brief introduction uh I've got 77 it certifications 36 are in cyber security five of them are pent testing certification saying that I can break into your building I can break into your network I do get hired to break into Banks and hospitals uh as a matter of fact uh I've even presented here in this room for another organization called infosec Southwest which is a cyber security conference that uh has not been resurrected since Co um I that's a that's a picture of me doing that to a CPA office uh I've worked alongside bang breach teams in the Special Forces uh for physical construction uh my father was a locksmith so I've been I've eat breathe sleep physical security cyber security all day long so the point of this is not to train you all how to be hackers uh the point of this is to train you what you need to do to prevent from people being hacked uh hacking is becoming more and more I'm going to say Main stream uh because the resources out there to do it are easy um you can easily get your hands on some YouTube courses uh people out there are desperate to make money by creating content and they push that content out to people who are interested in making money and sometimes making that money on the backs of you so let's walk through normally this is a live presentation and I get volunteers uh which leads more to the indigestion uh so uh open source intelligence Gathering is the first phase of an attack meaning if somebody hired me and said hey come pentest penetration test my business I would first look them up I would look them up on Facebook I'd look them on up on LinkedIn I'd look them up on glass door I'd start finding your employees names if your website has a nice clear list of all of the executives and VPS and partners and people who are in charge at the organization thank you so because what I'm going to do is I'm going to do some searches I'm going to do some searches for those people these are some of these are are sites you can record if you want and and go check out yourself now I know people in the legal organizations have easy access to tools like Lexus Nexus and a lot of other resources these are free so again when we're talking about people who are coming after you there are no barriers to anything in this presentation if people want to spend money this gets way easier so true people search fast people search you can pull those up right on your laptop right now there's no cost to go to these These are aggregate dumps of State databases and public databases and private databases they have email addresses in them and zoom info if is the exact opposite of the spectrum if you were going to go spend I don't know $33,000 a month Zoom info will will practically give you your kids's made name at this point uh there's there's no barrier for Zoom info uh they already know everyone that works at your your your business they already have everybody's cell phone number everybody's address there's no digging if they've got a zoom info account so I'm going to take that information list I'm going to take your employees I'm going to take that list of people who have been very clear that you might have even instructed to go put on LinkedIn that you work at this firm or at this organization and then I'm going to go look at what breach data those people have dehashed is a great website you can go to for breach data you can see that that's that says 14 billion those are compromised email accounts those are compromised pieces of information so how does that happen this is a website that you went and put your information in years ago they didn't do their good job of securing their website and that data gets hacked and breached so this isn't anything that you did in particular so the responsibility is out of your hands the problem is is that people like to reuse passwords and as they reuse passwords if I do a dark web search on someone and I see that they've been in 15 different breaches and I see two passwords well guess what passwords I'm going to bring at you I'm going to try those passwords everywhere I'm going to try those on Apple pay I'm going to try those on PayPal on Samsung I'm certainly going to go to your company's web portal I'm going to go to Gmail I'm going to go to office I'm going to try those passwords and if there's a one on the end I'm going to add exclamation mark if there's a one on the end I'm going to change it to a two right people's passwords in high school were I love Dolphins now for corporate requirements it's I love dolphins with a capital I and a one and an exclamation mark in the end it's not hard for me to figure this stuff out there's actually tools that hackers have that just do it for us uh and there's a lot more than just dehashed uh rate 4 this website no longer exists this has been taken down by the FBI uh raid forums is actually a place where people were buying and selling entire websites and databases and giving themselves hacker challenges so hey man I'll give you 50 bucks if you can go hack that website and get the database for me and then two days later somebody would be hey here's your database that's it uh it's that fast and easy so what do I have so far well I got some Network IDs what's a network idid that's your IP address right that's given to you by your internet service provider whether it's Spectrum or aound or a TNT it doesn't matter who it is they're giving you an IP address you probably put it into your firewall you have it configured in some way shape or form I've got account information I've got user information I've got passwords and I'm going to look those passwords up to Pivot for more passwords uh there's a uh an interesting story we are doing a reconnaissance on a company uh and we discovered that one of the VPS of the company as we did this process his his password was impressively unique but he kept reusing it cuz he thought it was super secure and it was super unique well 15 minutes later I've got his catfish accounts that he's going out and trying to date people behind his wife's back because I looked his password up in the breaches found that he was in the Ashley Madison breaches and a few others and then suddenly I had this whole other personality that he had constructed online and now I was able to look up more information on that uh leads to interesting conversations at the uh the office table uh so I've got IP addresses where to bring these passwords to and I've got software information uh meaning people who have left your organization right they want to go get another job they're holding their hand up at LinkedIn and saying hey these are my skills so if you're organization is a trial Works organization or a file Vine organization they're going to Clearly say this is how many years of experience I have in these tools and these skill sets please hire me well I can go tell hey this Law Office uses these tools so I can engineer ATT tax using these tools to get their employees to do something so now I'm going to do some digital reconnaissance of the Target digital reconnaissance is I'm going to go look up what you're using there's a whole bunch of information that crazy it nerds develop and look at so I can go out and I can look up what's called your MX record which just tells me who hosts your email right so I know I'm going to Google which is google.com and I know I'm going to office.com if you're using office these are not complicated things if you're using software as a service or using servers that are on premises if everything you're doing is web hosted I'm able ble to reach out and touch those things anytime I want I'm able to easily reach out and scan them easily reach out and fingerprint them and I'm going to easily engage those tools and services that exist that you're paying for just like the websites that got breached if your information is not properly secured if your information is not properly indexed I might get into the services that you're purchasing and there are tools that let me do that so showan doio is a website that Aggregates that data for me in digital forensics if anyone is experienced here you can usually get an idea of who's been talking to you who's been poking your network who's been doing these things well website like showan do it for me they poke and scan every IP address on the entire internet about once a week so I can just go make an account at showan which is super cheap and if you buy some Black Friday or some Christmas deal maybe it's $20 for life we're talking very very very small dollars uh I'm going to know everything it is that your company is offering to the internet is there a VPN that you're offering is there web pages are there other things that you have out there do you have another portal off to the side you I've got a IP address for your internal information and then you've got an IP address for public you know uh even simple things like are you offering public Wi-Fi and then stage four this is where I'm going to physically attack your office how does that physical attack happen well uh there are again websites out there like hackers for hackers that are already doing these things wigle.net is a great one wigle.net is literally a website where I walk around with a backpack and I track all of the Wi-Fi that my backpack comes across and I just submit it uh you might not be able to see but on the right hand side of that screen it says Wi-Fi observations that's for that's 15 billion recorded Wi-Fi networks how many people are on the Wi-Fi right now how many people are also using a VPN on the Wi-Fi that you're using right now good for those of you that didn't raise your hand you're on a shared network with a bunch of other devices and those devices can talk to you they might not be able to talk to you directly but I can do things like man in the-middle attacks where I'm pretending to be the network and I'm telling the network that I'm pretending to be you and I can start recording in data the vpns protect you from that anytime you're on a public network if your it person has not screamed at you in some way shape or form that you need to be on a VPN that's why and this is why because I'm already going to know without leaving the comfort of my office what the Wi-Fi is at your office there are passwords in wiggle very often I will literally Drive downtown in Austin I'll be busy I'll be in between something somebody will call me and they'll need some kind of support I'll just pull over look up where I am and wiggle there's like you know a billion passwords for Wi-Fi there I'll just hop on somebody's Wi-Fi sometimes it's meant to be public sometimes it's not most likely your business's Wi-Fi is here um and even if you have uh a Wi-Fi that isn't uh already listed I can get your Wi-Fi to hand me what's called its token that token is encrypted so I need to take it back to my office and I need to crack that but you can see just from a little bit here that getting Wi-Fi cracking tools is not difficult it is not complicated and as you can see it says easily crack 70% of Wi-Fi passwords I'm I'm closer to 90 um we're at the point we cracking passwords in Wi-Fi Space is really really really easy because the same video cards that people are using for gaming or for Bitcoin mining uh are what we use for password cracking so I can go buy a very complex video card cost me like $1,000 but I'm cracking 6 billion passwords a second uh as a matter of fact this is that video card uh and some of the benchmarks that it talks about says that it can unlock a single 8 character password in 48 minutes that extrapolates out now if I've just got that sitting in the back of my office and I'm just cracking passwords all day long I I'm going to get through some very very complicated passwords so your password should be a minimum of 12 characters it should have more than one special character it should have more than one number uh it should have more than one capital and it shouldn't the first character should not be a capital cuz I'm going to guess that and it shouldn't end in something like one exclamation mark because I'm going to guess that and the tools that we use to crack those things are automatically doing them so I'm I'm only 14 or 15 minutes in how many people feel called out that's it's completely normal don't worry about that so uh here is uh Darren kitchen uh Darren kitchen runs a great website uh called hack five if you really want to walk down some scary roads go to hack five and check out what they have for sale off the shelf um I'll talk about that in a little bit uh but this is him literally flying a drone and dropping on a roof and doing Wi-Fi password attacks right I've done this myself I fly a drone onto your roof you probably don't have cameras on your roof why would you and I'm just going to try and log into your Wi-Fi your Wi-Fi is going to say hey you got the password I'm going to say no but I got the authentication token thanks and I'm going to fly away and then I'm going to have that or I'm going to just leave the Drone there if I'm willing to sacrifice it for the job uh and I've p that token back to my office and then I crack the password if it's an easy password and then I log back into the Wi-Fi and now I'm scanning devices on the network and I'm attacking your infrastructure and maybe I'm just staying there the average dwell time for a hack is 160 to0 days and if you don't know about this fine gentleman or either of these folks the lockpicking lawyer and MCN official so these are two too easy to go find YouTubers that will show you how to pick and bypass absolutely everything that exists and when I say absolutely everything I am not exaggerating 95% of Austin I can walk into anytime I want and I have my customers challenge that and then I show them and they're like how do I defend against that and I show them a little bit more and they're like all right well can you still break in yeah I can still break in and you just you need to just elevate your security do you have an alarm do you have cameras do you have good good locks or do you just have this thing that's been the same Contra contractor off the shelf pseudo minimum Builder spec uh that has tools that let me get buy it for 20 cents so I'm in right so I've got passwords from employees I've got your address I've got your Wi-Fi uh if it came down to it I might be able to find pictures on Google Street View that tell me even what kind of locks you have before I even get in the car to drive over cyber security is no longer an adventure in letting your it people do it if you don't have a cyber security professional and somebody decides to take direct notice of you or your organization you're going to have a bad day because they're just going to spend time and resources focusing on you and focusing on your infrastructure and using tools and resources that you have never heard of anytime that you explain something to a normal person about what you do and the amount of research and the amount of time and experience and case law and books you have read and things you have done that is exactly the difference between you and an actual hacker deciding to draw a Target on your organization so this is who we are this is my company name titanium Computing uh the Cyber War companies aren't ready for you can see about we've got about 8 hours of more content on our Facebook Channel we've got about 10 hours of content on our website uh more presentations like this longer presentations like this live hacking presentations like this uh that we get into talking about Hardware talking about implants talking about compromises uh but at this point uh I want to open the floor up for any questions does anyone have any questions on cyber security or hacking in any way shape or form whether it's physical penetration logical penetration best practices anything at all usually I can fill about four hours worth of content just with people's questions sir those who are not it experts what's the best way to secure the home wi-fi system your home Wi-Fi your home wi-fi system should be as complicated a password as you can tolerate just a password yep just so we'll we'll talk a little bit about passwords um your password should not be a long complicated sentence that you then forget two or three times and keep calling your it people uh and then you're writing it down in a Post-It note should you have a password manager sure and you if you have last pass you should throw it away but if you are having struggles with passwords one of the things that you should be doing is making your passwords a memory literally like think of a of a moment that you had a good time with your kids a good time with your parents a fantastic vacation you went on something that you're not going to forget and something that I can't find on Facebook I can't find on LinkedIn I can't find in a breach there's nothing about you and that memory that I can go discover you know if you had a great time at the park with your kids great time at the park with my two kids that's a long password it's super easy and it's super memorable for you that's how you should be recording passwords for the ones that are in your head but you should have a password manager because probably everyone at this point in time has I don't know 50 passwords 100 passwords and you're just hitting recover password every single time you need to go to log into something uh and I'm taking advantage of that I'm when I break into people's networks and we talk about uh doing Wi-Fi penetration uh I'm doing password recovery the first thing that I do when I get into somebody's email account I get in their email account I'm literally looking for pass lost password password recovery and it will just be a wave of people having done password recovery and then I'm taking those emails and saying oh those are other accounts they've got and I create a little list of those and I'll go attack those things with the same password that may or may not be in breaches it's a great question sir password manag uh everything is you have to trust somebody somewhere um one password is the only one that really hasn't been breached uh last pass has had three breaches uh there's a few other password managers out there dash lane my glue uh the password that you secure those with should be the most important password one password lets you secure physical devices so I can only log on to my one password account from three computers in the world even if you have the login credentials and everything else to go log into my one password account you can't you have to have those extra pieces of information um if you're going to go to the next step you should look something up called UB key that's y ubii ke Y and that's a little USB device that you plug into your computer that's called a Hardware security token uh and that elevates you to the next level so passwords are just authentication typically it's something you know password in your head something you are that's where you get your retinal your fingerprint using your face to unlock your phone uh and something you have and that's where you would have a little RSA token or something from you know 10 years ago uh or you've got your authenticator app on your phone or something like that the hardware token becomes the something you have uh and that lets you have even higher level of security understanding that no one is going to get into your systems without that physical token you should make a backup of that token keep it in a safe deposit box or someplace but yeah that that would be the next level do that answer your question sir fantastic anyone else ma' so the state agency that I work for uh does not have WI at all and I'm crumbled about that I like I've never worked anywhere that doesn't have it but they seem to think that that's very secure you agree don't have WiFi at all so I didn't want to stand here and ramble about myself or my personal achievements I did three deployments to Iraq and nine deployments in Afghanistan uh with the dod uh Department of Defense working for multiple different military subcontractors locked Martin was just one of them if you go into a secret environment or a top secret environment or something called the skiff uh there's no Wi-Fi or there shouldn't be Wi-Fi if there is Wi-Fi that's a that's a that's a big no no so think of WiFi as ju it's literally an extension of your network and if you are not comfortable with somebody on the sidewalk walking along and just being able to log into the network right if we if we I right in my view I see a network Port over here on the wall there's Network ports here there's Network ports all over the place like is the physical security of the organization safe enough to where I can just pick a laptop up plug it in the wall and I can go and I can start scanning and I can start hacking the Wi-Fi is that it's that Port everywhere so if you can get away with it absolutely if you have you but at the same time you should offer something that is on a completely different network that is completely segregated because people will go out of their way to try and get around it just like I talked about being in Secure facilities I got to watch a military intelligence professional have a complete meltdown in Afghanistan because she plugged her iPhone into a secret sipp box and the MP showed up and said we saw that you plugged an a a computer in the USB and she's like oh I was just charging it nothing to worry about and they're like no ma'am you need to come with us and and that phone needs to come with us too that altercation got to the point where they drew pistols uh and they were like hey this this is like an actionable offense this could be treason you've plugged a a media removable media device that can store digital files you work on digital files that are classified all day long so if you don't give your employees an option they might go make one and that means they bring a home wireless router and they plug it in that port in the wall and now you have a real breach cuz that Home wireless router's password might be password but it extends the Wi-Fi and the network out into the sidewalk out into the driveway uh there's a a customer that we got hired to just engage with like just from it stuff hey come fix my computers and come do some things uh and we did a a network penetration scan cuz we do that as standard uh and we found we were the public Wii was the same network that the HVAC and the heating and the electrical systems were on so I was able to just like poke poke poke poke this is the new temperature today uh and they were really uncomfortable with that for good reason uh and then walking them through the way to fix those things and sort those things out became beneficial to showcase the value but at the same time they offered that public Wi-Fi the people who installed it were like oh well nobody gave us any direction we're just going to join these wireless devices over here so it's uh your organization is doing the right thing but it could be a little bit better because they're assuming that all of your employees are also going to do the right thing and they won't uh as a matter of fact in the military 25% of the training that I went through for cyber was Insider threat like consistent it is going to be an employee one out of four breaches is going to be an employee and one out of 10 is going to be an active employee how many how many people in this room has have heard of a lawyer taking the entire customer list and walking out and trying to start their own practice see a couple hands right so The Insider thread is real hopefully that answers that question sir can you give us a better idea of kind of what what I guess I'm trying to kind identify the risk and and the reason I said that is I I don't cheat on my wife I I don't care if somebody gets in my email a Helen's brownie recipe I mean so I I do I I will say I online bank so but but but kind of drill down and tell us what the risk is I mean honestly out of thousands of emails thousands of them are extraordinarily boring oh yes and it's hard for me to believe somebody's going to dig through all all of that boring jump I will uh you know if you if you ever imagine like a hoarder house right uh there there there's jewelry in there somewhere there's some rare comic book there's something that somebody's going to be interested in and that we've already got scripts for it right I I already have just the like the same filtering software that looks for you sending a credit card out or Social Security I already have a script that's going to go through all your email that's going to look for those things but from a holistic conversation standpoint to actually answer your question about what should I do the answer is you should know what's going on and that that can literally just be do I have a firewall that can give me a log did Tammy what websites did Tammy go to what risk do I have in my organization from an HR management standpoint from a technical standpoint from a financial standpoint it's just uh effectively a good cyber security professional is actually an insurance salesman that doesn't sell insurance right I'm just highlighting the risks to you and then saying these are the things you should go do to fix them so your question is exactly this what what do I do how do I solve my problems and it's logging and monitoring it's being able to say this computer is doing X Y and Z this person is doing X Y and Z and you can generate a report whenever you want on the activ ities that those people were doing not because you care about employee monitoring or management of uh you know being a micromanager but if the computer is doing something the computer's not supposed to do because of a malicious update uh because of a we've got six Law Offices as clients so I'm going to start using some specific examples uh uh video files for a bus accident come in from an organization that's run by the state the state hands the customer viruses and the customer's Network might get taken over but they've asked for it they're expecting it I'm expecting a DVD or a CD or a USB or something with these files on it I need to look through these files and I need to injust these files in my case management system while these V these virus filled files could take over my network so I need to know that something bad has just happened and if I write the virus tonight none of your antivirus is going to find it tomorrow so you need to have something that's more more holistically asking are you talking to Poland should you be talking to Poland if you don't need to go talk to a website in Spain you should turn that off turn off all external access turn off being able to talk to Russia or China or Japan or for whatever reason and then be able to have alerts that say hey somebody's trying to get in the back door of your organization just like somebody's trying to get in the back door of your house um not because we care about what the employee is doing but we care about what the system is doing is there anyone from the outside world that can talk to this computer is the computer trying to talk to anything else outside the world and you could literally just click click click here's a report I'm clean do that have is that a good enough holistic answer [Music] sir sure how is it for somebody to get into my bank account or for example I go on door Dash and I put in my credit card number how how is it very easy for somebody to get my credit card number because I put it into door Dash when I ordered a hammer so assuming your systems are secure um or we can assume they're not secure so when it comes to online banking if I'm going to break into your bank account and I just this is very relevant I just took over a $1.5 billion company three months ago um and I had this conversation with the owner whose net worth is really significant and I said hey I can get in your bank account whenever I want and he's like how how can you get into my bank account I'm like well I'm in the computer you're logging into the bank account with I was able to log in to the network via the Wi-Fi I was able to crack the password because it was very very easy then I was able to scan for devices in the network that they had which were physical servers I was able to compromise those physical servers those physical servers were active directory servers which were login authentication servers the owner's laptop authenticated to that server and I was able to push software to his laptop that then let me record keystrokes and monitor what he was doing the moment he logged in his bank account I was in his bank account with him right he had two Factor he had text um and I had to walk him through that I would use AI to impersonate him uh I had a voice impersonator ready to go and because I was able to log into his account I was able to redirect the phone call that the bank would certainly call him and ask him for the approval of the $35 million wire transfer that he definitely didn't send but it would sound like him when they called him and I answered the phone and I confirmed that yes this was a legitimate transaction if his organization had monitoring to know that outside devices were talking to his Network that he had never seen before that suddenly there was an update that only applied to the CEO's laptop um that there was anything going on inside the environment uh there could have been a lot of flags that have gone would have gone up that would have prevented any of that from happening uh you should have multiactor on everything everywhere um and you should have credit protections turned on uh you should turn off the ability for anyone to open credit cards in your name so if you called it up and say Hey you know uh turn off all my credit uh meaning close it or freeze it uh so that people can't open Credit um but the attack is going to be the same as long as I can get on the network that your device is on and if you're doing things that aren't best practice if you're storing your P your credit card in the browser of your computer uh and it's not in a Secure Vault like a a one password or a password manager Vault that then interacts with the browser and brings that that credit card information in uh I'm going to be able to do some shady stuff uh and I'm going to be able to pull that credit card out of the browser if you've saved it directly in the browser and I'm going to be able to dwell inside your computer if your computer doesn't have monitoring uh and when you log into your secure facilities or your secure platforms regardless what those platforms are because you've given the authentication token I'm in that platform with you so the answer is monitoring and management so that you can actually have a report of what is happening on your network and your devices I hope that was more specific how's everyone feeling I don't have any Xanax with me [Music] sir what about writing passwords down writing passwords down it so the first thing I do when I walk into a place uh and I'm doing a pen test is I look up I've lift up the keyboard right I grab the drawer next to me I'm looking for a three- ring binder three- ring binder right Flip Flip oh this has got like 90 dog eared Post-it notes in it this this is the one I want Flip Flip Flip Flip Flip oh here's all the the passwords um password managers are not just there for security they're there for positive functionality so while I'm up here doing my presentation titanium I've got 12 employees some of those employees have passwords to the critical infrastructure that they need at my customers or in titanium and they have that with one pass uh if my employees are not trained on a thing I can make sure that they don't have access to those passwords if my if I'm a partner of an organization and I'm going to leave and I'm going to stand on the side of a volcano or go visit the [Music] Titanic somebody has access the critical passwords to keep my organization moving forward if something happens to me or they can't get a hold of me in the case of both of those scenarios cell phone service isn't available so even if you absolutely needed something desperately somebody that's in the middle of nowhere you know liking the Himalayas you can't get a hold of them you can't get that password so moving away from having handwritten is kind of a requirement uh but at the same time anything you secure it in I'm going to I'm going to walk right through it right uh and I know that that sounds extreme but you start going watching go go to YouTube and watch lockpicking lawyer he's got let's go back to that for a second if if you can zoom if you can see that that's 1.5k videos when I say he's broken into everything on the planet he's broken into everything on the planet there are security companies that make locks and send them to him to just pick them on his channel so wherever that password is inside the office I'm going to go find it unless it's you know obvious skated in another way maybe half the password's there maybe half the password isn't there you can start getting some some Cipher text going and it's the you know 1960s Bond film I got to steal half the password over here and half the password over there and there's a middle in the number middle number missing right so there's ways to make that secure but you're not giving benefit to the organization by having a password manager that you can share critical things like something with your PA or your EA or your partners or par legals that need that information or your partner I know you might not share everything with your your partner right but and by partner I mean both business partner or wife or husband or whoever hope did that answer the question okay sir all right I had just had a follow up so I mean what you're saying is pretty alarming um so how you your password how do I what how do you secure your password you that that'll be $10 uh the uh one password I use one password uh our organization uses one password um it's it's really great because of the functionality now most of my passwords are the super critical so the password to get into one password is not written down anywhere that's one of those you know I I was catching seahorses with my wife on the beach and she laughed one exclamation mark right I'm I'm I'm I'm making my password a memory that I'm not going to be able to forget and then I don't reuse it anywhere right it can't go out in a breach right if your password is hookum horns one exclamation mark I've ran into that Austin one exclamation mark with capital a right like just the you know orange burnt orange any any of those those are like right on the list if your Wi-Fi a phone number or a fax number I'm through it in 10 seconds 10 seconds so your passwords are really important that you manage them well how we're managing them uh you should go to your organization and say do you have a password manager what do you use and what do you recommend if they say last pass run um and if they say anything else just say all right why why should we be using this and and let them say how it benefits the organization and it might even be free they might already be paying for it and all of this is just cyber security training that your organization should already be giving you there should be somebody handing you videos handing you training handing you little mini quizzes hey here's the cyber security risk of the week did you know that Sim swapping is a thing Sim swapping is where somebody impersonates you to your cell phone provider and then gets them to to transfer your phone number to a new sim because they've impersonated you because the fallback is your social security number for AT&T or Verizon or any of those things if you haven't called in and changed it so now I've got your sim so now I've got your two factor for a lot of things so if I already have your login and password even if you put two Factor on things now I'm breaking through the two Factor so like this is again this is like a a it's like any one of you coming up here and trying to explain to a high school student why you they should be doing what you are the expert at yeah I mean it's a fire hose which is why I stop and I just let the questions come because the questions are more the base of everyone else in the area and usually there's more benefit gained from that sir we never on a smartphone I think I know the answer uh you should if if you are using a password manager in specifically like if you have one password so one one is none um if you have one password on your phone or you have a password manager on your phone that's fine if you're saving them in the notes field and I call that out because again that's normal right A lot of these things you're like oh my God I'm doing that that I'm that the reason I'm saying it is because you're not alone in doing it a lot of people do it so all you can do now is that you're aware all right I should go I should go segregate my assets right I should I should go have a power of attorney right those kind of things that you're walking and you're shifting in another Direction uh all you can do is make decisions based on those things hopefully that answers that question I got I got 145 left the passport matters you think is probably the best which what's the name of the company number one password.com I am not a paid spokesman I gain no benefit of telling you to go get one password.com sir far as targets or ha are individuals somebody that they're generally looking at millions of people are they looking at Targets that are going to have more information I'm coming after you personally you because the organization you're attached to I want more information on the organization if I can get more information on the organization from you because your home security or your personal security your old MySpace password uh that might still let me into stuff uh is out there that's what I'm interested in you uh I I got a chiropractic customer and she said to me you I wish I could just strap these insurance companies to a chair and just make them answer my questions and I said well you can you just go find somebody that just got fired on LinkedIn and pay him a hundred bucks and buy him door to as for lunch they'll answer all the questions that that you want she's she she's like man I I've made six figures from that decision so you know that that's inside her threat that's just after the fact I have 15 seconds I hope that answers your question everyone thank you all so much I'll be out in the lobby for a little while hopefully somebody left me left me salad uh I've got cards if anyone wants cards uh I hope you all have a great day and uh I apologize for the indigestion [Applause]