mark risher

Okay, here’s the deal with Security Keys and #phishing, because even some experts don’t really get it. HT @boblord and @runasand for the idea 1/

Excited to announce the new FIDO2 Titan Security Key - with storage for more than 250 passkeys (resident credentials). Available on the @GoogleStore now! blog.google/technology/saf…

Exciting times in auth, @DickHardt and the Hellō team have made it suuuuuper simple to configure and get up and running

Hellō in 60 seconds. Adding auth to your Next.js application has never been easier. hello-nextjs-sample.vercel.app github.com/hellocoop/hell…

Unbearably sad to lose Luiz. He was behind so many of Google’s technical achievements, writing the book on our data centers, leading the design of our computing infrastructure, and so much more. He was at the top of his field, earning ACM’s highest honor in computer architecture. Luiz saw beauty in everything, be it a warehouse architecture, a major 9 chord, or a wing of a hyacinth macaw. I’ll miss our chats about nature, music, and football, esp Brazil and Barcelona. RIP my friend. wired.com/story/google-m…

@RachelTobac @laparisa @TechCrunch The internets are safer today!

Finally got to hang out with @laparisa at @TechCrunch Disrupt!

@RamaswmySridhar The other to try is Passkeys, our newest hotness. You should be able to register on the laptop and then from the phone do the handshake in lieu of Yubikey. G.co/passkeys

Is it my imagination, or did Google blow up g.co/sc as a way to generate one time passcodes? I have a weird situation with a usbc yubi key. I was logged into desktop chrome and my iphone. In one of these "timing events from hell", I was forced to change my password. Now I am logged out of my iphone, and google login won't accept codes from g.co/sc and I can't easily use my usbc key on the iphone! (I can login fine into desktop using the usbc yubi key.) I ordered a lightning/usbc combo key as a way out... @mrisher @GoogleWorkspace

@RamaswmySridhar One thing to try, security codes were very sensitive to IPv6 in the past, so if the laptop and phone aren't the same subnet that could cause false rejection

1/ Incredibly easy to make something cool with LLMs, but hard to make something robust and consumable by end users.

@sampullara The other x-factor is cross-functional leadership and communication, so lots of practical and group projects. Beyond that, core skills -- stats, business, marketing, technology -- which folks can pick up from observation. There are exec ed courses, e.g. online.stanford.edu/programs/produ…

@sampullara Good question! At Google we found the hardest to teach is product insight and vision, so I tell people to deeply study products they like (and hate) and reverse engineer out customer, constraints, business models, prioritization rubric...

Why is there no major in Product Management? If you were designing one, what would it look like?

@stshank @jasonmcneill @FIDOAlliance Yes @FIDOAlliance is working on smoothing out recovery for passkeys (without introducing a security backdoor, since many sites' recovery channels are easier to attack than the primary authentication (I'm looking at you, "Secret Question")). There's an older paper on the FIDO sire

@jasonmcneill @FIDOAlliance IIRC FIDO is working on improving account recovery with passkeys. Not sure if that's new standards, documenting best practices, or what. Any thoughts or pointers here @mrisher?

Passkeys aren't perfect, but they're gonna be huge. With Google now accepting passkeys for logon, passwords are ripe for replacement. Apple's doing a little evangelism here, with support from companies like Kayak and Robinhood that now offer passkey logon. developer.apple.com/news/?id=mgdnf…

Episode 3 of Les Bobards d'Oscar from the startup I've been advising is live on @youtube 🇫🇷💕😀 youtu.be/LZ3d33oC7kI

Passkeys for @Google Accounts are here! Passkeys are simpler and safer than passwords, and part of a 10+ year industry-wide push to improve digital identity for the internet at-large! 🔐 #WorldPasswordDay blog.google/technology/saf…

Big news today! You can now create & use passkeys on your @Google Account for passwordless sign in. It's a big step in a cross-industry effort that started 10+ years ago, bringing us towards a safer, more convenient, passwordless future #WorldPasswordDay security.googleblog.com/2023/05/so-lon…

Today Google is launching passkeys for all personal accounts...you can try it out right now. There are some other companies that have done this, including PayPal, but for a lot of people this will be the first time they make a passkey wired.com/story/google-p…

After about a decade’s work on this problem, I’m so happy bring this to our billions of users today. blog.google/technology/saf… Passwords are dead. May we never have to see them, remember them, or type them.

Dr. Namandjé Bumpus, Chief Scientist of the FDA, has been a first in almost everything she’s done. But for her, success will mean that she’s not the last. See how she’s breaking glass ceilings for those who are underrepresented in science at bit.ly/44eT8nC. #WeCanDoThis

(1/4) We’re always focused on the safety and security of @Google users, and the newest updates to Google Authenticator was no exception. Our goal is to offer features that protect users, BUT are useful and convenient.

Passkeys are coming! They're easier to use *and* safer than passwords, and now they're rapidly gaining traction on Android, Chrome, and all the platforms

"To maximize the performance of Chrome on high-end devices, we are now targeting them with a version of Chrome that uses compiler flags tuned for speed rather than binary size." Up to 30% faster on the Speedometer 2.1 benchmark! 🏎 blog.chromium.org/2023/04/more-w…