Risky Bulletin Sponsored: The phishing-resistant employee
Aug 10, 2025
Derek Hanson, Field CTO of Yubico, specializes in phishing-resistant security measures. He delves into the significance of YubiKey in combating modern security challenges. The conversation highlights vulnerabilities in account recovery and the need for better user identity verification, especially following recent legal issues. They explore the implications of advancements in AI for digital trust and identity verification, as well as the competitive dynamics of the cybersecurity landscape. Finally, they discuss the benefits and challenges of using syncable passkeys for improved security.
AI Snips
Chapters
Transcript
Episode notes
YubiKey Is A Digital Deadbolt
- Derek Hanson says the YubiKey acts like a deadbolt for accounts and devices.
- He warns that locking the front door exposes other weak entry points we must secure.
Clorox Lawsuit Highlights Reset Risk
- Tom Uren cites Clorox suing its help desk vendor after attackers reset passwords and MFA via phone calls.
- The case highlights how call-in recovery channels can be abused to gain account access.
Help Desk Is The Weakest Recovery Link
- Derek Hanson says account recovery is the biggest challenge as phishing-resistant MFA spreads.
- He observes help desks lack verification tools and become attractive attack targets.