A lot of the discussion around agentic payments understandably focuses on the “wait … how exactly is this supposed to work safely?” part. Which makes sense, given that we are talking about autonomous software making decisions that eventually lead to money moving around. So when Google and Mastercard contributed AP2 and Verifiable Intent to the
This World Passkey Day, take a moment to thank your passwords for their years of service. Then, escort them gently to retirement before they reset themselves for the 14th time this quarter. To every company still making users create complex passwords with inscrutable complexity rules, consider this your friendly intervention. The passwordless future is already
Another RSAC Conference is almost here, but it’s not going to be the same, not without Andrew. I don’t know when it will happen, but I’m reasonably sure it will hit me at some point. Maybe it will happen when I walk past one of the cafes where we’d meet to catch up and compare
When Ian mentioned the Sarbanes-Oxley Act in his LinkedIn post sharing the news of SGNL getting acquired by Crowdstrike, it led to a funny exchange between us. It also reminded me of a task I had assigned myself almost 8 months ago. Last summer, I spent quite a bit of time going deeper into how
You may have missed this recent announcement Microsoft made about adding native support for third-party passkey managers (commonly referred to as credential managers) in Windows 11. From the perspective of anyone committed to building stronger, more usable identity systems, this is an important development, and paired with the introduction of passkey syncing in their own
Getting rid of passwords has never been the end goal, not really. The mission has always been to make digital life simpler and safer for everyone, and to give organizations the ability to operate and deliver services securely, without unnecessary friction. Moving to phishing-resistant, passwordless authentication is a critical part of that, but it doesn’t
In my last blog post, I argued that we don’t need more innovation invention to fix the broken state of SaaS and cloud security that Patrick Opet’s open letter was calling out. Instead, I said that what we need are different priorities. The conversations it triggered basically boiled down to this: if we already know
In my recap of RSAC 2025, I referenced the open letter that Patrick Opet, CISO of JPMorgan Chase, published in which he spoke about how essential security guardrails are being broken down by the lack of secure-by-design thinking in modern integration patterns within the SaaS world. His open letter challenged Cloud and SaaS providers to
Just wrapped up a packed, somewhat frenetic, but mostly enjoyable RSAC 2025 Conference. And if I had to sum it up in a sentence: AI is everywhere, but trust and control are still catching up. The conference opened with a shot fired across the bow of the security and identity industry. Patrick Opet, CISO of
It’s the end of an era: after eight incredible years, it felt like the right time to close the chapter on my story at Uniken. When I joined as CTO, Uniken was an ambitious startup with a unique core technology and a vision to make a global impact. What made the ensuing journey so rewarding
