Hear from host Paul Spain and Justin Soong founder and technical director at Authsignal, as Justin shares about fortifying online security through innovative authentication solutions. They discuss the challenges and triumphs surrounding identity protection and the latest cybersecurity breaches.

Plus, tech news from the week including:

  • 2025 Hi-Tech Awards finalists revealed
  • Canadian Tech company buys majority in Serato
  • Quantifi Photonics acquired
  • 2degrees fined $325k for misleading claims
  • Microsoft turns 50
  • Trump’s tariffs may mean paying more for gadgets in US
  • Amazon can now buy from other websites for you
  • Why military planning shouldn’t be on Signal

Apple Podcasts Spotify RSS Feed

Special thanks to our show partners: One NZ, 2degrees, Spark NZ, HP, and Gorilla Technology.

Episode Transcript (computer-generated)

Paul Spain:
Greetings and welcome along to the New Zealand Tech Podcast. I’m your host, Paul Spain. And today very pleased to have Justin Song, the founder and technical director at Auth Signal, joining us on the New Zealand Tech podcast. How are you Justin?

Justin Soong:
Thanks Paul. Great to be here. Third time now on the New Zealand Tech Podcast.

Paul Spain:
Yeah, look always good to catch up and yeah, great to have a bit of a coffee chat today and then we’re gonna sort of pack in into this episode the sort of usual tech news of the week type topics. Looking forward to hearing some of your opin there and then to sort of really hear some of your insights. I guess when we talk about sort of identity and authentication and so on, the world in which you operate on, maybe you can just fill listeners in on what it is you do at Auth Signal for those that aren’t familiar.

Justin Soong:
Yeah, great, thanks Paul. So at Authsignal, we are a cybersecurity company and we protect you and your accounts and chances are you have used one of our solutions but didn’t even know that you are interfacing with our technologies. So if you’ve booked a flight, if you’ve traded something on trade me our APIs for example, kick in and protect you and trigger things like multi factor authentication, protecting you and your accounts from the big bad world of cyber bad actors who are constantly trying to crack and get into your accounts.

Paul Spain:
Yeah, yeah. In fact it’s interesting because I was chatting to one of the team at Xero on the cyber security side at a cyber conference I was emceeing I think last year and we started chatting around authentication and it didn’t take too long before we started chatting around Auth Signal. And yeah, we got onto Air New Zealand using your, your technology and I think that, you know, the comment that came there from, you know, one of their senior tech folks was oh yeah, in New Zealand was the first place that I set up and started using passkeys and that all signals, you know, technology at play. So yeah, and I think that’s actually quite common around New Zealand is if someone’s, you know, had a first experience on passkeys, which is I hope is probably all or the very large majority of those listening has quite possibly been within New Zealand or another platform that uses your technology.

Justin Soong:
Yeah, and this is a public service announcement to anyone who doesn’t know what a passkey is. Chances are you are on a Google Microsoft account, you have accounts with, you know, you’ve just mentioned Air New Zealand. Turn it on, it’s going to protect you a heck of a lot more than your password can. It’s that layer of defense that the bad actors are struggling to try and crack. And one of the big qualities of a passkey is its phishing resistance. Without going into too much detail, what that means is a bad actor can’t ask for your passkey and then go to a service provider and go, hey, look, open the door for me. There are some really great smarts that stop them from doing that. And if you look at a password or a PIN or dare I say the SMS one time password codes that you get, all these types of technologies are fishable.

Justin Soong:
I can ask you and you can tell it to me and then I can pass it on.

Paul Spain:
That’s right.

Justin Soong:
And passkeys are so great at mitigating that phishing risk that you find in other types of authentication.

Paul Spain:
Yeah, and there was a very interesting example in the last few weeks, I can’t remember whether we’ve discussed it on the show already, which was Troy Hunt getting phished and he runs the have I been pwned Website that tells you about all of these organisations and databases that have been hit and compra compromised. And you know, so here’s a guy that lives and breathes this sort of stuff and then he, you know, succumbed to a phishing attack, put in his username, his password and this is all, all out there. He’s, you know, he’s published a blog post about it. He’s very transparent. And then he went and you know, got his multi factor code and put that in and you know, the moment he had done that, this particular email database that, that he had was, you know, compromised and you know, down downloaded by, by the bad actor. And he, you know, moments later he realized what had happened, you know, quite possibly because of, you know, after he’d entered those, it didn’t, you know, it didn’t respond in the appropriate manner. And so, you know, it is, yeah, people aren’t infallible, even those that live and breathe these, these things. So, you know, one of his comments was, you know, if, if he’d had, you know, passkeys enabled on, on that account, then look, this, this wouldn’t have happened.

Paul Spain:
So yeah, really good. Well, we’ll come back and, and delve a bit more into that later on in the show. Of course, a big thank you to our show partners, One NZ, 2degrees Spark, HP and Gorilla Technology, really appreciative of their support of the show over the years and of the broader sort of technology and innovation ecosystems. That they really get in behind in New Zealand. First up, on the sort of local news front, finalists for New Zealand High tech awards have been announced. Look, it’s always really exciting actually sort of following what goes on with the high tech awards because in some cases we’re hearing about those companies that have been working away for years and years and years and you know, they’ve maybe you know, really hit a real sort of, you know, pinnacle sort of point and others there, you know, the emerging companies, the startups that are just starting to come through, it might be the first time we’ve, we’ve ever heard of them but they’re doing, you know, in every case they’re doing some pretty amazing work behind the scenes. So lots of companies to mention their Crimson Education, Kami Link Engine Management, SIOS Aerospace, Tate Communications, they’re all up for the PwC high tech company of the Year award. And then there’s, you know, there’s a big list of others across the, across the other areas and I’m sure if you go through that list and I won’t run through them now but you can see all of them listed on the website that there’ll be a bunch there that you probably have come across at some point along the way and there’ll be other ones you’ll be wondering well who are these folks and why are they up for an award? So we’ll certainly be working whether it’s sort of in the, in the sort of space between now and, and the high tech awards which I think off the top of my head probably may time frame and in Wellington.

Paul Spain:
So yeah, that’s yeah, definitely something we’ll, we’ll look forward to and you know, sharing some of those details and we’ll probably chat with, with, with some of the, some of the winners as well. Just checking the dates there. The gala dinner 23rd of May 2025. So if you, if you haven’t got your tickets and and so on it’s, it’s kind of starting to be that time to start thinking about getting flights booked. If you’re not Wellington based as in Wellington this year and, and, and, and getting a ticket because it’s always a really amazing event. I guess from a perspective of just you know, catching up with people, you know, from the sector around the country and, and getting a taste of, you know, what’s, what’s really happening.

Justin Soong:
I hope they still do the sit down dinners. I’ve been to one. Yeah, yeah, it’s a great night out and we don’t celebrate enough Here in New Zealand, we beaver away for 12 months in the year and, you know, having to have the tech ecosystem come together, celebrate, it’s great.

Paul Spain:
Yeah, yeah. So, yeah, so we’ll come back and delve more into that now. You know, this is one, one thing, I guess, you know, with having show partners that are, that are in the tech, the telecommunications sector. You know, a lot of times they’re in the media for, you know, for, for the good things that they’re doing, but they also don’t get it right all the time. So I guess I like to be quite transparent and to call companies out if they’re a partner or not of the show or if there’s something that hasn’t gone right. I don’t think we should sort of hide those things. So we got the news through that 2degrees have been fined 325k for what’s described as making misleading claims to customers. This comes from the Commerce Commission.

Paul Spain:
So we’re actually quite used to these stories coming through, particularly in the telecommunications sector, because these companies, if we look at 2degrees, 1 NZ spark, they’re really big companies and everyone in New Zealand, every adult, is likely to be using one of those companies or one of their brands or, or if they’re working with, if they’re using another mobile provider, it’s going to be off one of their networks. So this one, it’s taken a while to kind of get through the process, but 2degrees advertised roaming that they listed as free or at no extra cost. But what they got pulled up on was that customers were actually charged after 90 days of use and that wasn’t in the headline. So if you were traveling, I mean, it probably a reasonably unusual case to be, you know, in Australia for, for 90, 90 days on the trot or even 90 days, you know, in, in, in a given year, you know, as, as another scenario. And I think it’s yeah, a total of 90 days of, of, of use. But they were, you know, they were pinged for that. What are your thoughts on this, Justin? Like, you know, how do you get these things, you know, perfect and appropriate? Cause generally these things are covered off in their fine print somewhere. But like, you know, how big should your headline be around these sorts of capabilities? Cause I guess they used it as a bit of a headline thing to go, hey, we’re doing something different.

Paul Spain:
And if we look at each telco, everyone tends to pick, oh, I’m gonna focus on this thing, I’ll focus on that. And they pick their own areas to, you know, to differentiate a little bit.

Justin Soong:
Yeah, I think this problem with misleading statements seem to be a recurring theme in telco for the last 20 years. I think we, you know, everyone’s had a turn at, at breaching some form of misleading marketing. So I think it’s a very difficult problem because telco products are very complicated. I don’t even check my bill these days because I’m traveling quite a bit and it’ll take too much of my time to check. But I think, you know, in this day and age, consumers really keen for a fair go and you know, we don’t even have fair go anymore to look after consumers. So like consumer rights, I think good on the regulatory body to act. I think need to set a high bar in New Zealand, not let that those standards slip. So you know, good thing that, that you know, there’s just some transparency and, and hopefully, you know, you can learn from that mistake and move on.

Paul Spain:
Yeah, yep. And I, I do see that, you know, this is an area where, you know, two degree, two degrees of lead on this, this idea of not charging roaming to, you know, it’s at least the business customers. Maybe it’s postpaid plans that you’re, you know, you’re covered with that, that level of free roaming. But I see it’s not, not exclusively them now who are offering, you know, some sort of capability or type of offering. So you know, it’s obviously sort of caught the attention and, and maybe it is one of those scenarios where others have lost a bit of market, you know, have lost some customers. Because actually if your business is one where you’re traveling quite often, this is an area where they’ve delivered something that makes a difference to certain customers.

Justin Soong:
Yeah, it’s a compelling proposition I think as a headline. So I’m sure there are many customers that would have switched because of that campaign. So I think lesson is go talk to your internal teams before pushing something out.

Paul Spain:
Yeah, well, they’ve all got, they’ve got a significant marketing capability and legal teams and so on. Right. So I don’t think, yeah, I don’t think any of these companies are thinking that they’re gonna get hit. But when you get a $325,000 fine. Yeah, it certainly will have something of an impact internally. Now moving on acquisitions, there’s always tend to be different acquisitions going on in the tech space. Sometimes with startups, sometimes more well established firms and a couple that have taken place recently that we haven’t mentioned before. Serato.

Paul Spain:
Now this is not a complete acquisition, but this Was I guess in the news going back in the direction of a couple of years that Serato were likely to be acquired and it was the Overseas Investment Office and I think the Commerce Commission that, you know, can be part of the play. And interestingly there was pushback from an anti competitive sort of stance, I think from the Commerce Commission last time round in that they declined this acquisition from Alpha Theta and it was going to be north of 100 million New Zealand dollars. So it was a pretty big deal at the time. Now young Lee, I think he’s the CEO, he’s been on the podcast in the past, he’s still the chief executive there and I guess under his watch now this next deal has gone through and so what they’ve done is, is they’ve sold a majority stake to Canadian firm and technology company Tiny and they’ve taken a 66% stake and this particular deal now puts a valuation on Serato of 175 million. So, you know, just shows, you know, how impressive Serato is and what a valuable business that is that’s been built. And I guess this is technology that started out as some pretty humble software for dealing with sort of time stretching of audio. I remember being sent access to some very early software, you know, back when, when, when I had a, I guess a, a little startup in the, in the, the electronic music world a long, long time ago, you know, but now, you know, the world’s top DJs, you know, using their, their technology every time you see them, see them on, on stage with a, you know, a pioneer sort of DJ kit and you know, varying other equipment. So quite a big success story and quite pleasing.

Paul Spain:
I would, I would say that actually there’s a, there’s a, there’s a, there’s a part of the business that at this point anyway is, is, hasn’t, hasn’t been sold.

Justin Soong:
Yeah. And we haven’t given them enough air time here in New Zealand. They are absolutely, hands down one of the best New Zealand exports and success stories. Right. How often you hear the Serato name unless you’re into DJing or know a few DJs. Absolutely. Shouting from rooftops. An amazing success story needs to be up there and I’m glad that they’re getting the funding or the ownership that’s required to continue their success.

Justin Soong:
And so good. It’s just down the road here in Auckland.

Paul Spain:
Yeah.

Justin Soong:
Employing amazing talent software engineers, game changing, world changing. I can’t sing enough praises for a company like Serato blazing a trail for all of us.

Paul Spain:
Yeah. And look, they’ve been at it for a really long time. So yeah, it’s always encouraging to see those sort of exit type opportunities for founders and investors along the way. The other one, and this is a few weeks ago now, but we didn’t mention it was Quantify Photonics. Who I guess they. And if you’re not familiar with the term photonics, what I’m familiar with was it really relates to, in a lot of cases, sort of, you know, fiber optic type tech. The AI breakdown I said I got was that photonics is the branch of technology concerned with the properties and transmission of photons. But what they do is develop and manufacture, manufacture the test solutions for that sector.

Paul Spain:
And yeah, some pretty impressive and interesting technology and a number of entities that were invested in them, one of them being Punakaiki Fund. And we had Lance Wiggs, who heads that up on the podcast a while back. And some will know, you know, I’ve found Punakaiki Fund to be an interesting way to be able to, I guess put a little bit into our startup sector in New Zealand. So when I saw that that had been sold, of course I’m like, oh, this is good for me as a very small time investor. And yeah, I think, you know, I guess I would encourage listeners to look at, well, how can you be involved in supporting, you know, our tech sector and startups? And I guess, you know, everyone or most people, you know, have some form of investment, whether it’s a kiwi saver or what have you. And so, yeah, it excites me to see some of these exits happening. At other times I sort of feel like, oh, I wish, you know, I wish they hadn’t been sold just yet. I’m sure they’ve got good opportunities ahead, but this is all part of building our local ecosystem out.

Paul Spain:
And so often the funds that come when one of these acquisitions happens end up flowing back into the tech sector with the next startup. And of course we build up more and more expertise and we get better and better at how to take these companies out to the world. Right?

Justin Soong:
Yeah. And that’s what happened in Silicon Valley over decades to get to where they are now. Obviously very, very much the model for venture, but that’s off, you know, years and years of Xerox and HP and these sorts of companies that you don’t really talk about too much anymore. But they were involved in a lot of the success stories. And you can trace lineages of founders back to other founders that go back to roots from the old school Silicon Valley firm. So who knows in the next 10, 20 years I hope that we can trace lineages back to zero. Trade me. And you’re already starting to see those employees go out, build businesses.

Justin Soong:
So yeah, it’s a compounding effect. Startups are so crucial for New Zealand and we need to get more people investing in it. And Punakaki is one channel to do that.

Paul Spain:
Yep. And that’s part of your background, right, working in the startup world that, you know, gave you valuable experience, you know, prior to launching Auth Signal. That’s right, yeah. All right, so onto sort of the international front. Microsoft have turned 50. That makes me feel a little bit old because they’ve been around as long as I can remember Technology companies. The old Microsoft BASIC used to be pretty common on some of those early computers and so on and have been a fascinating company to watch with their ups and downs. And I guess personally I spent a bit of time working inside Microsoft on a kind of contracted basis in my earlier years and of course their technology within certainly New Zealand businesses, you know, they’ve had a big part to play over the years.

Justin Soong:
So what was your first memory was basic, was it?

Paul Spain:
I mean, yeah, I remember before I kind of got my. Before I came across Ms. DOS and Windows which were on the IBM and in those early days, the clone PCs I definitely interacted with and programmed in the BASIC language of which Microsoft would have been. They were one of the key players in that world in those early days. I can’t remember specifically whether I did any programming on a Microsoft BASIC or whether it was on somebody else’s basic, but that was certainly, I guess key to them with Altair BASIC being. Being their, I guess their first sort of, you know, real major, major product.

Justin Soong:
Just giving away your age without giving it away completely. Mine, mine was Ms. DOS, I think 3.1 or Windows 3.1 was the operating system that I have the earliest recollection. So then you can go work out and reverse engineer my age there and I just remember, you know, what 10 or 20 floppy disks to install the operating system and then you have to put them in one by one to get your OS installed and you’d have to reformat every year just to get it back to how it was.

Paul Spain:
Yeah, I remember the Microsoft were based just the building across from the one we’re in now back in. It’s over 30 years ago now when I was at their, their local kind of Auckland office, it was in Simon street here in Auckland and I remember going back to my office, the company that I was working for but then contracted through to Microsoft with a stack of those, I think, three and a half inch floppy disks to install what was the sort of the, I guess the. What eventually has become Windows 11 through its many iterations, Windows NT 3.1 beta. And it was a big stack of those, those three and a half inch.

Justin Soong:
Disks and user manuals.

Paul Spain:
And yeah, I think we had, I guess it would have been PDFs back then, but I remember studying for a Microsoft exam as a, you know, as a youngster maybe, you know, I was around 19 or 20. And yeah, they had, you know, they had these Microsoft exams that had just launched and a couple of the, I guess the founding New Zealand staff at Microsoft were doing these Microsoft exams for what was Windows NT then. And so, yeah, somehow it got mentioned and I was like, okay, I’ll do that too. And so, yeah, I remember they had this spreadsheet of all of the Microsoft certified professionals in the world. And because I was internal, you could actually open up the spreadsheet. I guess it was an Excel spreadsheet. And you can see everyone listed and I was number 4044 on the list. So they were gaining traction quite quickly.

Paul Spain:
But of course, these days there’s probably tens, tens of millions of people that have done those exams. Not something I do these days, but they still play an important role within the tech sector. Right.

Justin Soong:
Worth their weight in gold back in the day. Right. If you’re a Microsoft certified professional, mcp, you were a very desired hire.

Paul Spain:
Yeah. Yep. And I think, you know, these things have got value today. So there’s a lot we could kind of delve into. We would, I mean, you know, and yeah, in some ways we could do 10 episodes on Microsoft and still, still have, you know, hundreds of topics that we hadn’t touched. So I’m sure there will be people out there doing, you know, doing some, being 50 years of Microsoft, there’ll be some pretty interesting content out there to look at for those that are, that are curious. And, you know, I think that like any, any business, they’ve had their, they’ve had their ups and ups and downs, but lots, lots of, lots of lessons. And I think, you know, if you look at their, you know, their current success, you know, it speaks to a company that has, you know, innovated many, many times and, you know, continues to do so.

Paul Spain:
But at times it looked like they’d really lost, lost their way. And yeah, lots of, lots of stories, lots of, lots of factors.

Justin Soong:
Yeah. And now we have a data center just down the road from Here, Right?

Paul Spain:
Yeah. Yeah. Well, they’ve, you know, they’ve led the way on that front into New Zealand, although, you know, interesting that there’s a bit of a flip side to that. And, you know, we’ve been following that. Some of the data centers that look like they were going to launch and open have not proceeded so. Ones where they’ve announced, ones where they’ve been putting in investment. And I think that’s a sign of either the economy or of the fact that maybe some of their perspectives on AI haven’t actually maybe needed to move as fast as what they thought. You could probably delve in further on that, but it is.

Paul Spain:
The realities, right, is there is a huge amount of, I guess, speculation that innovative companies have to go through and you have to make your judgment calls around where you’re gonna go, and sometimes you have to change tack pretty quickly. And the fact that they’re still here 50 years on, I think give some indications that they’ve often managed to get that right, but they’ve certainly not always got it right. In the early days on this show, I guess. Well, one of our hosts was a Microsoft employee and we’d speak a fair bit about the Windows Phone ecosystem, which, although it was pretty cool, it just, it didn’t manage to catch on.

Justin Soong:
Windows ce, wasn’t it?

Paul Spain:
That was. Yeah, I think that was sort of the underlying, underlying technology and it had its various iterations.

Justin Soong:
Well, I hope they throw a big party and you’re invited on the list.

Paul Spain:
All right, so moving on, Trump’s tariffs was huge news in the last week. And, you know, these things seem to be kicking off, you know, pretty quickly. A lot of coverage in around the world, but in sort of US tech media, they’re really talking about the, the cost of, you know, some, some tech and some gadgets, you know, potentially, you know, going up quite substantially and what impact this might have in terms of sales. So, you know, for those that are maybe invested in tech stocks, the likes of Apple and Samsung and others, those companies are quite likely to be hit in one way or another, whether it’s a drop off in demand or a drop off in profitability. But, yeah, there’s certainly going to be an impact, I think, here in New Zealand for us as consumers, maybe not so much. So this is an interesting perspective. It used to be that you want the best price on a gadget. You might get it when you’re on your travels and maybe in the US because it’s such a big market, but if anything, that’s come via The US carries a large tariff, then you might fly to the US to pay 50% more or 10 or 20% more or whatever it lands up being on certain tech rather than being, you know, the place to get that new piece of tech.

Justin Soong:
Yeah, that’s right. The cowboy hats that I’ve been wanting to buy will be going up. Yeah. I think consumers in New Zealand probably not directly affected, but we all work for an exporter for some shape or form. If not we’re servicing an export. So, you know, generally tariffs are not good and where things will probably have changed, you know, in the next 24 hour news cycle. So things are moving so quickly and everyone’s trying to react form an opinion about it. Markets still generally viewing this as not a good thing and trying to reconcile that.

Justin Soong:
So all eyes on the news really to see what next, what announcement’s gonna.

Paul Spain:
Come out of the U.S. that’s right, yeah. And look, on that basis, if you want to get the New Zealand tech podcast fresh, make sure you are following or subscribed through. You know, whether it’s your favorite podcast app like pocketcast that I use, Apple podcasts, Spotify, that’s the way you get it the quickest. So you’ll get it, you know, fairly quickly after we’ve launched, you know, within within hours. So same day goes up on the website, usually the next day and in a lot of cases, not this particular episode, but a lot of cases there’s also the live stream which you can catch as, as we do it. So yeah, make sure you, if you want to get access to the live stream, you certainly follow me on LinkedIn or on X and we’re also on Facebook and YouTube as well. So a few ways to sort of get access depending on how fresh you want it, then the live stream is the very freshest and for the audio podcast really on any platform onto, onto other topics because that’s, it’s certainly, as you say, it’s going to be a pretty fast evolving topic, I imagine.

Paul Spain:
And yeah, there’ll be, you know, new news coming out, you know, pretty, pretty swiftly as we see what the impacts are in different areas. And sometimes, you know, some of these tariffs we’ve heard about get paused or pulled quite quickly. So yeah, certainly some interesting aspects. I think one of the things that stood out to me, I heard a few people say, you know, hey, these are all justified. Look, you know, Trump, you know, Trump highlighted what all these countries were charging tariffs to the US And Trump’s only charging sort of half of the, you know, half of the tariff. But yeah, as soon as we heard about, oh, New Zealand’s getting a 10% tariff but you know, New Zealand are charging a 20% tariff to the US and I thought that’s a bit of a load of, you know, rubbish because the tariffs and my understanding of it. You may know a little bit more, Justin, but you know, tend to be sort of specific in particular areas like, oh, look, you know, if we’re importing, you know, maybe it’s, if we were importing, I’ll make something silly up lamb because why would New Zealand ever import lamb? But it might be to, you know, protect our local industry that there would be a tariff, you know, for importing, say lamb from another country and that’d be a particular level. But we don’t, as, you know, we don’t tend to have a flat sort of blanket 20% tariff for the U.S.

Paul Spain:
so there’s these sort of political things that come in and they certainly, you know, encourage. Yeah. Or create some, some confusion. I, I guess so, yeah, just, just, just want to be, you know, aware of there. But yeah, getting the full story on these things usually takes a lot more time and space than we get in a, in a typical kind of, you know, news headline or, or, or even a TV story at times. And certainly we’re not, we’re not going to kind of dive into the depths of that here. But another topic that I saw which was quite interesting is that Amazon wants you to be using them. So they’re doing this testing of a new option where they can go out and buy stuff for you from a source outside of Amazon.

Paul Spain:
So this is kind of agentic agent based AI. So you know, a feature where you want something, it actually isn’t available necessarily, you know, directly within Amazon’s own ecosystem, but then they can pull it in from wherever, slide it into your Amazon app or Amazon website with a buy for me option, which means Amazon aren’t selling it to you directly but they’ll go out and get it and you know, pass through all of your details. And I guess in that type of scenario there’s sort of a range of possibilities how that might play out, whether they put a markup in there, whether you know, exactly how that fits together, I think will be interesting to watch. But the fact that they’re testing these things I find, you know, quite fascinating. Apparently they’re doing it with a, you know, a small subset of, of users in the US at this stage on iPhone and Android devices. So yeah, just, I guess a little bit of a of a taste of. Yeah. Future possibilities even if it’s not something that we, we’re going to get immediate access to in New Zealand.

Justin Soong:
Yeah. And the interesting thing about agentic workflows, you know, bots effectively buying stuff on behalf of you is a few things. One, the retailers now need to let these bots through. I think previously bots were considered a bad thing, there to do more harm than good or try and try and exploit your e commerce platform or try and scrape Taylor Swift tickets. But now you could have an agent queuing up in line for you for your Taylor Swift tickets. And how do you reconcile that? What’s a good bot, what’s a bad bot acting on behalf of you. So I think there’s a lot of emerging problems that are really ripe for some really good thinking and it’s really challenging the previous notions of like I just mentioned, just yeah, what’s a good bot, what’s a bad bot? Yeah.

Paul Spain:
Now sort of leaning into sort of more security types of topics which is very much your, your day to day world. What’s happened in the, in the US with the journalist who was invited to you know, a signal group where this chat was, was going on, you know, between the sort of highest officials in the US around you know what were at that stage confidential military plans against Yemen’s Houthi militants. This was just a really bizarre one to read about because you kind of, you know, you expect government officials to be operating in a particular manner and having I guess using a public app like Signal where people can just get invited via name and the contacts or a mobile number and you don’t really know how secure these consumer platforms are just seem absolutely bizarre, I think it’s fair to say. What was your take when you saw this, Justin?

Justin Soong:
Yeah, there’s a few things. One was similar surprise to you that they use Signal. I think Signal is a great tool for end users like ourselves. But when you’re dealing with classified military grade information, I would have thought that there was dedicated platforms and secure channels for you to communicate. But I think this just shows you that it’s a big problem in your world and our world of shadow it is. You may have all the apps and all the secure channels for your employees, but how are you enforcing looking after the shadow it? And I think there’s some questions around controls whether signal is approved application on these mobile phones. Second thing that stood out was these guys are just day to day people using emojis like we do fist pups and rockets emojis and so I thought that was quite humanizing.

Paul Spain:
Yeah.

Justin Soong:
And then lastly is the puzzling thing. It’s like that’s pretty big blunder to invite someone into your group chat. I think that was the first thing you check when you start a WhatsApp group is make sure you add the right person. Right. So, and to have that, I guess now I’m throwing everyone into headspin. Maybe check who’s in your group chat just after this podcast. It might not be the person that you thought it might be. And you know, your address contacts are probably poor.

Justin Soong:
B may not be the right poor that you’re. You’re adding to your group. So I think there’s some learnings there, you know, sort of takeaways, you know, for me is, yeah, look at all. It’s all back down to human error. That is still the number one risk when it comes to cybersecurity. And it’s not an easy one to fix.

Paul Spain:
It’s not. And look, I keep seeing a range of scenarios where you just wonder how well was policy and guidance around these sort of types of topics. Like you talk about shadow it, people using, you know, their own, you know, whether it’s consumer based tools or things that they’ve just gone and acquired without the organisation being involved, you know, and, you know, versus doing things properly. And so you wonder, you know, why, why did Hillary Clinton, you know, have the issues she had with things, you know, government stuff on, on her own, you know, through her own email server? I think Trump got caught up and somewhat, you know, somewhat similar things at some stage. You know, here we have people from his administration, so we’ve had all these lessons before and there’s that, you know, were they, were they given the guidance? Did they understand what the consequences were? Are there consequences for folks that do this sort of stuff and blatantly use a tool that, you know, largely you would think that it would be a firing offence in that type of environment to be using this type of tool now. Yes, it got, you know, got downplayed as these things, you know, sometimes are. But, you know, a really, really poor action. And you wonder about just if you were to delve in there, how well did they really understand? Because one of the things that I see within organisations is sometimes it’s the more senior somebody gets, I was just about to say then the less interested they are because they’re like, no, no, I know all of that stuff.

Paul Spain:
You don’t necessarily need to, you know, you don’t necessarily need to need to tell me or yeah, the whole team needs to, needs to go through and have that onboarding and have that training. But I mean, but then you’ve got, then you’ve got some, you know, some senior folks that are like, hey, that, you know. But that’s, that’s not us, is it? That, you know, there’s a whole range of scenarios and then looking at the devices like, okay, for this to happen, this is probably happening on personal devices. Cause you probably wouldn’t imagine that the White House is giving out devices that have necessarily got consumer apps like Signal as the standard thing. So there’s so much to unpack there, isn’t there?

Justin Soong:
Yeah, and you make a good point. And I think we don’t have to go too far to see those instances of executives asking for exemptions for their own personal devices or work phones to have different things turned off and to have PIN codes turn off because. And very topical something that, you know, we were very passionate about because security generally is painful.

Paul Spain:
Yeah.

Justin Soong:
And the CEO who is super busy may be thrown into different types of loops when he wants to use his app or phone and he starts getting super frustrated. So the first thing he goes to is head of cybersecurity or chief Information Officer is turn these controls off for me. And I think where cyber teams and IT teams need to really, really draw a line in the sand in this. No matter who you are in an organisation, these controls should apply to everyone. And, and there’s no exemptions, no matter whether you ever see in front of your title.

Paul Spain:
Yeah, yeah. And yeah, I think that that can be a challenge. It can be pretty hard to, you know, to push back at times because often leaders are, you know, they’ve got into these positions because they’re very powerful, you know, communicators and negotiators and you know, can, can be quite strong willed. So, you know, not everyone is necessarily geared up with, with what it takes to, you know, to go through one of those types of discussions or debates and is able to, is able to, you know, push back. And so yeah, it’s, it is, it’s something that, you know, all of us that are involved in this world. Yeah. Probably deal with from time to time and you know, from one side or another. And we do need to, to, to think about how we get the best out and for those that are in leadership positions, have some empathy for those that are on the other side of that.

Justin Soong:
And that’s why I was so happy that you took out your Yubikey just before the podcast to authenticate yourself you’re Leading by example, you know, and that’s amazing.

Paul Spain:
Oh, that’s good. Yeah. These are just sort of the, I guess the everyday things. Right? And look, I mean I’ve had discussions internally on things and been challenged on, you know, hey Paul, no, you, you can’t access XYZ from, you know, from, from a, you know, a personal device. You know, sometimes we’ll get sent in these, you know, consumer devices for the podcast to review. And I’m like, oh, it’s much easier if I can, you know, if I can use that and do company work on it. And you know, I, I had, you know, I got, got pulled up by, you know, one of our senior team members and said, no, we’re not making an exception for you and here’s why. And, and actually that, you know, I just needed that pushback and didn’t take long to think about it.

Paul Spain:
Yeah, yep. Fair, fair enough. Because if, if, if, you know, if I’m getting special treatment, it needs to be a really, really, really good, a really good case. And that’s, you know, when I, the more I thought about it, I thought no, that’s, you know, that, that’s, that’s not a special enough case. And I guess, you know, I’m used to sort of pushing, pushing others to sort of step up. So yeah, we’ve got to follow those things. And then so also on the security front is this Australian super fund the cyber attacks there. Maybe you can walk us through this because this is pretty close to home, but it also is in the sort of realm of what you do with all signals.

Paul Spain:
So I imagine you’ve been paying quite a lot of attention to this case.

Justin Soong:
Now we’re following this quite closely. So cyber actors and more importantly potentially nation state actors have been targeting Australia, New Zealand and it’s a well known fact and the first thing that they are trying to do is not only extract funds out of our bank accounts or our insurance platforms or fund accounts, they are trying to embarrass our government and they have succeeded in a few ways over the last few years, including targeting politicians as one example. Right. So yeah, it is not a surprise unfortunately that the inevitable headline is coming up around the targeting of financial services. It’s well known fact that this is going on and I guess it’s what is that this article and this event that happened on Friday. Not going to specific details but the threat is real to consumers. It’s hundreds of thousands of dollars that have been per customer in this instance that have been able to be drain out of account and to potentially the most vulnerable of of the citizens and consumers which is in the case of super funds or superannuation funds, it’s the ones who are just about to retire, right. So the ones who are going to cash out the amnesty to for the next ten years or whatnot.

Justin Soong:
So what we’re big on is in 2025 you need to have an MFA first strategy in your organisation and we can help with that.

Paul Spain:
Without multi factor authentication you are really leaving the door wide open.

Justin Soong:
Wide open. And you talked about Troy Hunt earlier and the website have I been been pawned? There’s a high chance if you go to the website website right now, key in your email address, you’re a user account that you have used in the past, that username and password is highly probable being breached. So whether it’s password123 or password with your date of birth which is one of the more common password combinations, assume that that’s breached, assume that that’s public. And when you start taking that perspective, you realize the controls that some service providers have in place may not be adequate for 2025. Now you couple that to deep fakes, you couple that to the fact that I can clone your voice. This is where digital trust and safety online become a big minefield for the most vulnerable and for people that who like we like to think that savvy IT users. Right. So things are moving very, very quickly.

Justin Soong:
This headline that we’ve seen in the news around super funds is unfortunate but we, we really hope, I think in this part of the world we have more concrete government regulation and teeth when it comes to large organisations who deal with our money especially stepping up to the plate and putting these controls in. And one thing that we touched on at the start of the podcast is phishing resistant authentication. And the only one that’s available, and I mentioned UB keys as well is a passkey. And we’re going to see more regulation in Asia coming out of this year. One of the reserve banks in Asia won’t name the country but you’ll find out very soon there are, you know, considering issuing a UB key to every single citizen. It’s how how serious cybersecurity and affecting citizens has gotten into to take that proactive action from this government. Right. So I’d like to see a lot more of that.

Justin Soong:
Unfortunately if the status quo still stands, you’ll see more headlines and you know, we hate that we don’t like that those it’s the ambulance at the bottom of the cliff. If you are Listening and are a decision maker and are looking to prioritize initiatives within your organisation. Put multi factor authentication or pass keys at the top of your list. It’s only going to be good for your customers. And to be honest, what we are seeing is all the hesitancy around these sorts of technologies, around friction and we can solve all of that. That’s what we specialize in, making the customer experience really smooth. And what we’re seeing is actually customers are now using these technologies like they, you know, because they’re so used to it, you know, on their phones and just breezing through it.

Paul Spain:
Yeah, yeah.

Justin Soong:
And they’re going through making a purchase, booking their flights, transferring money, buying something off an auction without too much hassle. Plus they get the security uplift.

Paul Spain:
A real peace of mind. Right. When you’ve got these things.

Justin Soong:
So, and then if you’re a consumer, if you’re hearing this and you’re going, yeah, this is not, not good enough. If my service provider is still using really archaic forms of authentication, do put pressure, do go and ask them why when I ring up, you’re asking me for my date of birth as a security question. Because chances are if I go to your Facebook account or Instagram account, I can figure out your date of birth. And if I’ve just heard the fact that you worked on Microsoft Basic, I can probably pin down to the exact year as well. So yeah, look, it’s a minefield and we are so passionate about getting everyone safe and secure, especially new authentication technologies.

Paul Spain:
Yeah, look, I was one of those who, my first experience, well, it’s certainly my first sort of successful experience with passkeys was, you know, was in New Zealand, which is your tech. But I also noticed with, with them, you know, when calling up over the last little while that they put you through a bit of a verification process when you call up for, for help over the phone. And I was kind of a little bit curious about, you know, about that because that’s your technology as well. Right. And I, I guess, yeah, I’m looking at sort of recent scenarios, talking to different entities, banks, airlines and, and others. And yeah, I did see someone sort of posting on, oh, it was a bit of a hassle to, you know, to, to, you know, get through into New Zealand and so on. But when I thought about sort of the alternatives and actually it happens pretty quickly on the phone. So you call up, they say, hey, we’re going to send you a message to, you know, to confirm who you are and so on, that all kind of happens while you’re, you know, effectively getting in the queue or in the queue anyway.

Paul Spain:
And then there’s no backwards and forwards with them asking who you are and verify with silly things like birth dates, which I’m pretty sure that it’s a high percentage of the population whose birth dates have been in a data breach. So we go online and look up a particular person’s birth date using appropriate sort of tools. You’re gonna find that in a data breach, if it’s not already publicly just left out there on a social network as it, as it is in other cases. So, yeah, I was just quite pleased with that versus a bank example recently and just the sort of hoops that they were trying to jump through of oh, can you name this and that particular bank? And wanting to name different transactions and different things that they was their way of naming the transactions, working, working it out and like that was a bit of backwards and forwards actually. That, Yeah, I, I actually, yeah, probably feel more relaxed now, now that I’m used to it, around the approach that in New Zealand, you know, are taking. And I think we, we actually, we need to be able to, you know, gain that sort of, you know, confidence going, going forwards. And also if you’re taking an incoming, you know, call, there are challenges there, right? The person’s saying, oh, what’s your birth date and this and that. And you’re like, hold on, you called me, why do I have to give you that, that detail? And still there’s a lot of organisations, you know, I think, you know, probably most organisations, if they need to call you and they need to verify who it is, they don’t have an approach that’s particularly trustworthy or appropriate on that front.

Justin Soong:
Yeah, and kudos to the Air New Zealand team. They are not just blazing a trail in the customer experience. They take feedback on very. They take feedback on and they want to give you a great experience while keeping you safe and secure. So full kudos to the team there and to those who are listening. Again, if you’re in a position where you’re influencing customer experience, you know, we’ve got a great leading light here to, to follow. And like, you know, Paul just mentioned, if you’re still asking your customers what they ate last night as a security question, which personally I think is a very intrusive question, you know, I don’t need to tell you whether I’ve eaten a burrito or gone to Domino’s. One those are very private information that I like to keep.

Justin Soong:
Or kfc hot and crispy boneless Chicken, which coincidentally I had last night. Again, those are really things that you shouldn’t need to intrude on your customer to verify who they are. So these are the things that we again, dive very deep in. It’s our bread and butter. We’re seeing different types of use cases and problems around verification and identity. You know, one entity here in New Zealand onboards many of the employees online and for the most part only meet their counterpart or their colleague at a party and figure out and go, oh, wow, didn’t realize you’re this high or this short or look like that because for, for a lot of the times you’re dealing with them with, with, with Zoom or through email alone. And, and we’ve trusted that, we’ve trusted that the person on the other side of the phone or Zoom call is who they say they are and not a deep fake. So again, it’s lots of, lots of digital trust issues that are emerging and gen AI and deep fakes are probably one of the big issues to tackle in the next few months.

Paul Spain:
Yeah, well, when you can fake a voice and fake a video and so on, that really. Yeah. Changes the picture a fair bit. And we’ve certainly heard about a range of issues in that space. Hey, great to catch up, Justin. If folks, I guess the sort of organisations you work with are those who tend to deal with a lot of consumers. So it could be an airline, a bank, a retailer, sort of, you know, that’s kind of your, that’s our sweet spot. You tend to sit.

Paul Spain:
So if folks are interested in that sort of technology, wherever they sit within the business, what’s the best way of kind of finding out a little bit more about Authsignal?

Justin Soong:
Yeah, great. So just hop on our website, authsignal.com if you’re in New Zealand, you’re already interacting with a few of our customer experiences. Have a go. I mean, the first thing that you do, and I advise everyone, is to, you know, get, get a passkey onboarded some of your favorite service providers there. It’s going to save you time the next time you interact with the service provider, but it’s also, also going to keep you very secure. So we’ve got a great team here in Auckland and you know, so hit us up and we’re only a email away to help with your requirements.

Paul Spain:
Yeah. Oh, that’s great. Well, really, really nice to have you back on New Zealand tech podcast. It’s, you know, it’s always interesting to, to catch up because yeah, you, you see and hear things that that. That maybe, you know, the rest of us don’t necessarily see as. As well as obviously a lot of the things that. That are going on publicly as well. So, yeah, really good.

Paul Spain:
And of course, a big thank you to our show partners again, Gorilla Technology, HP, Spark, 2degrees and One NZ. We really thank them for their support and everything that they do for the tech and innovation ecosystems within New Zealand. Well, that’s us for this episode. Thanks everyone, for listening in and we’ll look forward to catching you on the next episode. Apologies, we skipped an episode last week. I was at a funeral and I’m traveling a bit this month. But we do have episodes coming through, so shouldn’t be any other. Other gaps coming up in.

Paul Spain:
In the immediate future. So thanks, everyone. We’ll catch you again next week. All right, cheers. Thanks, Justin.

Justin Soong:
Thanks, Paul.

Paul Spain:
That was cool. So just before we do mention the.

Justin Soong:
Palm thing at all. Oh, don’t worry. Yeah.

Paul Spain:
So we’ll pick it up next time.

Justin Soong:
People. People will comment. What the hell is that?

Paul Spain:
Yeah. Because we had. We. We did go on quite a while. Right. So I’m thinking if we would squeeze it in. We’re making the episode because how long did we record? Or shouldn’t I ask? Okay. Okay.

Paul Spain:
So we went. We went a million miles over the hour. Yeah.

Justin Soong:
One hour. Right.

Paul Spain:
Try to get 45 to 60.