have a the when i was at the bank the bank required people to do that and the teller was telling me every month they had to change their password so her password was the same every month it was the same like pick your dog's name and then the the second part of it that they changed it was whatever month it was. So it would be, you know, fluffy cat October, like, and then every next month, fluffy cat November. And then they never had to remember anything. And I was like, Oh, I don't feel any safer giving you my deposit today. The

confidence when someone tells you their system for creating passwords is very odd. I find that when you say I work for a password manager, or I work in cybersecurity or any of the above, it really just does bring out people to be like, let me tell you, I've got a system. Like, oh, you know, it's the car I own, the address that I have, and I change it between the cars that I previously own and I'm like uh what why are you telling me why are you telling me this I

yeah I had this happen when I like literally last week when I called I called the inn where we had an offsite here and I called the inn and I was like hi I'm calling I'd like to reserve a room for a meeting for 1Password she goes 1Password god I need that I go like I can I can help you with that she's like she's like no i i just used some variant of the same password for everything i go that's terrible she goes no no no it's a variant they're all different i was like oh my god no okay i don't have time for this can i get the room please it's wild man you should have asked her what it was and you could have just

booked it yourself so

back to the policy the policy of regularly changing passwords it evolved out of a desire to ensure that people weren't choosing easily guessable passwords or reused passwords but actually in practice it caused people to choose simple or formulaic passwords so they will be easier to keep track of the new recommendations also ban composition rules like requiring a certain mix of capital letters numbers and punctuation marks in each password nist writes the in the draft that the goal of the digital identity guidelines is to provide the foundational risk management processes and requirements that enable the implementation of secure, private, equitable and accessible identity systems. So it's good that, you know, they're finally writing government documents in language that everybody can understand. I think this is a positive move. I do like it. I do think that a lot of businesses were basing this need on these requirements. And it was just outdated. It's great. It's wonderful. I

don't understand why people don't use password managers. I really, it's not just because, I mean, I know, I know, I get it. I'm like, I know where I work. I get it. But like the amount of power that my brain has to remember stuff, like as you get older folks out there, just so you know, as you get older, the amount of times you can not care about something goes way up. So if you can like not have to know what your passwords are, it just seems like the easiest solution ever. Like there's going to be those frustrating moments where you're trying to log in to Sportsnet to watch the Padres play baseball at 10 o'clock at night because it's the thing. And, you know, you have to physically use the Siri remote and spell out a giant, long, weird password. But like those moments are few and far between in your daily life where you're trying to just log into stuff and get things done. I like to think about it like a light switch. I just want to turn the lights on and off. I don't want to have to think about how the hydro gets into my house. Like I just want the lights to come on. And same with passwords. Like great that we've got these guidelines but like use a password manager make your life easier it's just there's just not enough time in life to make your brain cells remember that i

don't think my brain retains any information these days i'm glad this is gone we can raise a drink it's it's it's 20 past three i'm not really drinking um but we can raise a drink to the 90-day password reset and wish it farewell. Fantastic.

Adieu. Au revoir, mom and me.

So this next one. See? You're not going to get random French things from Sarah in an AI podcast. This is the only human thing that you get. God. We really do live up to random but memorable sometimes, don't we?

It's amazing. I love it.

Okay, this next one. Smart TVs take snapshots of what you watch multiple times per second. This one's from New Scientist. I feel like nearly everyone has a smart TV and pretty much everybody is unhappy about it. And essentially, this new news seems to be because it's recently come to light that your smart tv is likely taking pictures and tracking everything that you watch down to the millisecond a 2024 study found that some of the top smart tv brands such as samsung and lg are using what's known as automatic content recognition to capture what's on the screen periodically. Once captured, the information is sent back to the company servers, where it's analysed and used to serve targeted adverts. Over time, the system builds a unique fingerprint of the content that you watch, serving increasingly accurate and pinpointed adverts to your home. At a high level, ACR works by periodically capturing the content displayed on a TV screen and matching it against a content library to detect the content being viewed on TV. It's essentially like a Shazam-like technology for audiovisual content on the smart TV. The study found that a Samsung smart TV using its Tizen OS can take a screenshot every half a second, while LG WebOS TV can take one every 10 milliseconds. However, Samsung and LG are not the only ones using this ACR tech. The study notes that ACR is implemented by all major smart TV manufacturers. there is a considerable lack of scrutiny on how this privacy invading tech is actually used not only that these smart tvs track what's on screen even when it's using external devices like laptops or with the tv in dumb mode via hdmi so let's say you fire up your console in the evening for a gaming session, ACR Tech is still tracking your activity and adding it to your user profile. Unfortunately, as you've already guessed, these companies don't make it easy to opt out of having these screenshots taken. However, each smart TV will have a series of options that you can change to limit the number of screenshots taken and data uploaded. But the study shows that it doesn't stop the process entirely. So it seems the most effective way to avoid smart TV logging and protect your privacy is to stop using a smart TV altogether and to switch back to an old, dumb TV if possible. Failing that, you could disconnect your smart TV from the internet and switch to an external streaming device instead. Or you could use something like NextDNS and just sniff all the things that your TV is trying to connect to and block them. That's what I do. This is creepy. I don't like this at all. Not

at all.

And I feel like it's one of those things that people just kind of accept that their smart tv is doing this stuff i

don't think people are aware of it like i think like you don't think you're plugging in a tv and you're bringing a camera into your house like i'm bringing in a tv to watch it not for it to watch me i

have my smart tv is not connected to the internet i connect periodically to install firmware updates or software updates i guess but otherwise, my smart TVs are dumb. They do not get to connect to the internet for this reason. I

can't remember if I do or not. I don't like it, though. Yeah, I'm gonna have to go check them now. Yeah.

Okay. Now that we've covered Watchtower Weekly, let's jump into my chat with Sierra. Like I mentioned earlier, Sierra and I got to hang out and chat about all things passkeys, the one password user experience, and the future of passwordless authentication. So, let's get right into it. Joining me on the show today is Sia Wolf-Coston. Sia recently joined the 1Password design and user experience team to improve user experience when it comes to passkeys and passwordless authentication. Having made speaking appearances at RSA and Fido's Authenticate Conference, Sia has spent her time and career striving to improve our industry's standards for authentication. She has also worked with Fido Alliance to publish industry guidelines for passkeys. Sia, you recently joined my team here at 1Password. Yes. So it's going to be fun to nerd out with you today.

Unreal. I'm looking forward to it.