Online Security with Julianna Lamb

Come on

warm lead. This is George G. And the time is right. Welcome. Today’s guest is drawing a powerful Juliana, lamb Juliana, are you ready to do this?

Let’s do it. Let’s let’s let’s do it. Juliana is the co founder and CTO at stitch. They’re an organization helping companies go passwordless improving security, and user experience. Juliana, tell us a little bit about your personal life, some more about your work, and why you do what you do.

Julianna Lamb 0:41
Awesome. So I grew up in a ski town in Idaho. So now in San Francisco working, you know, as a software engineer and founder come along by in the past 10 plus years. And I think a lot of sort of why I have gotten into entrepreneurship is just growing up spending a lot of time

pursuing my passions, and that happened to be figure skating growing up. So definitely a very different career now. But I think, from an early age, I was just taught to really sort of dream big, and that, you know, hard work does pay off. And so I’ve felt like I’ve always sort of,

I’ve looked for different passions to pursue and really given it my all. So I started studying computer science when I got to Stanford and have sort of stuck with that ever since. I think what I really enjoyed about computer science and building things is that you can have a really massive impact and you know, build something that people are going to use, they’re going to get value from. And so I’ve sort of continued to follow that passion since and some how ended up in sort of like the developer tool space, which I think if you told me, you know, 1015 years ago that I was going to dedicate my life to building developer infrastructure, I probably would have had no idea what you were talking about. But I think the the value there is that not only are you building things for the jewels, but you’re building something that different companies are going to use, and it’s going to have an impact on their end users. And so the scale of impact you can have working in this space is really massive. And I think that’s one of the things that that gets me excited about it.

And what we’re doing here at stitch is helping companies transition to password list authentication. From previous experiences, we saw how hard it was for developers to build their user authentication systems. But then also, how broken sort of authentication is on the web today. You know, we’re still relying on passwords, which we’ve relied on since sort of the birth of the web. Technology has come so far, the way that you use online accounts has evolved so much, we have just so many different online accounts today. And the password hasn’t really scaled with that. And so there’s all these different ways that you can now authenticate online. And we’re trying to make it easier for companies to sort of modernize their authentication.

george grombacher 3:22
Nice, fascinating. Well, congratulations on on the journey so far. And all the growth, it’s pretty incredible to grow up in a I think you said a small town, figure skating off to Stanford, become an engineer. And then from that, to make the leap to entrepreneurship. And then again, to I don’t know, if I’m using the right language or not to make another leap to raising $30 million dollars in funding. That’s, that’s pretty extraordinary.

Julianna Lamb 3:55
Yeah, definitely, I would say, it’s been a bit of a whirlwind starting this company over the past 18 months or so. I think I definitely have spent a long time sort of in the startup space and wasn’t even sure that I wanted to be a founder when I was sort of starting out in software engineering. But then I think seeing what people were building and sort of the impact you could have as a founder, I started to get more interested in it, but yeah, definitely. If you told me where we’d be today, when we were first starting out, I think, you know, my co founder and I were trying to decide if we quit our jobs in May of 2020 which was probably not the best time to be quitting a job and you know, going out on our own but didn’t really fortunate to you know, I think okay,

george grombacher 4:55
yeah, that’s it. Super exciting. So Just I’m fascinated by how people’s brains work, because I imagine that you and I can look at the same set of facts or problems and really view things very differently. As you are evaluating, you’re correct me if I’m wrong, it’s your goal to help organizations go passwordless improve security, on, on, on on the internet and in life. And with so many different technologies changing, how do you how do you evaluate what tools to use to serve your clients?

Julianna Lamb 5:37
Yeah, it’s a really good question. And I think it’s part of the reason that what we’re building has a ton of value is just helping people navigate that, because I think using username and password to log into a site is is a super known pattern, people know what that looks like, right. And so now you have all of these different ways that you can authenticate and sort of figuring out you know, which ones make sense when and where can be really challenging. Some of the examples there would be like, SMS on one time, passcode, email magic links, you can use Oh, auth, like sign in with Google and Facebook, you can use there’s a new standard called Web auth end that lets you do touch ID on your Mac, etc. So there’s all these different things that you can sort of use and put together in different combinations to build your user authentication. And so a lot of what we do is sort of your question, right? It’s like, how do you figure out which one of these makes sense? Some things we think about are sort of the, like, security of it, you know, how could somebody potentially take over an account if they gained access? How easy would it be for them to gain access to that sort of device or core account, this like magnitude of people that this might work for. So webauthn, for example, that touch ID authentication method, really secure, you have to basically take over the physical device, right, but not every phone or laptop has biometrics built in. So it’s not sort of universally applicable. If you lose that phone or laptop, all of a sudden, you have to figure out how to recover the account as well. And so that can introduce a lot of complexity. And so it’s sort of like thinking through all of these things, but then also thinking through like, what you’re protecting with this authentication, something that we are big fans of is what we call, sort of like right sizing and just in time authentication. So if you’re getting read access to one of your accounts, that’s a pretty low risk interaction that you’re going to do. And so the level of security that you need to get read access from your account is probably very different than the level of access to get right access to that account. So if you want to go and move money now, or you want to change a shipping address, those are, are really big fraud vectors. And so that’s when you should wear in sort of additional factors of security, like maybe, you know, the SMS or biometric authentication, where it’s sort of getting initial access to the account can be something really sort of simple, like an email magic link. And so this is what we spend a lot of time sort of thinking through is like, odd factors or risk factors associated with these different authentication methods. What is the sort of experience for the user of these different authentication methods? are you introducing the right amount of friction at the right point in time? And then thinking through things like, Do you have primarily a mobile app or mobile and desktop, all of these things can can mean very different sort of user experiences. SMS on mobile, for example, is really fantastic. You have the autofill, where you can sort of one top the passcode, and it’ll log you in right there. Whereas desktop email tends to perform very well. So there’s a bunch of like, sort of complexity that goes into making these decisions. And that’s what we spend a lot of time thinking about, and then also helping our customers think

george grombacher 9:27
through. Yeah, certainly, certainly a lot. How, how do you do do you need to understand how it works? Or do you have or perhaps, is it possible for you to understand how the how these technologies work? Obviously, you’re the founder or you’re the chief technology officer. I don’t know if I’m asking the right question or not.

Julianna Lamb 9:53
Yeah, I think understanding how all of these work is is pretty important for us and Part of our goal is to abstract that away from our customers to some degree, because there’s a lot of complexity here, the faces evolving as well. And so having a really good understanding of you know, what’s going on behind the scenes, I think it’s pretty important. And then that helps us communicate to our customers like what they need to know and understand as well. We aim to make it really simple to integrate all of these things so that, you know, you, you can just like drop in a couple lines of code and get up and running and not have to go and yeah, do a ton of research into like the web off end specification, because that’s probably not what your average company should be spending their time thinking about. But for us, that’s sort of core to what we do.

george grombacher 10:53
What are you? Are there certain things that you’re seeing on the horizon that you’re super excited about?

Julianna Lamb 11:01
Yeah, I think just like the prevalence of biometric authentication, this new web authentic specification is really interesting. And just makes it easier to do biometrics on different devices. I think that when you’re talking about like user experience, and security is kind of like a win win situation, then there’s like a bunch of edge cases you have to think through with like the device loss, etc. But I think the increasing prevalence of biometrics will help to both secure accounts and make it easier for you to log in to all of yours. I think there’s interesting stuff happening with web three as well, I think that really changes how you sort of view online identities and aims to give like consumers more control, I think that’ll be a trend that has been sort of, regardless of, of giving you as a user a little bit more like visibility into your accounts, ownership over them. Something we talk about a lot is it sort of being that like identity layer, where you can maybe see all of your like connected stitch accounts in the future, and like be able to provision or D provision data to different companies, I think that like, consumer ownership of your identity is something that will probably continue to evolve over, you know, the next decade or so. So I’m excited to see what that looks like. I think we’re still really in the early days. So I don’t know exactly what that what that will mean for people. But I think we’ll see this shifts continuing to happen.

george grombacher 12:45
Yeah, fascinating. And you mentioned that, that certainly, the tool that you’re using to protect something is essential, but then it’s also super important to be mindful of what it is that you’re actually protecting. And something that just kind of jumped into my head, and it could be way off off the wall and not something that you’re involved with at all, but just how do we know that what we’re watching or listening to is actually the authentic thing. So, for example, if the President were to make a make some kind of a statement, and then somebody took it and altered it using some kind of a new technology, so he or she says something that’s totally different. Is there a way for us through authentication or security to know that? Nope, that’s fake or no, that’s actually real.

Julianna Lamb 13:36
Yeah, so not something that we focus too much on. But I do think this, like, sort of web three, evolution will address some of that we’re now you can, like sign stuff, basically, and have like that, sort of, I guess, yes, signature on something that’s online. So you can like sign an image or a video or whatever it might be, and like, show the authenticity of it. So I think that will be something that’s really interesting. Where, yeah, there is this problem of like, one just sort of lack of like, ownership over online assets. You don’t really sort of like, own anything online, for the most part today, the way you might like, artwork or your house even right. And so being able to sort of have that ownership. And then with that comes that sort of signature of authenticity of like, is that the original artwork or is this a fake or something, which I think can be really interesting when you’re talking about some of these problems around sort of like the fake news or these like deep fakes where people are, you know, creating videos that look like a real person, right, but it’s completely made up and so I think that’ll be something that that we continue to I need to prioritize as well, because I think, yeah, the web has just evolved so much in the past 10 years. And so I think in a lot of ways, like, the way that we use, it hasn’t necessarily kept up with the pace of adoption. And just like how much we do online today. And so it’ll be really interesting to see this trend that sort of happening, that has that bigger focus on like, ownership and authenticity online.

george grombacher 15:30
So it’s two degree gonna be pretty funny. And in 50 years, people are gonna look back at how we interacted with important information on the internet and be like, Oh, my gosh, they just put their information out there, and anybody could see it.

Julianna Lamb 15:43
Yeah, definitely. And yeah, that’s what we spend a lot of time thinking about is like, what is that going to look like? Right? And how are we building for that future? Because I think we were pretty confident that it’s not going to look like it looks like today. And we have a lot of ideas of, of what it’ll be. But I think yeah, well, we’ll probably all look back and laugh at just how we interacted with all of our online accounts and data and all of that.

george grombacher 16:11
Just fascinating, right? How do you how do you keep yourself secure and your information secure? And, and all of that as as, as things continue to change? And do so so quickly? So I feel like you and stitch are going to be relevant for a long time. Juliana.

Julianna Lamb 16:30
Amazing. Oh, at

george grombacher 16:32
least hopefully, anyway, right.

Julianna Lamb 16:35
That’s the plan.

george grombacher 16:37
Well, Julie, out of the people are ready for your difference making tip, what do you have for them?

Julianna Lamb 16:42
I think paying attention to how you authenticate with all of your online accounts, being really mindful of, you know, not reusing passwords across a ton of different online accounts. And making sure that you know, you have really top level security two factor, etc. With your most important accounts, like email, bank account, etc. I think you know, we’re hoping to make this even easier for you in the future. But I think if you were to, you know, take one thing away from this is that it’s being mindful of the passwords that you do have making sure they’re secure, making sure you’re locking down your important accounts, because there’s a lot of sort of fraud risk out there and you can be you can take action today to help protect yourself.

george grombacher 17:29
Well, I think that is great stuff that definitely gets Come on. Come on. Juliana, thank you so much for coming on. Where can people learn more about you? How can they engage with you and stitch?

Julianna Lamb 17:41
Awesome, thanks for having me. You can check out stitcher calm, or my personal Twitter is Giuliana Eelam. I’m pretty active on there.

george grombacher 17:52
Excellent. Well, if you enjoyed this as much as I did show Giuliana your appreciation and share today’s show with a friend who also appreciates good ideas go to stitch calm. That’s stytch.com Follow Juliana on Twitter, list both of those in the notes of the show. Thanks again, Juliana.

Julianna Lamb 18:12
Thanks for having me.

george grombacher 18:14
And until next time, keep fighting the good fight as we’re all in this together.

Transcribed by https://otter.ai