEO of Deep Tempo, and a serial entrepreneur who’s helped industries from cloud data...
info_outlineEasy Prey
Scams aren’t what they used to be. These days, AI can write perfect emails, mimic voices, and even fake a video call so well you’d swear you were talking to the real person. The problem is, the timing of a scam can be just right when you’re distracted, busy, or looking for exactly what they’re offering. That’s when even the most careful person can get caught. My guest, Ritesh Kotak, knows this world inside and out. He’s a cybersecurity analyst, an Ontario lawyer, and a tech innovator who’s worked with Fortune 500 companies and served in policing, where he helped start one of...
info_outlineEasy Prey
Privacy in the digital age has grown from a background concern into one of the defining issues of our time. What began with simple questions about online safety has expanded into a complex, global conversation about how artificial intelligence, biometric data, and massive data ecosystems are reshaping daily life. Pam Dixon has been at the center of these discussions for more than two decades. As the founder and executive director of the World Privacy Forum, she’s worked across the U.S., Europe, India, Africa, and beyond, advising governments, international organizations, and policymakers on...
info_outlineEasy Prey
Most of us think of scams as random or isolated or something that just happens to unlucky people. But what if the truth is far more organized, far more disturbing? Behind many of today’s scams is a global web of criminal enterprises, structured like corporations and fueled by technology, data, and billions of stolen dollars. In this episode, we sit down with Ken Westbrook. Ken spent over three decades in the CIA before retiring, only to return to the fight after his own mother was targeted and lost most of her life savings to a tech support scam. That moment changed everything. He founded...
info_outlineEasy Prey
It’s easy to think of fraud prevention as a technical problem with a software solution. But according to Brian Davis, effective fraud defense is just as much about people, trust, and communication as it is about tools and data. With over a decade of experience, Brian has built fraud teams from scratch, shaped company-wide strategy, and helped growing startups shift from reactive to proactive risk management. Brian is the Head of Fraud at Dodgeball, where he’s helping bring their orchestration platform to market, and the founder of House of Fraud, an invite-only community where top fraud...
info_outlineEasy Prey
Everyone’s talking about AI these days, especially in cybersecurity. Sure, artificial intelligence can boost your defenses, but cybercriminals have noticed too. Now they're crafting phishing emails so believable it’s scary and finding clever paths around spam filters while zeroing in on vulnerabilities you didn’t even realize were there. Today, Aviad Hasnis joins the show. He's the CTO of Cynet Security and spent years running cybersecurity missions for the Israeli Defense Forces. Aviad’s here to help us figure out what the changing threat landscape really means, whether...
info_outlineEasy Prey
Writers pour their hearts into their work, but unfortunately, that passion can make them prime targets for scams. From fake agents and vanity publishers to slick marketing schemes and social media impersonators, the tactics have only gotten more sophisticated over time. In this episode, we dig into the murky world of publishing scams and how they work and who they target. Along with why even experienced authors can get caught off guard. Today’s guest is Victoria Strauss. Victoria is the author of nine fantasy and historical novels for adults and teens, and she’s also the co-founder of...
info_outlineEasy Prey
What if your social media success was built on deception, and it was working? In today’s episode, we hear from someone who knows exactly how that happens. Tim O’Hearn is a former software engineer and the author of Framed: A Villain’s Perspective on Social Media, a book that pulls back the curtain on how follower factories, automation, and persuasive technologies have shaped the online world we now take for granted. Tim doesn’t just theorize, he built these systems himself. Tim walks us through how his small side gig growing Instagram accounts evolved into a lucrative business, one...
info_outlineWith the use of passwords, we’re hoping to ensure privacy and security, but sometimes it is at the expense of convenience. As technology changes and biometric databases become more utilized, we need to remember that they may also be hacked.
Today’s guests are Philippe Desmarais and Thierry Gagnon. Philippe is a tech entrepreneur who co-founded Kelvin Zero and currently serves as its CEO, overseeing the company’s strategic direction. He is also a member of the Next Generation Advisory Council at Rockefeller Capital Management. Before creating Kelvin Zero, Philippe played a significant role in various start-ups, focusing on data analytics for political campaigns, remote hardware device management, and cybersecurity.
Thierry Gagnon is co-founder and Chief Technology at Kelvin Zero. He is an expert in software development, malware analysis, cryptography, and reverse engineering. He has been actively involved in the cybersecurity community, participating in renowned competitions and projects such as Malware Information Sharing Platform.
Show Notes:
-
[1:18] - Philippe and Thierry share their backgrounds and their roles in the company they co-founded together, Kelvin Zero.
-
[2:34] - Thierry’s expertise is in cybersecurity but Philippe’s interest was more in crime. They combined their strengths and passions to create Kelvin Zero.
-
[6:18] - Passwords have been around for millennia.
-
[7:24] - We often confuse being smarter with being faster.
-
[9:45] - Passwords are not often attached to an individual. We have so many passwords and can’t actually know them all.
-
[11:53] - We can compromise passwords at scale.
-
[13:20] - The attackers only need to be right once. The defenders need to be right 100% of the time. How can we flip this?
-
[15:47] - The average person is tasked with trying to keep up with cybersecurity and, in most cases, they are not qualified to do this.
-
[17:11] - What does it look like to take a password-less approach?
-
[19:20] - If cybersecurity is done successfully, the opportunities are massive. But regulation holds us back.
-
[21:51] - Once a tech company can serve protection, then companies can focus on their services and products.
-
[24:46] - There are differences between the physical world and the logical world.
-
[28:41] - How do you convince people to share medical data for research when there are constant breaches?
-
[31:33] - Is privacy the same as anonymity?
-
[33:52] - Technology should be able to do what we want it to do, but that’s not the case.
-
[36:36] - In a password-less environment, how can we validate a user?
-
[39:40] - Thierry believes we should get away from the server authenticating because then it is the responsibility of the organization.
-
[43:18] - Sci-fi movies sound far-fetched, but a lot of them predict technology.
-
[46:35] - Thierry and Philippe share their thoughts on what we should be putting our focus on now.
-
[49:40] - Stay away from single-factor authorization.
Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.