-
Listen Now
EPISODE 526
Broadcast Date:
September 12, 20258 minutes
Podcast Sep 12, 2025Root Causes 526: Voice Biometrics Are Worthless
Based on the ready availability of AI-based voice cloning, we declare voice biometric authentication to be utterly valueless.
-
Listen Now
EPISODE 518
Broadcast Date:
August 13, 202517 minutes
Podcast Aug 13, 2025Root Causes 518: NCSC Lukewarm on FIDO WebAuthn
Britain's National Cyber Security Centre recently issued a lukewarm verdict on passkeys as an authentication solution. We explore the problems with WebAuthn, including account recovery, spotty availability, inconsistent implementation, and lack of Linux support.
-
Listen Now
EPISODE 484
Broadcast Date:
April 9, 202514 minutes
Podcast Apr 09, 2025Root Causes 484: Multi Good Factor Authentication
We define multi good factor authentication, which is the idea that not all authentication factors are equal. We discuss the importance of considering authentication strength and the contextual nature of trust.
-
Learn More
The all-or-nothing cybersecurity fallacy: why progress matters
Blog Post from Sectigo
Blog Post Mar 03, 2025Cybersecurity isn’t all or nothing. Incremental improvements, like automation and shorter SSL/TLS lifespans, reduce risk and strengthen defenses.
-
Listen Now
EPISODE 470
Broadcast Date:
February 19, 202512 minutes
Podcast Feb 19, 2025Root Causes 470: The MFA False Equivalency Fallacy
Not all forms of MFA are equally secure. In this episode, we describe the differences between the more secure and less secure forms of MFA.
-
Learn More
Cybersecurity basics: passwords, MFA, phishing & software updates
Blog Post from Sectigo
Blog Post Oct 04, 2024Despite years of awareness, basic cybersecurity practices like strong passwords, MFA, and phishing alerts are still essential in our fast-paced world.
-
Listen Now
EPISODE 421
Broadcast Date:
September 16, 20248 minutes
Podcast Sep 16, 2024Root Causes 421: FIDO 2 Implementation Problems
White hat researchers have raised concerns about FIDO 2 (AKA WebAuthn). We explain.
-
Listen Now
EPISODE 382
Broadcast Date:
April 29, 202412 minutes
Podcast Apr 29, 2024Root Causes 382: Mobile Phone Malware Steals Faces for Access
New malware photographs users' faces to defeat authentication mechanisms. Biometrics are not "secrets."
-
Listen Now
EPISODE 335
Broadcast Date:
September 29, 202310 minutes
Podcast Sep 29, 2023Root Causes 335: When MFA Is Not MFA
A social engineering attack to steal a one-time password (OTP) to enable unauthorized access is further exploited by a cloud backup feature.
-
Listen Now
EPISODE 249
Broadcast Date:
October 21, 202210 minutes
Podcast Oct 21, 2022Root Causes 249: What Is MFA Exhaustion?
Recent high profile attacks that were enabled by defeating MFA. We explain the concept of MFA fatigue and why it is an enabler for these attacks.
-
Download Now
Certificate Based Authentication
Whitepaper from Sectigo
Whitepaper Oct 11, 2022Certificate-Based Authentication (CBA), which can replace the need for passwords across the enterprise.
-
Listen Now
EPISODE 245
Broadcast Date:
September 29, 202210 minutes
Podcast Sep 29, 2022Root Causes 245: One Time Passcode as a Liability
A recent article from Brian Krebs advances the idea that using OTP MFA may actually be a liability to security. We explain that reasoning.
