Hello, welcome to the Thursday, June 30th, 2020 edition of the Sandstone at Storm Center's

Stormcast. My name is Johannes Ulrich, and I'm recording from Stockholm, Germany. Today's diary,

we got one from Rob. He sort of took a quick informal survey of different multifactor authentication applications that you typically have on a phone

and how easy or difficult it is to move those authenticators to a new phone. Now, of course,

most authenticators these days are using some variation of what's commonly known as Google

Authenticator or these

time-based one-time passwords. They tend to be reasonably easy to move if the application

cooperates in allowing to do this. And of course, many password-safe applications are supporting

now this form of authenticator.

Where it gets more tricky are sort of proprietary applications, which often are specific

designed to not allow the user to register the same multifactor authentication token on different

devices.

That's often seen as a security feature because it does prevent the unintentional copying

of the authenticator.

In these cases, I actually would probably still prefer if organizations are allowing

registering multiple authenticators in order to make the move

to a different phone easier.

Then we also have a new managing human risk report from Sands Security Awareness, targeting

professionals who are dealing with security awareness program.

So really not so much about the different awareness topics,

but really more sort of how these professionals work within organizations.

Well, sort of interesting, if you are working full time on security awareness,

...