One drawback of working as a consultant, rather than as an embedded employee within a company, is that you often don’t get to see how your content affects your client.
But I recently was exposed to some data that revealed how Bredemarket’s content impacted one of my clients.
I can’t reveal the client or the content, but suffice it to say that a particular piece of content resonated with the client’s prospects and customers.
Why?
Because it not only described my client’s green widget, but also described the emotional effects that using this green widget had on others.
Don’t forget to tell the story.
Prospects may not remember that the green widget supports 1000 ppi resolution.
But prospects will remember that the green widget brought closure to a family when a family member was successfully identified with the green widget.
This morning I was attending a NIST webinar on mobile driver’s license use at financial institutions, and began looking at the services I could access in April 2026 with my California mobile driver’s license—financial and otherwise.
But today I learned that some services are NOT available with the mDL in my Apple Wallet, but ONLY while using the “CA DMV Wallet” app.
So I downloaded the app, which I last used in my initial unsuccessful attempt to obtain an mDL. (I finally used Apple’s facility to get one.) I assumed that since I already had my mDL in my Apple Wallet, it would automatically show up in the app.
You know what happens when you assume. My buddy Google Gemini pointed it out to me.
“It’s a common point of confusion, but the Apple Wallet and the CA DMV Wallet app are actually two separate “containers” for your digital ID. Because California uses a secure, decentralized system, your mDL doesn’t automatically sync between them. Even if it’s already in your Apple Wallet, you have to go through a separate enrollment process to “provision” it into the DMV’s official app.”
Which meant that I had to enroll again and get another decentralized mDL, which I did. (After some difficulty; it took four separate attempts to capture my facial image, which was only successful when I went into a very dark room.)
Now that my mDL is in this second wallet, I could go ahead an enroll in the TruAge program for age verification at a private retailer.
Google Gemini.
As I type this, TruAge hasn’t processed my application.
And now for a word from our sponsor
Mobile driver’s licenses are a digital form of “something you have,” which is a factor of identity verification and authentication.
Would you like to learn about all six of the identity verification and authentication factors? (Not three. Not five.)
One important thing about factors is that they are independent of each other.
The fact that a person has a particular password bears no relation to the fact that a person has a particular fingerprint ridge structure.
And even modalities within a factor may be independent of each other. When Motorola sold its Biometric Business Unit to Safran in 2009, I joined a company (MorphoTrak) that promoted three biometric modalities: finger, face, and iris. While all three biometrics came from the same person, there was no relationship between any of them. Knowing a person’s right forefinger did not tell you what the person’s iris was like. (But beware: driver’s licenses and passports share information, such as dates of birth.)
If you have a critical security issue, you don’t want to depend upon just one factor, or one modality.
Double or triple them up by requiring multiple identity verifications and authentications with unrelated modalities and factors.
Imagine if we didn’t have identity verification and authentication.
I could walk into a luxury car dealership and buy a car, telling the salesperson that my name is Bill Gates. I could buy the car, and Gates would get the bill.
Sounds great…until someone impersonates YOU and gets YOUR money.
I swear I’ve written about “MasterPrints” before, but I can’t find any such article. Maybe I just discussed it internally at IDEMIA when I worked there in 2018.
“Researchers at NYU and U Michigan have published a paper explaining how they used a pair of machine-learning systems to develop a “universal fingerprint” that can fool the lowest-security fingerprint sensors 76% of the time (it is less effective against higher-security sensors).
“The researchers used “generative adversarial networks” (GAN) to develop their attack: this technique uses a pair of machine learning systems, a “generator” which tries to fool a “discriminator,” to produce a kind of dialectical back-and-forth in that creates fakes that are harder and harder to detect.”
While this happened over seven years ago and is probably harder to implement with today’s technology, I was reminded of this when I ran across this Biometric Update article.
“A new research paper explores a signal-level approach to voice morphing attacks that exposes vulnerabilities in biometric voice recognition systems.
“The abstract describes Time-domain Voice Identity Morphing (TD-VIM) as “a novel approach for voice-based biometric morphing” which “enables the blending of voice characteristics from two distinct identities at the signal level.” TD-VIM allows for seamless voice morphing directly in the time domain, allowing “identity blending without any embeddings from the backbone, or reference text.””
So it, um, sounds like we not only have MasterPrints, but also MasterVoices.
“Everyone (I think?) agrees that defining your ICP (Ideal Customer Profile) is important….
“But there’s an assumption baked into all of this: Your user is human. I think that assumption is breaking.
“As agents begin to interact with products on our behalf – often via protocols like Model Context Protocol (MCP) – your ‘user’ may never actually touch your product.
“[Other products] will become almost entirely invisible. They exist as infrastructure. As a codified set of rules that is hard to reproduce. They are never opened directly, never explored, never ‘used’ in the traditional sense. They are just… there, powering outcomes. And you know what, I think most of the B2B will fall here.”
So I’m definitely concentrating on people for the next few days, but I haven’t forgotten my bot buddies.
Many systems require more than one knowledge-based modality, which is why they sometimes ask for other things like your mother’s maiden name.
This of course is not foolproof. Your sister that hates your guts, for example, obviously knows your mother’s maiden name. And even complete strangers, especially those with nefarious intent, can deduce your personal information.
Let me introduce you to Doug.
How Doug learned Donna’s mother’s maiden name…and more
Assume that Doug wants to hack Donna’s account but needs some personal information to do so. This is somewhat tough, since Donna’s Facebook account is private and can only be seen by her friends. Well, Doug knows that Belle is a friend of Donna’s, and Belle’s Facebook password is “password1.” Problem solved.
Doug uses Belle’s account to read Donna’s posts and finds some remarkably interesting ones. Not that she’s posting her Social Security Number or anything, but what did she post?
“Happy birthday to my mom!” (This particular post was loved by Jane Davis, who wrote “Thank you dear daughter.”)
“Happy 30th birthday to me!”
“Hey, look at this picture of my new driver’s license. My picture actually looks halfway decent.”
“Hey, look at this picture of my senior citizen bus pass. Yeah, I’m old.”
“I cried when I looked at this old picture of my dog Scamper, taken in front of my childhood home on Mulberry Street.”
If you’re keeping score at home, Doug now knows the following information about Donna:
Her mother’s maiden name.
Her date of birth (from her birthday post and her driver’s license picture; her senior citizen’s bus pass doesn’t have her birthdate but does have her birthday).
Bredemarket 