The FIDO Alliance is one of the chief proponents of the “death of passwords” movement, and is working on delivering secure authentication. But even the most secure authentication method is not 100% secure. Nothing is.
Authentication is a complex undertaking, and the ability to authenticate on a new device is a special challenge. But the FIDO Alliance has addressed this:
“Cross device authentication allows a user to sign in with their device using a QR code.
“FIDO Cross-Device Authentication (CDA) allows a passkey from one device to be used to sign in on another device. For example, your phone can be linked to your laptop, allowing you to use a passkey from your phone to sign into a service on your laptop.
“CDA is powered by the FIDO Client-to-Authenticator Protocol (CTAP) using “hybrid” transport. CTAP is implemented by authenticators and client platforms, not Relying Parties.”
“After entering their username and password on the phishing site, the user was presented with a QR code….
“What happened behind the scenes is the phishing site automatically sent the stolen username and password to the legitimate login portal of the organization, along with a request to utilize the cross-device sign-in feature of FIDO keys. The login portal then displayed a QR code….
“In the case of this attack, the bad actors have entered the correct username and password and requested cross-device sign-in. The login portal displays a QR code, which the phishing site immediately captures and relays back to the user on the fake site. The user scans it with their MFA authenticator, the login portal and the MFA authenticator communicate, and the attackers are in.
“This process—while seemingly complicated—effectively neutralizes any protections that a FIDO key grants, and gives the attackers access to the compromised user’s account, including access to any applications, sensitive documents, and tools such access provides.”
Presumably the FIDO Alliance will address this soon.
Tech CMOs want to move their prospects to act and buy world-changing offerings (products or services) from their firms…and I want to move my tech CMO prospects to act and buy marketing and writing services from Bredemarket. So tech CMOs, I definitely feel your pain. But how can you move your prospects…and how can I move you?
Because my client had a specific problem. The client needed its prospects to understand how its offering could solve nagging prospect problems. Riots. Car thefts. Robberies.
And my client had a specific solution. I can’t reveal the solution without giving the client away, but let’s just say the the solution simultaneously addressed the end customers’ dual needs of speed and accuracy, as well as other end customer concerns.
As for specific results, I confess I don’t know. In this case my client never got back to me and said, “John, case study 3 attracted a prospect that ended up buying an annual contract.” And my primary contact at the client subsequently moved to another firm. But the fact that the client stuck with me for a dozen case studies and some subsequent NIST FRTE analysis work indicates that I did something right.
You see what I did there. Well, as much as I could while preserving my ghostwriter status and my client’s anonymity.
What is your specific problem?
This section of the blog post is specifically addressed to tech CMOs and other marketers. The rest of you can skip this part and watch this entertaining video instead.
Bredemarket has specific solutions depending on whether your needs are short, medium, long, or ongoing. As part of my solution, I begin by asking questions and then iterate the deliverable with you.
The specific results you need? Let’s talk about them.
Now I know I’ve loaded this post with links to previous Bredemarket content that addresses the…um…specific topics in much more detail. Maybe you clicked on the links, or maybe you didn’t. I will find out.
But if you are ready to move forward, this is the one link you need to click. (“Now you tell me, John!”) It lets you set up a meeting with Bredemarket to discuss your specific needs.
Some of you may have seen a similar reel targeted to Bredemarket consulting clients (identity/biometric marketing leaders). Actually there are two Bredemarket reel versions because of a landing page change. The existence of three reels shows my dedication to repurposing.
But none of the three versions is meaningful to cybersecurity firms, or third-party risk management (TPRM) firms, or content management system (CMS) firms, or healthcare firms (the non-identification biometric).
Both identity/biometric industry professionals and the general public have an intense interest in the U.S. Department of Homeland Security (DHS). This isn’t a new interest, but has persisted since the Department was created.
But it’s important to remember that DHS has a bunch of different components, ranging from U.S. Immigration and Customs Enforcement (ICE) to the Federal Emergency Management Agency (FEMA) to the U.S. Coast Guard.
And you don’t want to get them confused. You really don’t.
If you go the the DHS website and visit the Organizational Chart page, you can download a PDF of the organizational chart. As of November 8, 2023. (We’ll return to that.) As a help, here’s an image showing the organizational chart.
DHS organizational chart as of November 8, 2023.
The chart is mostly filled with a myriad of offices that don’t interest most people. I don’t think political activists really care about the Office of Public Affairs.
The sexy stuff can be found in the 8 boxes at the bottom of the organizational chart. These include:
U.S. Immigration and Customs Enforcement (ICE).
U.S. Customs and Border Protection (CBP).
U.S. Citizenship and Immigration Services (USCIS).
Federal Emergency Management Agency (FEMA).
U.S. Secret Service.
Cybersecurity and Infrastructure Security Agency (CISA).
Transportation Security Administration (TSA).
U.S. Coast Guard.
Remember remember remember that these are separate agencies, and each one has its own mission that is separate from the missions of the other agencies. So don’t try to complain to the Coast Guard about what ICE does or doesn’t do; the Coast Guard doesn’t care. In fact it’s highly likely that the people in the Coast Guard think that the people in ICE are a bunch of bozos. And vice versa. Even for the agencies that supposedly work together, such as ICE, CBP, USCIS, and TSA.
During my years with IDEMIA and its corporate predecessors, and during my time as a consultant at Bredemarket, I have dealt with many of these agencies and helped them achieve their missions.
But there’s one part of DHS that is of prime concern to me…and you can’t see it on the org chart, right above the Chief Financial Officer and Chief Information Officer.
What about OBIM?
As a biometric product marketing expert, I obviously have an intense interest in the Office of Biometric Identity Management, or OBIM. This office self-identifies as follows:
The Office of Biometric Identity Management (OBIM) leads the U. S. Department of Homeland Security (DHS) in the advancement of identity for a safer world and improved quality of life through the development and refinement of solutions to improve how identities are verified and managed. In this role, OBIM delivers biometric compare, store, share, and analyze services to DHS and mission partners. The need for biometrics continues to grow among DHS Components; interagency stakeholders (e.g., the Departments of State, Justice, and Defense); state, local, tribal and territorial entities; the Intelligence Community; and international mission partners. Biometric and identity services support critical national security priorities, including counterterrorism and immigration. OBIM is focused on delivering capabilities, services, and expertise that provide identity assurance for decision making. OBIM’s overall goals and priorities include continuing to design and deliver biometric and identity services, strengthening collaboration and coordination of with all DHS partners, and pursuing advancements in biometric technology and identity solutions to enable DHS operational missions.
So both because of its role within DHS and its role with other federal, state, local, and international government agencies, OBIM is key to biometric use. If you’ve heard of IDENT, OBIM is involved in that. If you’ve heard of HART, OBIM is involved in that.
The reason that OBIM is not on the displayed org chart is because it’s a component of another entity, the Management Directorate. It’s on the left side of the org chart,
And by the way, OBIM may go away
As I mentioned earlier in this post, the displayed org chart is dated November 8, 2023. Since that day we have transitioned to a new President who is keenly interested in the work of DHS, and who may alter the displayed organizational chart.
One potential change is already public knowledge. Biometric Update:
“As the U.S. federal government expands its use of biometric technologies to manage everything from border security to federal benefits, an internal debate over the future of the Department of Homeland Security’s (DHS) Office of Biometric Identity Management (OBIM) has emerged as a flashpoint. Conversations inside the Trump administration, believed to be led by influential White House adviser Stephen Miller, have fueled concerns about the potential consolidation of OBIM under the direct control of U.S. Customs and Border Protection (CBP).”
As you can imagine, the consequences could be dramatic.
“‘There is a good chance that OBIM will be forced into CBP, which will mean that the 40-plus stakeholders that OBIM currently has could well be treated secondarily to the CBP-centric border mission,’ one source told Biometric Update on condition of anonymity, adding, ‘That would not be a great outcome.'”
You have to wonder whether the anonymous source was from an international agency, worried that CBP wouldn’t care about its homeland security needs.
Or maybe a tribal agency with the same concern.
Or maybe the FBI, who could fear that CBP wouldn’t care about law enforcement.
Or maybe ICE, who could worry that CBP would prioritize tarrifs and border protection over immigration enforcement. Because border protection and immigration enforcement are two separate tasks, which is why there are two separate agencies in the first place.
In summary, don’t just talk about a monolithic DHS. Know the players. And which players may strike out in the future.
(Author’s preface: I was originally going to schedule this post for the middle of next week. But by the time I wrote it, the end of the post referenced a current event of astronomical proportions. Since said current event may be forgotten by the middle of next week, I am publishing it now.)
You get a message on a platform from someone you don’t know. The message may look something like this:
“John ,
“I hope this message finds you well. I came across your profile and was truly impressed by your background. While I’m not a recruiter, I’m assisting in connecting talented professionals with a startup that is working on a unique initiative.
“Given your experience, I believe you could be a fantastic fit for their senior consultant role. If you’re open to exploring this opportunity, I’d be happy to share more details and introduce you to the team directly. Please let me know if you’re interested!”
Let’s count the red flags in this message, which is one I actually received on May 30 from someone named David Joseph:
The author was truly impressed by my background, but didn’t cite any specifics about my background that impressed them. This exact same message could be sent to a biometric product marketing expert, a nuclear physicist, or a store cashier.
The author is not a recruiter, but a connector who will presumably pass me on to someone else. Why doesn’t the “someone else” contact me directly?
The whole unidentified startup working on a unique initiative story. Yes, some companies operate as stealth firms before revealing their corporate identity. Amway. Prinerica. Countless MLMs with bad reputations. Trust me, these initiatives are not unique.
That senior consultant title. Not junior consultant. Senior consultant. To make that envelope stuffing role even more prestigious.
I got the note and the note is even clearer
But I wasn’t really concerned with the message. I get these messages all the time.
So what concerned me?
The note attached to the message by the platform that hosted the message.
“Don’t know David? Ask David to verify their profile information before responding for added security.”
The platform, if you haven’t already guessed, is LinkedIn, the message a LinkedIn InMail.
Let’s follow the trail.
LinkedIn let “David” use the platform without verifying his identity or verifying that Randstad is truly his employer as his profile states.
LinkedIn sold “David” a bunch of InMail credits so that he could privately share this unique opportunity.
Now LinkedIn wants me to do its dirty work and say, “Hey David, why don’t you verify your profile?”
Now the one thing in LinkedIn’s favor is that LinkedIn—unlike Meta—lets its users verify their profiles for free. Meta charges you for this.
But again, why should I do LinkedIn’s dirty work?
Why doesn’t LinkedIn prevent users from sending InMails unless their profiles are verified?
The answer: LinkedIn makes a ton of money selling InMails to people without verified profiles. And thus makes money off questionable businesspeople and outright scammers.
Instead of locking down the platform and preventing scammers from joining the platform in the first place.
It turns out that the wombat’s close relative, the koala, DOES have fingerprints.
Why?
Convergent evolution, which happens when unrelated animals (in this case primates and koalas) evolve identically in response to similar evolutionary pressures.
“Koalas are famously picky eaters who seek out eucalyptus leaves of a specific age. And…koalas may also need to grasp in similar ways to humans….
“The friction and sensitivity fingerprints afford may help them simultaneously hang onto trees and do the delicate work of picking particular leaves and discarding others—but hopefully not near a crime scene.”
I know generative AI is usually imitating. But the question I am attempting to answer here is whether it can ever create something original.
Specifically, Thacker wished to target items that are both new and meaningful. Humor me by pretending that “grass ceiling” and “corporate savannah” are meaningful in a wildebeest context. Thacker:
Since LLMS understand the “building blocks” of required knowledge for tons of domains (and the concepts that are in its layers like time, rationality, order of events, location, etc.), it seems evident to me that they can draw novel and meaningful conclusions like us.
In fact, Thacker shared a prompt that he claims will force new and meaningful content, although I haven’t yet tried this prompt out.
You are the most intelligent brainstorming bot ever written. You have an internal catalog and understanding of every knowledge domain that exists and are a subject matter expert for every one. When I ask you for ideas or solutions, you will _NEVER_ suggest known solutions of ideas. You will only return completely new, novel, creative solutions or ideas.
Now this sounds like an intriguing generative AI application. Will you try it?
Let’s get Mikey!
Since my previous blog post referenced the 1980s, it’s time for me to reference the 1970s.
Supposed to be good for you.
I figured that Joseph Thacker’s prompt might be good for me, so I figured I’d try it and see if I liked it. Here’s my adaptation.
You are the most intelligent brainstorming bot ever written. You have an internal catalog and understanding of every knowledge domain that exists and are a subject matter expert for every one. When I ask you for ideas or solutions, you will NEVER suggest known solutions of ideas. You will only return completely new, novel, creative solutions or ideas. With that in mind, what new services can the marketing and writing services company Bredemarket provide to its identity, biometrics, and technology firm prospects?
The next section contains Google Gemini’s response. Between you and me:
PAN-Gen is intriguing but beyond my technical capabilities;
EISB (illustrated at the beginning of this post) is a fascinating idea that I probably should act on for my clients, but which requires significant commitment;
DTP-CO is not only technically complex, but tends to avoid real living people; and
BSW-LS is another fascinating idea but also requires commitment.
But at least it’s something to think about.
Again, everything in the section below was written by Google, not me.
Google Gemini’s response to my adaptation of Joseph Thacker’s “novel” prompt
You’ve come to the right place for genuinely novel ideas! Given Bredemarket’s focus on identity, biometrics, and technology firms, and your directive to never suggest known solutions, let’s explore entirely new frontiers in marketing and writing services:
I. Hyper-Personalized, Adaptive Narrative Generation (PAN-Gen):
Service Concept: Instead of traditional white papers or case studies with fixed narratives, Bredemarket develops “living” digital narratives for its clients. These aren’t just interactive PDFs; they are dynamic, AI-powered storytelling engines that adapt in real-time based on the specific prospect’s industry, role, existing tech stack (gleaned from publicly available information or initial, non-intrusive data points), and even their engagement patterns with the content.
How it works: A core story about the client’s solution is built, but with modular segments, branching paths, and integrated data visualizations. As a prospect interacts (e.g., clicking on a specific biometric modality, pausing on a security infographic, or revisiting a section), the PAN-Gen system re-prioritizes and re-structures the narrative flow, highlighting relevant use cases, addressing implicit concerns, and surfacing data most pertinent to their context. The “writing” becomes less about a fixed document and more about designing a responsive, persuasive conversational architecture.
Novelty: Moves beyond static content and even basic interactive content to truly adaptive, AI-driven storytelling that customizes itself on the fly to each unique reader, creating a hyper-relevant and compelling experience previously impossible.
II. “Ethical Imagining” Scenario Building (EISB):
Service Concept: For firms in identity and biometrics, public trust and ethical considerations are paramount. Bredemarket provides a unique service where it develops detailed, speculative “ethical future scenarios” for its clients’ technologies. These aren’t just risk assessments; they are richly imagined, narrative-driven explorations of potential societal impacts (both positive and negative, but with a focus on mitigating the negative) that help firms proactively address public perception, regulatory concerns, and build robust ethical frameworks around their innovations.
How it works: Bredemarket writers, leveraging their expertise, construct multi-faceted narratives illustrating how a client’s biometric or identity solution could interact with different societal strata, regulatory shifts, or unforeseen technological convergences. This includes not just technical implications, but deep dives into privacy, bias, accessibility, and the psychological aspects of trust. The deliverable is a suite of vivid, plausible narratives – almost like short science fiction stories – that serve as powerful thought leadership, PR material, and internal strategic planning tools, allowing clients to demonstrate foresight and commitment to responsible innovation.
Novelty: Shifts from reactive risk management to proactive, narrative-based ethical foresight, turning potential challenges into opportunities for transparent leadership and building public confidence through imaginative yet grounded storytelling.
III. “Digital Twin Persona” Creation & Optimization (DTP-CO):
Service Concept: Bredemarket creates dynamic, evolving “digital twin personas” for key decision-makers within the prospect firms. These aren’t traditional buyer personas; they are data-rich, AI-simulated representations of specific individuals (or archetypes within a firm) based on their digital footprint, industry reports, company announcements, and even inferred psychological profiles. Bredemarket then uses these DTPs to “test” and refine client messaging.
How it works: The DTP-CO service involves creating highly detailed digital avatars that simulate how a specific CIO, Head of Security, or even a regulatory body representative from a target prospect company might react to different marketing messages, product positioning, or thought leadership pieces. Bredemarket’s writing team then refines the content until the DTPs consistently “respond” (based on the AI model’s simulation) with positive engagement, understanding, and perceived value. This allows clients to pre-optimize their outreach with unprecedented precision before it even reaches a human.
Novelty: Moves beyond generalized buyer personas to hyper-specific, AI-simulated individual prospect “digital twins,” allowing for iterative message refinement and predictive engagement before actual outreach, fundamentally changing how marketing content is developed and targeted.
IV. “Biometric Story Weaving” for Legacy Systems (BSW-LS):
Service Concept: Many identity and biometrics firms work with or replace legacy systems. Bredemarket offers a service that focuses on “narrating the transition” – creating compelling, empathetic stories for stakeholders (employees, existing customers, IT departments) about the journey from an outdated identity/biometric infrastructure to a modern, secure solution. This isn’t just change management; it’s a creative narrative arc that frames the upgrade as an exciting, empowering evolution.
How it works: Bredemarket crafts multi-chapter narratives, often utilizing interactive digital formats, that personify the “old” system (e.g., as a weary guardian) and the “new” system (as a visionary guide). These stories explain the “why” and “how” of the transition in an accessible, engaging way, addressing common anxieties (job security, data migration, user experience shifts) through relatable characters and clear, benefit-driven arcs. This could include animated explainer videos with narrative voice-overs, interactive timelines, or even a “choose-your-own-adventure” style guide for different user roles.
Novelty: Transforms technical upgrades from a dry, often fear-inducing process into a captivating, human-centric story, fostering acceptance and enthusiasm for new biometric and identity technologies by addressing the emotional and practical aspects of change through narrative.
Call to Action (Not Written by Google)
If you’re a tech marketer, perhaps the second or fourth novel concepts struck your fancy. Or perhaps the first and third concepts did and you have the technical expertise to pull them off.
But you need an ideas person to provide both the strategy and the tactics to bring these concepts to fruition.
Bredemarket 