How do you authenticate with all new hardware?
Imagine you're a small business or household that just lost everything in a fire, and your phones, ipads, and laptops went up in flames too. Where do you start? You've got a cloud-based password manager (e.g. Dashlane, OnePassword, KeyPass) and MFA system (e.g. Google Authenticator, Authy). How do you authenticate yourself with these systems if you have all new hardware? That's what we're talking about in this episode.
We reference this great previous episode about being prepared for disasters:
https://www.backupcentral.com/how-to-prepare-for-an-emergency-at-home-and-work/
Mentioned in this episode:
Interview ad
Have you ever thought about what would happen if you lost all
Speaker:devices, authenticated with your password or your MFA system?
Speaker:You had a fire that took out everything and you couldn't even
Speaker:grab your phone before you left.
Speaker:It was that bad.
Speaker:How do you get back in?
Speaker:That's what this episode is all about.
W. Curtis Preston:hi, and welcome to Backup Centrals Restore it All podcast.
W. Curtis Preston:I'm your host w Curtis Preston, AKA a Mr.
W. Curtis Preston:Backup, and have with me once again my financial non-ad advisor Prasanna
W. Curtis Preston:it
Prasanna Malaiyandi:Ah, Curtis.
Prasanna Malaiyandi:Yes.
Prasanna Malaiyandi:I am not your financial advisor.
Prasanna Malaiyandi:I am not accredited by any institution or any agency.
W. Curtis Preston:right, But sometimes we talk about things.
W. Curtis Preston:That you answer questions and then you tell me to check those answers.
W. Curtis Preston:Um, we had, we had some conversations about Roth IRAs and IRAs and things
W. Curtis Preston:today, which, you know, um, it's, it's incredibly, you know, as I.
W. Curtis Preston:As I progress in years, um, and I start to worry about when I'm gonna
W. Curtis Preston:start withdrawing from these funds and not, not be putting money into them.
W. Curtis Preston:The thing is advisor, non-ad advisor or not, it was from you that I learned
W. Curtis Preston:the whole thing about Backdoor Roths.
W. Curtis Preston:So I'm sure when I have questions, I will not be able to count on my non,
W. Curtis Preston:my financial non-ad advisor.
W. Curtis Preston:Prasanna,
W. Curtis Preston:There you go.
W. Curtis Preston:It's just bits and pieces of information I've picked up over
W. Curtis Preston:the past many, many years, and it's just something I'm interested in.
W. Curtis Preston:So,
W. Curtis Preston:uh, so this is gonna be, once again, kind of a unique
W. Curtis Preston:podcast, a unique episode, uh, because for the first time, We have, we're
W. Curtis Preston:gonna record sort of the question and then we'll talk about the, the answer.
W. Curtis Preston:Um, because we had a listener who reached out to us about, uh, you
W. Curtis Preston:know, a particular, it's like, what do I, how do I solve this problem?
W. Curtis Preston:And I honestly, I said, you know what?
W. Curtis Preston:I'm not even sure I have a good answer for that, but let's bring you on.
W. Curtis Preston:You know, get some, you know, get that question out there and then we're gonna
W. Curtis Preston:bring on someone else to do the answer.
W. Curtis Preston:So, uh, our guest today describes herself as an anthropologist by
W. Curtis Preston:training, a programmer by application, and a manager by necessity.
W. Curtis Preston:She's a system and network admin for her own company that her and her
W. Curtis Preston:husband have owned for many years.
W. Curtis Preston:She reached out to us with this question and I think it will make a great episode.
W. Curtis Preston:So welcome to the podcast, Sue Peterson.
Sue Peterson:Good afternoon, gentlemen.
Prasanna Malaiyandi:Happy to have you on.
Prasanna Malaiyandi:Yeah,
W. Curtis Preston:is it?
W. Curtis Preston:Well speak for yourself, Sue.
W. Curtis Preston:Not, not here.
W. Curtis Preston:Where, where are you?
W. Curtis Preston:Uh, are you, you said you're in Portland.
Sue Peterson:Eugene.
Sue Peterson:Eugene.
W. Curtis Preston:nice.
Sue Peterson:we, we had, we had over an inch of snow, um, two days
Sue Peterson:ago.
Sue Peterson:Oh,
Sue Peterson:Wet snow.
W. Curtis Preston:Oh yeah.
W. Curtis Preston:That I,
W. Curtis Preston:That does not
W. Curtis Preston:lived in places where you get that.
W. Curtis Preston:Um, how, how are the roads at this point?
Sue Peterson:Totally clear.
Sue Peterson:It melted
Sue Peterson:immediately.
Sue Peterson:Oh,
W. Curtis Preston:Oh, really?
W. Curtis Preston:Okay.
W. Curtis Preston:So why don't you describe to us this problem that you,
W. Curtis Preston:that you're worried about,
Sue Peterson:Well.
Sue Peterson:I'm kind of the IT department for the company My husband and
Sue Peterson:I own have owned since 40 years.
Sue Peterson:Um, he inherited his father's business, which started in 47.
Sue Peterson:So it's family business.
Sue Peterson:I've got.
Sue Peterson:On an average day around 30 ish employees, at the moment we're
Sue Peterson:running 15 trucks, I think,
Sue Peterson:although he keeps buying trucks, so I may have miscounted.
W. Curtis Preston:And what and what type of business is this?
Sue Peterson:it's contracting business, plumbing, business, plumbing repair,
W. Curtis Preston:Mm-hmm.
Sue Peterson:and I'm running the computers and I wrote the database
Sue Peterson:and we're running in-house software almost totally, um, for our, for our
Sue Peterson:business and.
Sue Peterson:Customers and everything.
Sue Peterson:Customer who owes me money sort of stuff.
Sue Peterson:And backups are important when everything you do depends on that data.
Sue Peterson:So I've been fanatic about backups since 19.
Sue Peterson:I got my first computer,
Sue Peterson:Personal computer in 1985,
W. Curtis Preston:Is it for the record?
W. Curtis Preston:That's the year I
W. Curtis Preston:graduated from high school just saying.
Sue Peterson:I figured I was a little bit older than you.
Sue Peterson:I was, I was trying to count that.
Sue Peterson:I still do the, I still do the ponytail.
Sue Peterson:Um, so I started doing backups then, um, at the moment I'm running
Sue Peterson:a mix of Ubuntu and Mac machines.
Sue Peterson:The servers are on Ubuntu.
Sue Peterson:I run MySQL.
Sue Peterson:So every night, let's see, I'm doing, um, Apple time machine
Sue Peterson:on the workstation that are.
Sue Peterson:Still apples.
Sue Peterson:I'm doing Authy for authorization.
Sue Peterson:As we talked, I am dumping everything to rsync every night.
Sue Peterson:I do crash plan on some workstations.
Sue Peterson:I do Dropbox and one password every night, um, every couple hours.
Sue Peterson:And then nightly, I do a MySQL dump.
Sue Peterson:It's encrypted and up and zipped and uploaded to, um, Dropbox.
Sue Peterson:And then every night that gets downloaded to my server at, to my
Sue Peterson:second server at home Decrypted.
Sue Peterson:And it's kind of a.
Sue Peterson:Yeah, test server.
Sue Peterson:And that gets sent to rsync every night.
Sue Peterson:And I was, a couple years ago, we had some issues with fires in the area and of
Sue Peterson:course we're an earthquake zone and I'm paranoid, so I'm sitting there and saying,
Sue Peterson:How do I get back into this system?
Sue Peterson:Assuming I have five, you know, five minutes to get out of
Sue Peterson:the house and down the road.
W. Curtis Preston:Right,
Sue Peterson:I, I, I can't grab
Sue Peterson:anything.
Sue Peterson:I'm running
Sue Peterson:for life.
Sue Peterson:And, and this include, and this also includes like your phones,
Sue Peterson:right?
Sue Peterson:Everything right.
Sue Peterson:It's not just like those
Sue Peterson:servers.
Sue Peterson:Gotcha.
Sue Peterson:Yeah.
Sue Peterson:I mean, servers, I can rebuild.
Sue Peterson:But what, what do I need with this ecosystem?
Sue Peterson:What do I need to have to get back into it?
Sue Peterson:And one password, a few years ago went to something where your phone number,
Sue Peterson:you need more than your phone number.
Sue Peterson:Hmm.
Sue Peterson:need.
Sue Peterson:You need that special key that they give you.
Sue Peterson:Okay, that key's like this long.
Sue Peterson:I don't memorize it.
Sue Peterson:Yes, I have it printed out in my safe.
W. Curtis Preston:Mm-hmm.
Sue Peterson:case analysis, my safe's gone.
Sue Peterson:Yep.
W. Curtis Preston:Right.
Sue Peterson:Now, now, now the odds of this happening are
Sue Peterson:minuscule, but you know what?
Sue Peterson:Yeah, no, this is, this is a great question because I
Sue Peterson:know Sue, we're
Sue Peterson:talking about your specific environment, but honestly, this could apply to anyone.
Sue Peterson:Like I was just thinking, like when I first heard about this question, right?
Sue Peterson:I was like, so what happens if my house burns down?
Sue Peterson:I've lost my laptop, I've lost my phone.
Sue Peterson:How do I even get into like as a user into like my Apple device, right?
Sue Peterson:And into my.
Sue Peterson:Apple account and then into my mail system, like where
Sue Peterson:do I even start to rebuild?
Sue Peterson:Because sure, I have offsite copies, but if I can't get access
Sue Peterson:to it because I don't have a starting device, what do I do?
Sue Peterson:yeah.
W. Curtis Preston:Yeah.
W. Curtis Preston:I was thinking actually, This would be, um, you know, who, you know,
W. Curtis Preston:who, uh, came to mind Prasanna, um, what's, what's her name?
W. Curtis Preston:The lady, the, the disaster preparedness
W. Curtis Preston:Oh
Sue Peterson:Oh yeah.
Sue Peterson:yes.
W. Curtis Preston:Uh, what was her name?
W. Curtis Preston:Um, or her name's escaping.
W. Curtis Preston:Uh, she, she, she came on and she's, she talks about helping people get
W. Curtis Preston:ready for all kinds of things like these, that she doesn't focus just
W. Curtis Preston:on it, but she focuses on, I think, these things that we talk about, which
W. Curtis Preston:is h how do you, how do you put back, uh, how do you put back everything?
W. Curtis Preston:The more complicated.
W. Curtis Preston:The more complicated.
W. Curtis Preston:Uh, so you're, I, so first off, I'll, I'll just say this.
W. Curtis Preston:I think it, it sounds like you're doing all the right things.
W. Curtis Preston:I mean, we might change different pieces of it, um, you know, like,
W. Curtis Preston:would I do it slightly differently?
W. Curtis Preston:Maybe?
W. Curtis Preston:But I like that you're, it sounds like you've got, uh, it sounds like
W. Curtis Preston:there's a cloud copy of everything.
W. Curtis Preston:Right.
W. Curtis Preston:Um, and it also sounds like you've got a local copy.
W. Curtis Preston:On this server.
W. Curtis Preston:Okay.
Sue Peterson:Yeah.
Sue Peterson:Yes.
W. Curtis Preston:Yeah.
W. Curtis Preston:An offsite an offsite copy, right.
W. Curtis Preston:But it, it, it's offsite from, from where the data is, but it's still local to you.
W. Curtis Preston:Um, and, and then you also have a cloud copy, cuz a cloud copy could easily
W. Curtis Preston:be your, the doomsday copy when this.
Sue Peterson:right.
W. Curtis Preston:All goes to hell.
W. Curtis Preston:Uh, the question will then be, and and also I like that
W. Curtis Preston:you're using a password manager.
W. Curtis Preston:We talk a lot about password managers here.
Sue Peterson:I'm paranoid.
W. Curtis Preston:yeah, well, as you should be, this is a paranoid world.
W. Curtis Preston:Um, and then also you've mentioned that you use Authy for, uh, uh, mfa, right?
Sue Peterson:Yeah.
Sue Peterson:Not for everything.
Sue Peterson:Not for everything.
Sue Peterson:Some stuff won't use it,
Sue Peterson:but
Sue Peterson:yeah.
Sue Peterson:yeah.
Sue Peterson:and and I think we should talk, Curtis, I know when we talk about the
Sue Peterson:solution, right?
Sue Peterson:This'll come up, but I was just recalling your situation.
Sue Peterson:Remember when your cell phone.
Sue Peterson:You swapped your cell phones and you hadn't done your yet.
W. Curtis Preston:Yeah.
W. Curtis Preston:well, well, that's what, that's how I ended up at Authy.
W. Curtis Preston:Uh, Sue, I was originally with, um, a Google Authenticator, and the problem
W. Curtis Preston:with Google Authenticator is when you change phones, you have to make that.
W. Curtis Preston:Switch over.
W. Curtis Preston:And if you don't, at the time of changing the phones, you
W. Curtis Preston:have to start all over, right.
W. Curtis Preston:And ma and make, uh, new tokens for everything.
W. Curtis Preston:And that was a giant pa and that's kind of what you're talking about, that
W. Curtis Preston:scenario of how do, how do I do that?
Sue Peterson:Yeah.
W. Curtis Preston:And, um, while you're, you're definitely more that
W. Curtis Preston:you're, you're, I put you in like, like the prosumer category, right?
W. Curtis Preston:You're a relatively small shop, um, but you're, but you're doing this
W. Curtis Preston:from a, for a professional reason.
W. Curtis Preston:Um, and, um, Oh, by the way, yeah.
W. Curtis Preston:And I like the fact that you're encrypting that database.
W. Curtis Preston:Um, I don't want to ask you too many questions about how,
W. Curtis Preston:how you're encrypting it.
W. Curtis Preston:There are ways perhaps that you could change your infrastructure
W. Curtis Preston:that perhaps the bootstrap.
W. Curtis Preston:Issue might be easier to deal with.
W. Curtis Preston:So for example, I, if you moved the, instead of having a MySQL database on
W. Curtis Preston:a, on a Linux server, if you went with a hosted MySQL database somewhere,
W. Curtis Preston:um, so that it was in the cloud, that
W. Curtis Preston:would be, and, and I'm not suggesting these changes, I'm
W. Curtis Preston:just saying these are, these are
W. Curtis Preston:Different trade offs.
W. Curtis Preston:you could make.
W. Curtis Preston:Yeah.
W. Curtis Preston:Different trade offs.
W. Curtis Preston:Right.
W. Curtis Preston:Um,
Sue Peterson:haven't made
W. Curtis Preston:By the way, here's our usual disclaimer.
W. Curtis Preston:This is an independent podcast, uh, and that, uh, you know, the opinions that
W. Curtis Preston:you hear from Prasanna and I are ours.
W. Curtis Preston:And also, um, be sure to rate us please.
W. Curtis Preston:Uh, it helps us, it helps people find us.
W. Curtis Preston:And, uh, by, just scroll down to the bottom there and click on the.
W. Curtis Preston:Five stars and hopefully five stars.
W. Curtis Preston:If, if you think we're one stars, then you know it's really not necessary for you to.
W. Curtis Preston:Um, and, um, and then also if you would like to join the,
W. Curtis Preston:um, uh, the conversation, then reach out to me the way Sue did.
W. Curtis Preston:Uh, you can either use w Curtis Preston gmail, you can use at WC
W. Curtis Preston:preston on Twitter, or you can use LinkedIn linkedin.com/i/mr.
W. Curtis Preston:Backup.
W. Curtis Preston:Uh, and you'll find me.
W. Curtis Preston:So let's just sort of walk through this.
W. Curtis Preston:Um, the one you, you were ta so with Authy you can back up the keys, right?
W. Curtis Preston:You can back up the, did we call, what did we call them?
W. Curtis Preston:Keys
W. Curtis Preston:key.
W. Curtis Preston:Recovery
W. Curtis Preston:key.
W. Curtis Preston:Yeah, the rec, well, they have the recovery
W. Curtis Preston:keys, but also you can back up the
W. Curtis Preston:vault, right?
W. Curtis Preston:Um, and then you can restore that somewhere.
W. Curtis Preston:Um,
Sue Peterson:tried restoring
Sue Peterson:it, but presumably it
Sue Peterson:works.
W. Curtis Preston:then, then the backup person in me would say that
W. Curtis Preston:you don't really have a backup if you've never tried restoring it.
W. Curtis Preston:So that would be step one.
W. Curtis Preston:Yeah.
W. Curtis Preston:So I, I think any of these things, the only way you're going to know, the way the
W. Curtis Preston:experience is really is to try it, right?
W. Curtis Preston:Is to say, okay, I'm standing here.
W. Curtis Preston:Um, and, um, uh, I have nothing.
W. Curtis Preston:I have, I just went to the mac st I went to the Apple store and he has bought a
W. Curtis Preston:new iPhone and a new MacBook and I have, uh, hopefully my, you said one password?
W. Curtis Preston:Is that what you said?
Sue Peterson:Yes,
W. Curtis Preston:Yeah.
W. Curtis Preston:So hopefully you know your one password master password.
Sue Peterson:I do, but I don't have the recovery key or whatever they
Sue Peterson:call it, because my safe burned down.
W. Curtis Preston:well, you shouldn't, well, again, I don't, I don't use
W. Curtis Preston:one password, I use Dash lane.
W. Curtis Preston:But the way, um, the way I would think it worked, the, the way
W. Curtis Preston:I would think it would work.
Sue Peterson:They have no way to get into anything.
Sue Peterson:If you lose that megalong key, they tell you to print
Sue Peterson:it out and put it in the safe.
Sue Peterson:And I think I,
W. Curtis Preston:I
Sue Peterson:as far as I can tell, one password is
Sue Peterson:my key.
Sue Peterson:How do I, how do I,
W. Curtis Preston:I, I'm
W. Curtis Preston:different than other,
W. Curtis Preston:that that's,
W. Curtis Preston:yeah.
W. Curtis Preston:I thi willing to guess that that's what I would call a recovery key.
W. Curtis Preston:Right.
W. Curtis Preston:Which should again, I'm sorry.
W. Curtis Preston:I should cuz I'm not a one password customer should only
W. Curtis Preston:be necessary if you forgot your.
W. Curtis Preston:Master password, I'm pretty sure, right?
W. Curtis Preston:Um,
Sue Peterson:password, I would not forget, but setting it up
Sue Peterson:on a
W. Curtis Preston:so the, by, what's your, what's your master password?
W. Curtis Preston:Tell Sue what's
W. Curtis Preston:your, um, so, but yeah, so, so the theoretically, so the, so one
W. Curtis Preston:password should have an MFA set
W. Curtis Preston:up, right?
Sue Peterson:right.
W. Curtis Preston:Um,
W. Curtis Preston:But then what's the pro?
W. Curtis Preston:But how do you get, and I know we're trying to,
W. Curtis Preston:on it depends on how mfa Yeah.
W. Curtis Preston:We're, we're trying to solve the problem, but I, but I'm just
W. Curtis Preston:sort of walking through this is sort of what you have to do.
W. Curtis Preston:So, and the only way you're gonna know it for sure is to go try it once basically.
W. Curtis Preston:Um, essentially,
Sue Peterson:when I set it up on a new,
Sue Peterson:new box, I need the secret
Sue Peterson:key.
W. Curtis Preston:yeah.
W. Curtis Preston:So, um,
W. Curtis Preston:so really, so you're saying that when you set it up,
W. Curtis Preston:Uh, when you go to use, um, one password on a new laptop or whatever,
Sue Peterson:I need that secret key.
W. Curtis Preston:you need the secret key.
Sue Peterson:You do.
Sue Peterson:You need your, you need your master password,
Sue Peterson:your username, and the secret key.
Sue Peterson:That's probably the equivalent of like two factor authentication, right?
W. Curtis Preston:You've got the, you got the one password question.
Sue Peterson:Their solution is to
Sue Peterson:give a, um,
Sue Peterson:friend
Sue Peterson:Uh, key.
Sue Peterson:Yep.
Sue Peterson:State.
Sue Peterson:That's exactly what I was thinking.
Sue Peterson:You give it to someone else who doesn't live anywhere near you.
Sue Peterson:They can't do any harm with just the recovery key, right?
Sue Peterson:Cuz they don't know the master password and they can always
Sue Peterson:give it back to you later.
Sue Peterson:But then I need to find somebody who wants that
Sue Peterson:responsibility and who is trust.
Sue Peterson:I have people that I trust
Sue Peterson:utterly, but that's a lot of responsibility to put on somebody.
Sue Peterson:yep.
W. Curtis Preston:You can give it the, give it the Prasanna.
W. Curtis Preston:He's a pretty responsible
W. Curtis Preston:guy.
W. Curtis Preston:Um,
Sue Peterson:willing to pay for the
Sue Peterson:privilege.
W. Curtis Preston:we'll be your we'll be your key escrow service.
W. Curtis Preston:Um,
W. Curtis Preston:not be a bad business, you know?
W. Curtis Preston:yeah.
W. Curtis Preston:Might
Sue Peterson:I seriously.
W. Curtis Preston:Yeah.
W. Curtis Preston:The um,
Sue Peterson:Seriously,
W. Curtis Preston:That is a, yeah.
W. Curtis Preston:So I'm gonna have to go research the one password thing with ay.
Sue Peterson:please do.
W. Curtis Preston:Um, there should be, um, there should be a, well,
W. Curtis Preston:there is a way to basically move your authy vault onto another thing.
W. Curtis Preston:Most of the MFA stuff for, for this level of, of stuff is often built into
W. Curtis Preston:a device, which in this case it would be your new phone that you just bought.
W. Curtis Preston:Because, right.
W. Curtis Preston:And so you'd have to see what that looks like.
W. Curtis Preston:Um, so just grab your husband's phone and set it on fire
W. Curtis Preston:and then, um, you know,
W. Curtis Preston:see
W. Curtis Preston:see what
W. Curtis Preston:that's like.
W. Curtis Preston:See how that, see how that goes.
W. Curtis Preston:Um, don't do it to
Sue Peterson:talking about getting a new phone
W. Curtis Preston:if he wants.
W. Curtis Preston:If any of you get a new phone, this is the time to try to think.
W. Curtis Preston:Right?
W. Curtis Preston:So with Athie, What I know that is Authy recommend.
W. Curtis Preston:So it regularly backs up my, my Vault and it regularly asks me, prompts me to, um,
W. Curtis Preston:for the password to that vault,
Sue Peterson:drives
W. Curtis Preston:which I also store in, um, in Dash
W. Curtis Preston:Lane, which I'm not using othe for.
W. Curtis Preston:So, so by the way Dash lane, the way Dash lane works is, um, That they
W. Curtis Preston:would need, they would, they would send, uh, like if everything was
W. Curtis Preston:dead, they would send a text to my phone to authenticate that device
W. Curtis Preston:for, um, for that you would need the password and be able
W. Curtis Preston:to respond at that number.
W. Curtis Preston:Um, now I, now I gotta go.
W. Curtis Preston:I gotta
W. Curtis Preston:go find that out.
W. Curtis Preston:I gotta find that out for my
W. Curtis Preston:own thing.
W. Curtis Preston:Well, and this
W. Curtis Preston:is the thing,
W. Curtis Preston:is why I really like the
W. Curtis Preston:of it.
W. Curtis Preston:Yeah.
Sue Peterson:I think you guys got me down this rabbit hole.
W. Curtis Preston:Yeah.
W. Curtis Preston:Yeah.
W. Curtis Preston:Well, this
W. Curtis Preston:is, this is
W. Curtis Preston:what's, so you got, we got you thinking about it.
W. Curtis Preston:Now you got us thinking about it.
W. Curtis Preston:I, I, which is why I thought this would make a great episode.
W. Curtis Preston:Everybody should think about this.
W. Curtis Preston:Think about the stuff, the, all these key managers that you have, right?
W. Curtis Preston:So you have things like othe, Google Authenticator.
W. Curtis Preston:Um, you know, one password, hopefully not last pass.
W. Curtis Preston:Um, because of, you know, all the, all the fun that they're going through right now.
W. Curtis Preston:I think we've got a good idea of this problem for sure.
W. Curtis Preston:Um, so now we just need to go get the solution.
W. Curtis Preston:Uh, so we talked about, so we have crash plan, we have Dropbox, we
W. Curtis Preston:have one password, we have Authe.
Sue Peterson:Yeah.
W. Curtis Preston:Um,
Sue Peterson:And ay are my
W. Curtis Preston:yeah.
W. Curtis Preston:R you're talking ayq.net.
W. Curtis Preston:Right.
Sue Peterson:yes.
Sue Peterson:Yes.
Sue Peterson:Sorry.
W. Curtis Preston:Okay, so you're, you're, so, just, just
W. Curtis Preston:to make sure I understand, you,
W. Curtis Preston:you are an ssy.net customer because
W. Curtis Preston:of this podcast.
Sue Peterson:It is your fault.
W. Curtis Preston:Do you hear that people over there
W. Curtis Preston:we're just making money left and right for other people?
W. Curtis Preston:Well, with that, Sue, uh, I want to, uh, thank you very much for coming
W. Curtis Preston:on and giving us problems and, uh, and, but you, you have to wait until
W. Curtis Preston:we record the answer episode and then we'll put it out and then you'll
W. Curtis Preston:have the answer to all your problems.
Sue Peterson:I I certainly hope so.
daniel-curtis:I think we need to bring on Daniel, what do you think?
daniel-curtis:Um, you know, yeah.
daniel-curtis:Uh, you know, he, we, we've talked about him a lot.
daniel-curtis:We've had him on the pod.
daniel-curtis:Uh, he, he's an interesting, he's an interesting individual
daniel-curtis:that, uh, you know, he is, he.
daniel-curtis:You know, he's professional.
daniel-curtis:He's a marketing communications specialist, but he also loves backups.
daniel-curtis:Uh, he's, he's, he lives in Israel, but he has an Irish accent.
daniel-curtis:Uh, he's been, he's been a guest on the pod.
daniel-curtis:You've heard if you list, if you're a fan of the pod, you've heard
daniel-curtis:us reference him a time or two.
daniel-curtis:Uh, it's our very own backup anorak Daniel Rosehill.
daniel-curtis:How's it going, Daniel?
Daniel Rosehill:Hi Curtis.
Daniel Rosehill:Thank you for having me back on the podcast.
daniel-curtis:You know what, uh, we're super, we, we talk about you all the time,
daniel-pras:I think I name drop him.
daniel-pras:Yeah.
daniel-pras:Anytime.
daniel-pras:It's like, hey, we should be like, I think you've come up so many times
daniel-pras:with when it comes to MDIs, right?
daniel-pras:I know you're the one who sort of pointed us in that direction, been
daniel-pras:like, Hey, have you guys heard of MDIs?
daniel-pras:Right.
daniel-pras:And for archiving.
daniel-curtis:the way, Daniel, our single most popular two episodes
daniel-curtis:are the one where you and I I talked about M disk and when we had the,
daniel-curtis:the founder of M Disk on there.
Daniel Rosehill:I'm, I'm, I'm, I'm actually com completely flabbergasted to
Daniel Rosehill:hear that because I, I've been working on the assumption until this point that I'm
Daniel Rosehill:keeping, I'm, I'm the sole reason that the m disks are still being produced.
Daniel Rosehill:Keep keeping the company in business.
daniel-curtis:You know, it is interesting.
daniel-curtis:There are those who are like, oh, this is the greatest thing ever.
daniel-curtis:There are those who are like, oh, well it's just the same as that.
daniel-curtis:And there are those who are like, good.
daniel-curtis:It's complete nonsense.
daniel-curtis:And, um, it is, it is.
daniel-curtis:Um, It is concerning, right, that there's just like one vendor that's producing
daniel-curtis:the disks and they could decide tomorrow they're like, for some reason we sell
daniel-curtis:a whole bunch of these in Jerusalem.
daniel-curtis:But other than that, we don't sell very
daniel-pras:Stockpile stockpile.
daniel-pras:It's funny.
daniel-pras:So Daniel, I started thinking about, okay, what should I
daniel-pras:be doing for my data as well?
daniel-pras:And started looking at M disk and went down that rabbit hole and.
daniel-pras:I found a deal on Amazon because I was like, most of the time
daniel-pras:they're fairly expensive.
daniel-pras:I ended up ordering it.
daniel-pras:You have to be really careful because a lot of times you'll end up with
daniel-pras:Blu-ray discs and not M disk, which are two different types of media.
daniel-pras:You really want the M disk for your archival media, and so I have not
daniel-pras:continued down and found a deal yet, so I am waiting to back up my data.
Daniel Rosehill:Interesting.
Daniel Rosehill:I, I, I think we were talking on, on Twitter Prasanna as, as we sometimes
Daniel Rosehill:do, and, uh, I believe you're asking me whether I have a backup to the writer.
Daniel Rosehill:And then I realized there was a, there was actually a crucial gap
Daniel Rosehill:in my m disk, uh, backup strategy.
Daniel Rosehill:Um, but as, as, as, as Curtis mentioned, the m disk is the
Daniel Rosehill:most unusually polarizing topic out there, like people on.
Daniel Rosehill:Spread for whatever reason, are convinced that m disk is nonsense.
Daniel Rosehill:I, I, I haven't yet seen anyone really sort of come with cohesive proof to
Daniel Rosehill:say why MDI is, uh, is, it's all, its claims are false, but there does seem
Daniel Rosehill:to be people out there with vendetta.
Daniel Rosehill:I think Curtis has noticed the same thing.
Daniel Rosehill:So I, I'm mostly just leaving them to, to be.
W. Curtis Preston:Yeah.
W. Curtis Preston:Well, I think, I think you pick any topic and you go on Reddit, you will find
W. Curtis Preston:somebody who thinks that topic is Right?
W. Curtis Preston:So Sue has given us this question Prasanna.
W. Curtis Preston:Uh, it's the whole, you know, we're calling it the bootstrap question, right?
W. Curtis Preston:we always talk about, yeah, how do you get your data back?
W. Curtis Preston:But it's like, what do you do before you could get your data back?
W. Curtis Preston:Like what's step zero?
W. Curtis Preston:Well, if this was, I, I think we can agree that if this was a company
W. Curtis Preston:that we're talking about, um, and she is talking about a company, right?
W. Curtis Preston:Um, she she was talking about right,
W. Curtis Preston:yeah.
W. Curtis Preston:She was about come.
W. Curtis Preston:Yeah, but I.
W. Curtis Preston:was a company that we're talking about you, you should absolutely be
W. Curtis Preston:having this conversation and, and I would think it would be easier to
W. Curtis Preston:have for a company than for a person.
W. Curtis Preston:it because I know we that will.
W. Curtis Preston:I think the challenge with the company is you don't necessarily know where
W. Curtis Preston:all your data is or all the systems, you kind have all these siloed groups
W. Curtis Preston:who have different responsibilities.
W. Curtis Preston:So I know Curtis, you and I had previously talked about a shipping
W. Curtis Preston:company that got hit with ransomware.
W. Curtis Preston:Right.
W. Curtis Preston:And they lost active directory servers and they didn't have a backup of those.
W. Curtis Preston:Right.
W. Curtis Preston:And they just happened to find one system that.
W. Curtis Preston:Was out of sync.
W. Curtis Preston:Right.
W. Curtis Preston:I believe was the case And was able to recover that.
W. Curtis Preston:Correct?
W. Curtis Preston:Yeah.
W. Curtis Preston:Yeah.
W. Curtis Preston:Well, yeah.
W. Curtis Preston:Oh yeah.
W. Curtis Preston:That, that was the, that was that, that huge hack and basically they, it, it was
W. Curtis Preston:a, it was a, it was a fortunate storm, so it was a storm had taken one of
W. Curtis Preston:their active directory service offline, and so it wasn't online when someone
W. Curtis Preston:hacked and destroyed active directory.
W. Curtis Preston:And so, but they didn't have a backup of ACT directory, but they
W. Curtis Preston:just had one domain controller that was offline, thankfully.
W. Curtis Preston:And they were able to bring it back on and, you know, and then
W. Curtis Preston:they went, and then they went out.
W. Curtis Preston:That's just a crazy, crazy story.
W. Curtis Preston:Um, I, I think what I meant, and, uh, Daniel, you know, jump in here, um, what
W. Curtis Preston:I meant was, There are pro if you don't know where your stuff is, you're right.
W. Curtis Preston:Prasanna, and, and, and probably it's, it's, it's easier to not know where
W. Curtis Preston:your stuff is if you're a company, but there are products that you can
W. Curtis Preston:buy and there are, uh, usually Right.
W. Curtis Preston:Um, cuz I just got, I just got done editing the last pass episode where,
W. Curtis Preston:you know, I was really hard on them for using a homegrown backup product.
W. Curtis Preston:And you were saying, well, Sometimes that's all you can
W. Curtis Preston:get even when you're a company.
W. Curtis Preston:But generally speaking, there's a product that you can buy or a
W. Curtis Preston:service that you can buy, and um,
W. Curtis Preston:There's,
W. Curtis Preston:of buying the right products and services.
W. Curtis Preston:also the other case that those tools are usually intended for having multiple
W. Curtis Preston:people administer a system, right?
W. Curtis Preston:So, unlike right, like you're gonna, you're not just gonna trust the entire
W. Curtis Preston:keys to your kingdom to one single person, right person that sits by a bus.
W. Curtis Preston:What do you do?
W. Curtis Preston:Great.
W. Curtis Preston:it always that?
W. Curtis Preston:Why can't it be they won the lottery and moved to Bahamas?
W. Curtis Preston:Nah, because then that makes it why is it a, why is it always gotta be Daniel?
W. Curtis Preston:I don't know.
W. Curtis Preston:What do you, what do you think here?
W. Curtis Preston:I mean, you, you, you heard the, you heard Sue's question.
W. Curtis Preston:Um, you know, how, how ba how bad off are we here?
Daniel Rosehill:Well, Curtis, I, I think the situation is probably
Daniel Rosehill:best described as catastrophic in the world of personal backup.
Daniel Rosehill:There, there is absolutely nothing and, you know, unless you take sort of
Daniel Rosehill:active personal protection measures, uh, you know, all your data just sitting
Daniel Rosehill:out there in the cloud, and I think the scenario Sue was talking about is
Daniel Rosehill:something that could, I mean, it could happen to anyone in any personal context.
Daniel Rosehill:Right.
Daniel Rosehill:I've, I've certainly been.
Daniel Rosehill:You could, uh, get drunk and your phone falls into the, the river or the sea, cuz
Daniel Rosehill:I know you guys are on the West Coast.
Daniel Rosehill:So really if you spend your time thinking about it, this is really
Daniel Rosehill:sort of a fast track to insanity because you realize how ter incredibly
Daniel Rosehill:vulnerable, pretty much all of us are.
Daniel Rosehill:And it's just a case of how can you reduce that vulnerability just a small bit.
daniel-curtis:Thank you very much.
daniel-curtis:Everybody come in.
daniel-curtis:Take I, I thought maybe you'd give us a little bit of hope,
daniel-curtis:Daniel, that that sounds bad.
daniel-pras:Yeah.
Daniel Rosehill:I mean, it, it, it's a, it's a bad situation, but, you
Daniel Rosehill:know, I think that the, the backup anac community right now is, is very small.
Daniel Rosehill:But, you know, you guys doing this
Daniel Rosehill:podcast are spreading, spreading awareness, and I think it, it's
Daniel Rosehill:gonna take a lot more people asking questions and poking flaws in the
Daniel Rosehill:sort of backup and recovery approach of a lot of these, um, a lot of
Daniel Rosehill:these companies, you know, especially stuff like two factor authentication.
Daniel Rosehill:Now that it's sort of so essential.
Daniel Rosehill:Um, but there are still some services that, you know, you really, if you
Daniel Rosehill:get locked, it's quite easy to get locked out of for good and that kind
Daniel Rosehill:of huge ramifications for people.
Prasanna Malaiyandi:One of the things, just speaking about that, right?
Prasanna Malaiyandi:So after talking to Sue, I started looking and being like, Hey, what do I do?
Prasanna Malaiyandi:Because for me, if I don't have access to my Apple id, everything kind of breaks.
Prasanna Malaiyandi:Right.
Prasanna Malaiyandi:And so I was like, how do I get access?
Prasanna Malaiyandi:And so I looked and about 10 years ago I'd created a recovery key because it was like
Prasanna Malaiyandi:a 20 digit key that Apple had at the time.
Prasanna Malaiyandi:Turns out they no longer use those and they never tell you about it.
Prasanna Malaiyandi:So, but luckily with newer versions of iOS, you could actually create
Prasanna Malaiyandi:a recovery contact, which a lot of other services use as well, right?
Prasanna Malaiyandi:Where you can say, Hey, if I don't have access and I can't do two-factor
Prasanna Malaiyandi:authentication, here's someone else that I trust that you can send my key to.
Prasanna Malaiyandi:Or at the code two verification code, and then I can get it from them.
Prasanna Malaiyandi:So it's not like you're, because I know Curtis, one of the things
Prasanna Malaiyandi:we've talked about is, Hey, you've lost your phone with Sue, right?
Prasanna Malaiyandi:It's like, Hey, you've lost your phone.
Prasanna Malaiyandi:You can no longer get two-factor authentication.
Prasanna Malaiyandi:How do I even get into my password manager in order to be able to
Prasanna Malaiyandi:get that first bit of data back?
Prasanna Malaiyandi:Right?
Prasanna Malaiyandi:The password.
Prasanna Malaiyandi:So then I can actually get into my actual data vaults.
daniel-curtis:Well, the, the one with the, the password manager, I feel was
daniel-curtis:the one where, To me, that's where it all starts for me personally, right?
daniel-curtis:You talked about I need Apple, I need access to Apple, and I agree, right?
daniel-curtis:I need access to Apple, or I need access to this service and
daniel-curtis:that service and that service.
daniel-curtis:Well, those are all passwords.
daniel-curtis:That without my password manager, I am gonna have no idea how to get into Right.
daniel-curtis:And in order to, for many of them, I can recover my password if I can log
daniel-curtis:into Gmail, which I won't be able to log in without my password manager.
daniel-curtis:Right?
daniel-curtis:So for me, the password, I, I think the password manager is where you start.
daniel-curtis:And um, and I think that's what concerned me most about Sue's
daniel-curtis:story was that she needed.
daniel-curtis:What was it that she said she needed?
daniel-pras:it's, it's two things.
daniel-pras:So it's a key file and it's the password,
daniel-curtis:right, so she actually has to, she has a
daniel-curtis:file that she has to back up.
daniel-curtis:So to me that's a catch 20 for the thing that starts all the things.
daniel-curtis:What do you think, Daniel?
daniel-curtis:It, it seems like that's a catch 22.
daniel-curtis:That's unacceptable.
Daniel Rosehill:Right.
Daniel Rosehill:I think that, you know, um, what Prasanna said is, is, is really essential for
Daniel Rosehill:anyone looking for a password manager.
Daniel Rosehill:So I don't, uh, you know, Don't, don't, don't try to hack me after this, it,
Daniel Rosehill:it may be true that I use Bit Warden and I was looking at sort of what
Daniel Rosehill:options they have for recovery today.
Daniel Rosehill:It's one of these, it's kind of more geared towards open source and whatever,
Daniel Rosehill:and they have, it's pretty decent.
Daniel Rosehill:You can sort of configure an email address and a phone number and you've
Daniel Rosehill:got various layers of recovery.
Daniel Rosehill:That if you get locked out.
Daniel Rosehill:So that's one of the better ones.
Daniel Rosehill:But I've definitely, I know there's a lot of password managers on the
Daniel Rosehill:market, especially when you're talking about sort of Sue's situation, more
Daniel Rosehill:complicated ways of authentication.
Daniel Rosehill:You'd see in the enterprise environment, uh, you know, you need to have these,
Daniel Rosehill:because, you know, if you're sitting in a hotel room trying to get access in
Daniel Rosehill:a different country, it's just way too complicated to go fishing out sort of.
Daniel Rosehill:Uh, key files or credentials or, or code samples.
Daniel Rosehill:It's just not gonna happen.
Daniel Rosehill:Um, the, the other thing that, you know, I, I was thinking, uh, Curtis, as you
Daniel Rosehill:mentioned, the sort of password manager as being the basis, uh, for everything.
Daniel Rosehill:And I think the other.
Daniel Rosehill:Thing that we're seeing at the moment in personal IT world is with this, uh,
Daniel Rosehill:you know, single sign on that you create accounts with services through your
Daniel Rosehill:Apple ID or Google, and that's making the Google a choke, a choke point that
Daniel Rosehill:if you got locked into your Google now you got locked out of everything.
Daniel Rosehill:So it's a big vulnerability.
Daniel Rosehill:I actually ran into it.
Daniel Rosehill:I was traveling two years ago and I got locked outta Google because I
Daniel Rosehill:was logging in from different hotels in the us and it, you know, it,
Daniel Rosehill:the IP pattern detect flagged me as a whatever it thought my account.
Daniel Rosehill:And it was a really, really difficult, uh, situation to get my account access back.
Daniel Rosehill:And if I didn't, it just kind of occurred to me that, okay, it would've been
Daniel Rosehill:locked out of Google, which would've been catastrophic, would've lost all
Daniel Rosehill:my emails, all my calendar, everything.
Daniel Rosehill:I also would've probably been lost.
Daniel Rosehill:Locked out of everything that I authenticated through Google.
Daniel Rosehill:So the password manager is crucial and uh, whatever that sort of second
Daniel Rosehill:layer is that you're authenticating different services through is
Daniel Rosehill:also
daniel-curtis:That's an interesting point that you brought up, uh,
daniel-curtis:Daniel, because I had recently started thinking that maybe because I have
daniel-curtis:like 700 accounts, On various websites.
daniel-curtis:And I started thinking that maybe I should use the Google, you know,
daniel-curtis:just log in with Google, uh, instead of having yet another account.
daniel-curtis:And I never really thought about the fact until just now, because like if
daniel-curtis:this happened with Okta, If you were a company, and this happened with
daniel-curtis:Okta, you have a tech support line that you can call in and you can say,
daniel-curtis:Hey, I'm paying you, you know, this much money a month for my company.
daniel-curtis:Fix me.
daniel-curtis:Right?
daniel-curtis:But this is your free Google account.
daniel-curtis:You know, there's, there's, if you get locked out, you can get locked out.
daniel-curtis:You know, there are stories of people that get permanently
daniel-curtis:locked out of accounts like this.
daniel-curtis:Uh, and that, that is a real mess.
daniel-curtis:So I, I think so.
daniel-curtis:I, I think you brought up a really good point, Daniel, but let's, if we go back
daniel-curtis:to the password manager, I think that, um, uh, you, you, you mentioned Daniel,
daniel-curtis:you mentioned of like, if this is for a, maybe a company where you might
daniel-curtis:want to have a second level of mfa.
daniel-curtis:Uh, uh, I just, I, I think because the question here is,
daniel-curtis:Is that doomsday situation where you've lost everything, right?
daniel-curtis:You've lost your phone, you've lost your servers, you've lost your
daniel-curtis:computers, you've lost whatever, and you have to start from scratch.
daniel-curtis:Right?
daniel-curtis:To me, there's definitely a fine line between, at some point we do
daniel-curtis:want to able to authenticate, and it just sounds like in Sue's situation.
daniel-curtis:That her password manager has a catch 22 that if she loses that file, she will
daniel-curtis:never get back into her password manager.
daniel-curtis:Doesn't that, that just seems wrong to me.
Daniel Rosehill:Yeah, I mean, I've, I played around with, with, uh, with
Daniel Rosehill:a few different pastor managers, but I think that that's, that's key
Daniel Rosehill:is the sort of recovery functions.
Daniel Rosehill:And I think that if.
Daniel Rosehill:Anyone building a password manager for the enterprise or for personal
Daniel Rosehill:it use has to think about these sort of catastrophes, right?
Daniel Rosehill:I mean, it's a product made for backup and disaster recovery.
Daniel Rosehill:It's, it's in the name that you should anticipate they're being disasters,
Daniel Rosehill:uh, like, like the phone falling into the, so, um, I think that any,
Daniel Rosehill:any backup, any password manager.
Daniel Rosehill:I use one I like.
Daniel Rosehill:I also used Oy for a while.
Daniel Rosehill:And actually it's funny, uh, Curtis, I had the exact same situation that you did.
Daniel Rosehill:Um, I don't want to sort of disparage Google Authenticator, but whatever.
Daniel Rosehill:I got into the situation like you did that I had to manually recreate
Daniel Rosehill:every single two factor key.
Daniel Rosehill:Um, and I was like, how is this not a feature that Google Authenticator
Daniel Rosehill:can back itself up to some file, which you could recover from?
Daniel Rosehill:And then I.
Daniel Rosehill:You know, a search got me onto Oy, so it's weird.
Daniel Rosehill:You, you, I think you kind of have to sort of audit all these systems.
Daniel Rosehill:Like that to me is just such a no-brainer feature.
Daniel Rosehill:You'd expect someone on Google will be like, well, we need to
Daniel Rosehill:like roll out a backup thing.
daniel-pras:Yeah, I, I think I still wanna go back to.
daniel-pras:The shared responsibility, right?
daniel-pras:If you can find someone else, like in Sue's case, right?
daniel-pras:If she had another IT person, right, who had the same access, and it doesn't
daniel-pras:have to be the same credentials, right?
daniel-pras:They could have their own key file, whatever else, but have
daniel-pras:access to the same vault, right?
daniel-pras:They could then help her recover, right?
daniel-pras:And so I think always having that, and now I know in the personal side it gets a lot.
daniel-pras:More difficult because no one ever thinks about that, right?
daniel-pras:No one's like, Hey, I need to make sure this other person has access to
daniel-pras:my data as well in case, and that's why many of these cloud providers, right,
daniel-pras:apple, Google, meta, right, they're all either doing recovery contacts or
daniel-pras:other mechanisms because they realize that people are getting locked out.
daniel-pras:And it's hard to differentiate between sort of locked out because
daniel-pras:of access, like an account takeover process or locked out because I forgot
daniel-pras:something, or I did something incorrect and got locked outta my account.
daniel-pras:Or forgot the password.
Daniel Rosehill:Right.
daniel-curtis:Yeah, as long as I, I, I just, there are, there you, you
daniel-curtis:need to think about the scenarios that you're trying to protect from, right?
daniel-curtis:Lost phone, uh, house burned down.
daniel-curtis:Um, and you need to, you need to go to your vendor.
daniel-curtis:While your house isn't burned down and your phone isn't lost, and say, what
daniel-curtis:is, I think this is my general right?
daniel-curtis:You just have to work your, work your way back from, okay, so I
daniel-curtis:have my servers backed up with this technology, whatever it is, whether
daniel-curtis:I think it should be a cloud service.
daniel-curtis:The smaller you are, the more a cloud service makes sense.
daniel-curtis:Whether you're, whether you're, I mean, if you're, you know, if you're a giant
daniel-curtis:company and you got 50 exabytes of data, it's gonna be a little difficult
daniel-curtis:to back that up with a cloud service.
daniel-curtis:But if, if you're, you know, on the opposite end, if you're one person
daniel-curtis:with one phone, super easy, right?
daniel-curtis:So, so the closer you are to one person, one phone, uh, the easier
daniel-curtis:it is to back up, uh, via the cloud.
daniel-curtis:And, uh, anyway, I digress.
daniel-curtis:Pick the thing that you're gonna.
daniel-curtis:Back up with and then say, okay, I'm gonna back up with this.
daniel-curtis:And, and in a, in a wipe out scenario, I'm going to, I need, I'm
daniel-curtis:going to, I have to restore this.
daniel-curtis:This is my, this is my, whatever it is, my most important thing.
daniel-curtis:And what do I need to restore that?
daniel-curtis:And then, You say, okay, I need, well, all I really need is my password.
daniel-curtis:Well then now it's the password manager is the other thing, is the next
daniel-curtis:thing that, that I have to do first.
daniel-curtis:And if in the case of Sue, you need two things to recover your
daniel-curtis:password manager, then how do we get those two things protected?
Daniel Rosehill:I think that makes a lot of sense and I think that, uh,
Daniel Rosehill:people who are really interested in this personal protection stuff can take
Daniel Rosehill:a lot of cues from what, you know, the stuff that you guys are doing in your,
Daniel Rosehill:in your jobs, working in the enterprise professional environment, right?
Daniel Rosehill:Because.
Daniel Rosehill:You guys have stuff like recovery plans that are documented and
Daniel Rosehill:everything is sort of planned.
Daniel Rosehill:So I think probably a useful thing for anyone to do, as you said, Curtis, it's,
Daniel Rosehill:you know, all this stuff is really, really about preventative, right?
Daniel Rosehill:Once you're in that situation, if you're trying to speak to a human
Daniel Rosehill:at Google, you're already in a world of pain and frustration.
Daniel Rosehill:So you know what someone could do.
Daniel Rosehill:Let's say listening to this podcast is say, What would
Daniel Rosehill:happen today if I lost my phone?
Daniel Rosehill:Right?
Daniel Rosehill:So how are you gonna get access back to your, uh, to your, uh, to your
Daniel Rosehill:passwords, to your two factor credentials if they're stored in different apps?
Daniel Rosehill:Um, and you can even just, you know, open a Google Doc and write out a
Daniel Rosehill:little recovery plan for yourself based on all those scenarios.
Daniel Rosehill:Um, I don't, I don't really have any thoughts on sort of when it's too late and
Daniel Rosehill:you don't have a good system for recovery because, you know, as, as I've experienced
Daniel Rosehill:and so many people experience, It's surprisingly easy to get something like an
Daniel Rosehill:IP hopping block, get locked outta Google.
Daniel Rosehill:There's no one to speak to.
Daniel Rosehill:Uh, so it's really, you know, if you're depending on these services,
Daniel Rosehill:you really need to be one step ahead.
Daniel Rosehill:Uh, and I think something like sort of a, a, a plan, uh, as if you were a backup
Daniel Rosehill:admin for a company, uh, documenting it is, is probably the best approach.
daniel-pras:I, I was just as you were talking about this, Daniel,
daniel-pras:I like the document effort.
daniel-pras:Right.
daniel-pras:Or exercise, because that way you can try to identify Okay, where are there gaps?
daniel-pras:I was just going back, Curtis, do you remember, uh, the person we had
daniel-pras:who talked about disaster planning?
daniel-pras:Right.
daniel-pras:And this is more from, uh, environmental disaster, right.
daniel-pras:Situation.
daniel-pras:Right.
daniel-pras:How do you protect your envi or
daniel-curtis:Virginia Nichols, the single Most animated guest we ever had.
daniel-curtis:Yes.
daniel-curtis:She focuses on the stuff we don't focus on, which is, you know,
daniel-curtis:how do you get, you know, how do you get services back, right?
daniel-curtis:How do you get the, the things that you need as a human being?
daniel-curtis:Uh, you need all that stuff first.
daniel-curtis:And so she probably, Is better at thinking of those of the,
daniel-curtis:of the catch 22 situations.
daniel-curtis:You're right.
daniel-curtis:Yeah.
daniel-curtis:That's a good episode.
daniel-curtis:We'll put, we'll put a link to that episode
daniel-pras:and I was just thinking also like the same process
daniel-pras:she had talked through, right.
daniel-pras:That applies even for all of these like technology and your data as well.
daniel-pras:Right?
daniel-pras:It's just a subset of that.
daniel-pras:Right.
daniel-pras:Because I know she talked about, do you have your passport?
daniel-pras:Do you have cash?
daniel-pras:Do you have gas in your card?
daniel-pras:Do you have food?
daniel-pras:Right.
daniel-pras:All these sort of essentials, if you will, right.
daniel-pras:Life essentials.
daniel-pras:Now we're just going down to the next level.
daniel-pras:It's like, okay, now your data, how do you get your data back?
Daniel Rosehill:I think Curtis is also, um, probably something in that as well,
Daniel Rosehill:that it's very difficult when you're trying to think of stuff like, you know,
Daniel Rosehill:disaster recovery and, and the things that we don't wanna think about to
Daniel Rosehill:actually do a good job, uh, with yourself.
Daniel Rosehill:And maybe, maybe that's another thing that, that, you know, people could do
Daniel Rosehill:is actually, maybe let's say you have a partner or a wife or whatever, you
Daniel Rosehill:could, you could sort of go through these scenarios to one another.
Daniel Rosehill:If you, if this happened to you, what would you do?
Daniel Rosehill:Um, rather than just kind of trying to envision all these possibilities yourself.
Daniel Rosehill:Fun, fun, uh, dinnertime conversation topic, right?
daniel-curtis:yeah, I think, I think, you know, a good time.
daniel-curtis:I, I just had this idea a good time to test your , your idea.
daniel-curtis:So you get your idea and you get a plan.
daniel-curtis:A great time to test that plan is, when you get a new device, right, you
daniel-curtis:get a new Mac, you get a new iPhone, you get a new Android device, you
daniel-curtis:get a new pixel, whatever it is, at that moment, you can pretend like
daniel-curtis:you just lost your phone, right?
daniel-curtis:Because, because they make it really easy when you buy.
daniel-curtis:I know, I know I haven't had an Android for a while, but I know when you get
daniel-curtis:a new iPhone, the easiest way to move over to a new iPhone is to, um, Just
daniel-curtis:have the other iPhone and it'll transfer the data directly from that iPhone.
daniel-curtis:And I'm saying don't do that.
daniel-curtis:I'm saying, um, pretend like you lost your iPhone and see what
daniel-curtis:recovering that process is like.
daniel-curtis:Um, I think that in the case of personal password managers or very small business
daniel-curtis:password managers, where it's a single person in a single account, you will,
daniel-curtis:um, there has to ultimately be a person.
daniel-curtis:Who is the, the MFA sponsor?
daniel-curtis:So with a typical password manager there is like, for example, my wife and I
daniel-curtis:share a password manager for a while.
daniel-curtis:We were paying for Dash Lane twice.
daniel-curtis:And then I realized, well this is dumb.
daniel-curtis:We, you know, it's not like we need to keep account secret from another.
daniel-curtis:So, so we just have one dash lane account, which is also how I ended up having
daniel-curtis:700, 700 accounts cuz you know, there's all her accounts plus all my accounts.
daniel-curtis:But,
daniel-pras:that she has and then the 650 you have.
daniel-curtis:do you
Daniel Rosehill:is this the truth, Curtis, are you, um, are, are, are,
Daniel Rosehill:are you hiding something from us?
Daniel Rosehill:Is there, is, is there a secret site Password manager?
daniel-curtis:there's just, there's just a lot.
daniel-curtis:There's a lot of accounts out there.
daniel-curtis:I don't know.
daniel-curtis:I don't know why I have so many accounts anyway.
Daniel Rosehill:I have, I have to actually say that, that that
Daniel Rosehill:is a really, really good idea.
Daniel Rosehill:We're, we're, we're, we're talking today about sort of
Daniel Rosehill:like advanced stuff and Right.
Daniel Rosehill:If, if we have a recovery, that's the most sort of simple but effective way of
Daniel Rosehill:delegation is just to share an account.
Daniel Rosehill:I, I also share some credentials with my wife or like, Netflix, whatever.
Daniel Rosehill:And, you know, if someone's in hospital or asleep, that that's, that's
Daniel Rosehill:actually a great, a great system.
Daniel Rosehill:Um,
Daniel Rosehill:I mean, and of course you can also have your joints.
daniel-curtis:If you have a partner, a spouse, it's, it's super easy to do.
daniel-curtis:And then, uh, even a friend, it's just gotta be a really good friend, right?
daniel-curtis:Cuz you're not gonna keep any secrets from him.
daniel-curtis:The, the, um, but my point is that there is an ultimate arbiter of the account
daniel-curtis:and this, and, and in other words, my phone number is the one that is the.
daniel-curtis:If, if all, you know, if the feces hits a rotary oscillator and we lose
daniel-curtis:both of our, uh, devices authenticating from the very beginning, it would
daniel-curtis:have to be done with the phone number that's attached to the account.
daniel-curtis:Right.
daniel-curtis:Um, and the email address that's attached to the account.
daniel-curtis:And that one would be mine.
daniel-curtis:Right.
daniel-curtis:Um, but
daniel-pras:your phone, you lost your sim, you don't have you got
daniel-pras:locked out of your email account?
daniel-curtis:Well, well, it would have to be both of us because my wife
daniel-curtis:could authenticate if I got a new device, I could easily authenticate,
daniel-curtis:um, with, with my, because what the way it worked, their MFA with Dashlane,
daniel-curtis:it pops it up on other devices that are currently running Dashlane.
daniel-curtis:Right.
daniel-curtis:But we'd have to lose all devices.
daniel-curtis:So in my case it would be, I'd have to lose my laptop, both phones, the iPads.
daniel-curtis:This would be a very bad day for the Preston household.
daniel-curtis:So really that's what it comes back to, that that, that basically goes
daniel-curtis:back to what I said before, is decide what your ultimate sort of final or
daniel-curtis:begin, you know, it's the final thing, but it's like the beginning thing.
daniel-curtis:In a recovery scenario, what's the thing that you're going to use?
daniel-curtis:Is it an email account?
daniel-curtis:Is it, um, your othe password?
daniel-curtis:Is it your password manager?
daniel-curtis:Password?
daniel-curtis:Um, figure out what that is.
daniel-curtis:Pick the thing that you're gonna do and just remember, you've got to remember
daniel-curtis:that password, uh, to that thing.
daniel-pras:Yeah.
daniel-pras:And that, that's kind of what I do.
daniel-pras:Like when I was talking about my Apple environment, right?
daniel-pras:That's the one password.
daniel-pras:So I know two passwords, my apple password and my password manager password, right?
daniel-pras:Those are the two passwords that
daniel-curtis:that's what I have.
daniel-pras:Yeah.
daniel-pras:Uh, but.
Daniel Rosehill:do you guys think, do you guys think that there's any possibility
Daniel Rosehill:that in like 10 years time we're gonna have like, implantable chips with like,
Daniel Rosehill:you know, human based authentication?
daniel-curtis:It's gonna be biometric.
daniel-curtis:There's no silver bullet here.
daniel-curtis:But you have any final thoughts?
Daniel Rosehill:I think the conclusions, um, we've, we've come
Daniel Rosehill:to make a lot of sense, Curtis, that.
Daniel Rosehill:Um, you know, it proactivity, uh, going in ahead, thinking about it beforehand,
Daniel Rosehill:thinking, I like the idea that, you know, you're, you're gonna write the dash lane.
Daniel Rosehill:Um, and actually sort of like ask hard questions of these people because that's
Daniel Rosehill:what their, you know, support teams and customer success teams are, are there for.
Daniel Rosehill:Um, and just putting the thinking in before you get to these problematic
Daniel Rosehill:scenarios because I think no one wants to be in the position Sue was
Daniel Rosehill:in, uh, trying to deal with recovery cuz it's just so much more messy.
Daniel Rosehill:I'm I'm trying not to be too, too decisive cuz I'm gonna get an email
Daniel Rosehill:in like six months being like, I did what you said and I'm locked out.
daniel-pras:Well, and so, and so, Daniel, for this, for this, since you
daniel-pras:brought up that point, I would say the one thing is once you've thought
daniel-pras:of it and you've documented how you would recover, go test it out, right?
daniel-pras:Make sure it actually works.
daniel-pras:Make sure that you don't have any gaps, right?
daniel-pras:That you can recover.
daniel-pras:And I like your example, Curtis.
daniel-pras:Imagine that you're starting from a clean slate, right?
daniel-pras:No devices, nothing.
daniel-pras:What do you do?
daniel-curtis:You know, another way to do that is if you're like me, you
daniel-curtis:have a couple of old phones sitting around, um, take out one of those
daniel-curtis:and pretend it's your new phone.
daniel-curtis:And then recover, pretend that your other phone is completely dead and you're
daniel-curtis:not allowed to reach to your phone.
daniel-curtis:Right.
daniel-curtis:Um, that's, that's the only thoughts I have.
daniel-curtis:I'm gonna just gonna go back to what I said.
daniel-curtis:Just work your way back from, I have to recover this, so recover this, I
daniel-curtis:need this, recover this, I need this.
daniel-curtis:And ultimately, just make sure that whatever that is,
daniel-curtis:you have a very easy plan.
daniel-curtis:To get that back when, you know, the, the, whatever the worst happens,
daniel-curtis:uh, that could possibly happen.
daniel-curtis:So.
daniel-curtis:Well, I'm glad, I'm glad we had this conversation.
daniel-curtis:I'm, you know, I'm not sure we had good answers, but I, I think
daniel-curtis:this is a good planning question.
daniel-curtis:Right.
daniel-curtis:What, you know, this is a, like you said, being proactive.
daniel-curtis:Daniel, uh, you know, I, I agree with you, Daniel, your general thoughts.
daniel-curtis:Which is, there's not a lot of good options for consumers.
daniel-curtis:There's also not a lot of good options for small businesses.
daniel-curtis:Like, like truly small.
daniel-curtis:What I call this, this is a Curtis category.
daniel-curtis:You know, we have the SMB category, right?
daniel-curtis:The a Curtis category is called the tsb, the, the truly small businesses, right?
daniel-curtis:Right.
daniel-curtis:So the literally the mom and pops.
daniel-curtis:Um, there, there's not a lot of options there.
daniel-curtis:Uh, but there are services, right?
daniel-curtis:That are, I've been testing one.
daniel-curtis:Uh, we'll talk about it later on, on another, uh, podcast.
daniel-curtis:Uh, we'll talk about it later on another episode.
daniel-curtis:And, um, there's, there's no perfect answers.
daniel-curtis:I hope we helped Sue.
daniel-curtis:Um, you know, I, I'm sure
Daniel Rosehill:I just wanna also make clear, Curtis, that the advice offered
Daniel Rosehill:here doesn't come with any warranty.
Daniel Rosehill:So any,
Daniel Rosehill:any, anyone, anyone who actions, any advice they heard on this, on this
Daniel Rosehill:episode or the podcast in general, absolutely should not, uh, reach out
Daniel Rosehill:to any of us by email with complaints.
Daniel Rosehill:You're, you, you, you are on your own.
Daniel Rosehill:But, uh,
daniel-curtis:You're on, you're on your own, and you might not be able to
daniel-curtis:reach out to us via email because you don't have your password to your email.
daniel-curtis:Uh, so with that, um, I want to, uh, thank the listeners and remember to
Listen On
