In September 2024, Dunelm reported a 4.1% jump in annual sales to 1.71bn for the year to 29 June.During the same month, GlobalData estimated Dunelm had increased its market-leading share of the homeware sector to 11.5%, edging even further ahead of John Lewis, its closest competitor.New initiative after new initiative is a feature of the Dunelm growth story right now. It opened its first small-format store, at Westfield London, in December, and that came two months after it announced the revamp of its ecommerce capability by deploying Google Clouds artificial intelligence (AI)-powered Vertex to improve site search.An in-tune product development and sourcing team and a laser-focused multichannel approach are clearly at play here, but theres also something to report on the company culture.In February, the retailer launched a talent programme, Reach, to empower colleagues from underrepresented ethnic groups to reach their potential in the business.More than 80 participants have spent 2024 connecting and networking with role models from within Dunelm and outside of the business to be inspired, expand contacts and broaden horizons, according to the retailer.And alongside all this, the seeds have been sown for a movement to support another underrepresented group: women in technology.Dunelm software engineer Jo Kalnavarna was the catalyst for helping the retailers Women in Tech group gain a new lease of life over the past year. Its not a new concept at Dunelm, but after arriving at the business in April 2023, Kalnavarna found it had been put on the back burner during the Covid crisis.I was a case of where is the women in tech thing? I had to dig it out, but there was tumbleweed rolling, she says, explaining that she took the lead alongside senior people partner Leanne Orton in establishing a new plan for the initiative.I reached out to Leanne and I found out it was happening in the background, says Kalnavarna. I thought, Were past Covid now, so how can we accelerate it? I created workshops in London and Leicester, and went out to the women to ask what they wanted to happen.She instantly started recruiting for a leadership board for the group. I thought, lets build like we do in tech a board, a task, objectives like KPIs [key performance indicators], says Kalnavarna.Ive implemented what Ive learned in tech into this working group, and it has worked well, she adds. We have a board, we have tasks we assign, we come together regularly, and we have catch-ups and stand-ups. I would suggest for any communities that want to do something similar, this is an approach that really works.How does that look in practice? It involves quarterly catch-ups, and networking whereby participating employees play coffee roulette, being paired with a different person to discuss different job roles in tech and other career experiences.Coffee roulette is a monthly event all about making connections to build knowledge and confidence regarding different areas of technology and working life.Priti Verma, senior business analyst at Dunelm and STEM ambassador, says: Its a monthly as-long-as-you-want session where you get paired up with people who you dont know in tech.Its a way of networking in an age when people are working from home, and it gives you that benefit of meeting someone and understanding their story, she says. And if you need some info you have a connection and youre making friends at the same time.Its the heartbeat event that happens every single month without fail, says Verma. Every month, the tech team are hearing about what women in tech are doing. It wouldnt necessarily happen organically.The plan is to push more people to sign up next year. In general, this work is to help raise awareness of women in technology, create more opportunities for career progression, and give women confidence to apply for jobs they might not otherwise apply for within the tech function of the organisation.Read more about women in techA combination of the types of jobs women perform and biases influencing the development of artificial intelligence leaves them in more danger of AI disruption.Computer Weekly has revealed who is on the 2024 list of the 50 Most Influential Women in UK Tech, including this years winner, Sheridan Ash.Key to getting women to take on more roles in tech is representation, according to Verma, who says imposter syndrome is real particularly for women who are returning from parental leave or if theyve taken a sabbatical.We need to ensure people are confident and happy to apply for roles and even if they dont get the job, that they get the right feedback to help them the next time they apply, she says.Underlining her credentials as the designated leader of the women in tech movement at Dunelm, Kalnavarna says she is a big risk taker.We want to build a feeling of, You have the confidence, you just need to go for it I want to show that attitude, she says.Were running all these events to show what you can do; just go for it, dont be afraid, and dont shy away from it. Were trying to build a community at Dunelm to show anything is possible here, at least, and one day, youll see the wider change in society.The landmark moment so far for the reinvigorated group was Women in Tech Week, which ran from 711 October 2024. Dunelm created its own internal event to align with the broader national campaign, and used the five days to align the C-suite with the wider tech and engineering team, and create an environment for progress and support.In a celebration of achievements of women in tech, Dunelm hosted multiple virtual and in-person gatherings including a Q&A with the retailers chief technology and information officer (CTIO), John Gahagan. This sort of transparency is important in any company you work for, says Kalnavarna.Verma calls the session with the CTIO open and honest. The hope is that opening up the communication channels like this can get everyone in the organisation considering the different experiences men and women have in terms of tech job opportunities, and how they have historically been viewed and treated in the workplace.There was also a panel discussion with male allies, where Dunelm tech representatives talked about their experience and insights related to supporting women in tech. The panel was led by software engineering and team lead Rowan Powell, and included the views of Tom Keeber, head of quality, Paul Kerrison, director of engineering, and John Burgess, head of business analysis.During the week, some of the female tech leadership team spoke about their background, career journeys and experiences with the aim of conveying how to feel empowered as a woman in tech. There was also an appearance from founder and CEO of Shift Left, Susan OConnor, a leadership coach, who shared her expertise and guidance with the cohort of Dunelm women in tech.We got people in the tech team to understand what women in tech means to them, and which people in tech have inspired them, says Verma.It was a really good week and everyone got what they wanted from it. It wasnt dictating or spouting out information: it was inclusive, and people were welcome to be part of the conversations.In the year ahead, more lunch and learn sessions are set to take place, fuelling knowledge share and helping those involved build stronger connections internally.Kalnavarna has already helped work experience students understand what being in technology is like, but there are wider plans underway to see if Dunelms tech team can get into schools in the Leicester area near the retailers HQ to help young girls realise early that a career in engineering or tech could be for them.Getting to women with this message at college stage can be positive, but the earlier girls understand the opportunities available to them, the better, according to Verma, who sees plenty of opportunity to engage primary school age children built around Lego demonstrations, for example.When chatting to children about what you do, you can see this lightbulb go on thats why Im a STEM ambassador, she says.Kalnavarna adds: If we start talking about this to people from a very young age, maybe it stays. They will see someone out there who encourages them, have a role model and pursue it [a career in engineering or tech].For Verma, the main aim of the women in tech work at Dunelm is raising awareness. We are fostering an environment so if theyre a women and want to grow and progress, they can, and if theyre a man, they can help and support, she says.Its about being comfortable in your own skin and feeling that if you want to be a director, you dont have to act like a man.

I believe computer science is the cornerstone of all technological advancements in the business world.

Man studying a see-through computer monitor thats displaying AI text.gettyAI assistants could start manipulating you into making decisionsand then selling your plans to the highest bidder before you've even consciously made your mind up.According to AI ethicists from the University of Cambridge, published research and the hints dropped by several major tech players indicate that the 'intention economy' is set to take off.AI agents, from chatbot assistants to digital tutors and girlfriends, could exploit the access that they have to our psychological and behavioral data, and manipulate our responses by mimicking personalities and anticipating desired responses."Tremendous resources are being expended to position AI assistants in every area of life, which should raise the question of whose interests and purposes these so-called assistants are designed to serve," said visiting scholar Dr Yaqub Chaudhary of the University of Cambridge's Leverhulme Centre for the Future of Intelligence."What people say when conversing, how they say it, and the type of inferences that can be made in real-time as a result, are far more intimate than just records of online interactions."Large language models can cheaply target a users cadence, politics, vocabulary, age, gender, online history, and even preferences for flattery and ingratiation, the researchers said.Brokered bidding networks would then attempt to maximize the chance of achieving a given aim, such as selling a cinema trip or pushing a political party, by subtly steering conversations."Unless regulated, the intention economy will treat your motivations as the new currency. It will be a gold rush for those who target, steer, and sell human intentions," said Dr Jonnie Penn, an LCFI historian of technology.Read More: Ukraine Hit By Massive Cyber Attack"We should start to consider the likely impact such a marketplace would have on human aspirations, including free and fair elections, a free press, and fair market competition, before we become victims of its unintended consequences."This isn't just idle speculation. An OpenAI blog post last year called for "data that expresses human intention... across any language, topic, and format", while the director of product at Shopifyan OpenAI partner spoke of chatbots coming in "to explicitly get the users intent" at a conference the same year.Meanwhile, Nvidias CEO has spoken publicly of using LLMs to figure out intention and desire, while Meta released research on what it referred to as the 'Intentonomy' in 2021.And earlier this year, Apples new 'App Intents' developer framework for connecting apps to its voice-controlled personal assistant Siri included protocols to "predict actions someone might take in future" and "suggest the app intent to someone in the future using predictions you [the developer] provide"."AI agents such as Metas CICERO are said to achieve human level play in the game Diplomacy, which is dependent on inferring and predicting intent, and using persuasive dialogue to advance ones position," said Chaudhary."These companies already sell our attention. To get the commercial edge, the logical next step is to use the technology they are clearly developing to forecast our intentions, and sell our desires before we have even fully comprehended what they are."

At the core of intelligent system design is the principle of instrumentation and iterative improvement.

Forward-looking: Nvidia, now a $3 trillion+ titan, has grown synonymous with graphics cards and AI accelerators. But as the company has become the one to beat in these arenas, it now has its crosshairs aimed at what it sees as the next major growth area: robotics. A report by The Financial Times has revealed Nvidia's plans to achieve this future. It highlights how Deepu Talla, Nvidia's VP of robotics, believes the robotics market has reached an inflection point where physical AI and robotics are about to take off in a big way."The ChatGPT moment for physical AI and robotics is just around the corner," Talla told the publication, adding that he believes the market has reached a "tipping point."To capitalize on this, Nvidia wants to position itself as the go-to platform for robotics. The company already offers a full robotics stack. This includes the software for training foundational AI models on DGX systems, its Omniverse simulation platform, and the Jetson hardware.However, things are set to accelerate next year, with Nvidia planning to launch its latest robot brain called Jetson Thor. This will be the newest addition to the company's Jetson platform, which is a line of compact computers designed for AI applications. Jetson Thor will be a model focused specifically on robotics, though.Talla says that there are currently two key breakthroughs driving Nvidia's robotics optimism. First is the rise of powerful generative AI models. The second is the ability to train robots in these foundational models using simulated environments.He stated that in the past year alone, this 'sim-to-real gap' has progressed enough to enable the combination of simulations with generative AI in powerful new ways that were not feasible two years ago. // Related StoriesIt's worth mentioning here that Talla has played an instrumental role in helping Nvidia break into robotics. The roots trace back to 2013 when Talla joined to work on its Tegra mobile chip. The company pivoted those engineers to autonomous vehicle training, which eventually led to the 2014 launch of Jetson robot brain modules.As for where the Jetson Thor will be useful, we can take hints from Nvidia's recent investments. Earlier this year, the buzzy robotics startup Figure AI raised $675 million from investors including Nvidia, Jeff Bezos, Microsoft, and OpenAI. Apptronik, another robotics company using Nvidia's tech, recently partnered with Google's DeepMind subsidiary.The robotics push comes as Nvidia faces increasing competition in AI chips from the likes of AMD. While AI still accounts for a massive 88% of Nvidia's $35 billion in quarterly revenue, the company is wise to explore new frontiers. After all, the robotics market is projected to soar from $78 billion currently to $165 billion by the end of 2029, per BCC Research.

In brief: Russia's quest to develop home-grown consoles that are made by Russians and enjoyed by Russians doesn't seem to be having a lot of success. According to new reports, two machines are being created: one isn't very powerful, and the other is a $45 device that streams games from the cloud. Back in March, Russian President Vladimir Putin called on the government to create Russian stationary and portable game consoles, along with operating systems and cloud-based game delivery systems for the machines.With Russia heavily sanctioned and looking to promote its own products, one of its in-development consoles is powered by the Elbrus processor. Developed by Moscow Center of SPARC Technologies (MCST) and based on the VLIW (Very Long Instruction Word) architecture, Elbrus is designed primarily for domestic applications in critical infrastructure, defense, and other sensitive areas.Elbrus processors' performance can't match high-end CPUs from Intel, AMD, and Arm, but they are adequate for enterprise and government work. The CPUs certainly aren't going to power a console that can compete with the PS5 or Xbox Series.The console will also use a domestic OS, though it's still undecided whether this will be Aurora or Alt Linux.The Russian government admits that this device isn't going to be on the same level as current-gen machines. // Related Stories"I hope my colleagues will approach this task with full responsibility and come up with something truly groundbreaking," said Anton Gorelkin, Deputy Chairman of the State Duma Committee on Information Policy. "It is obvious to everyone: Elbrus processors are not yet at the level required to compete equally with the PS5 and Xbox, which means the solution must be unconventional."Gorelkin said that Russian consoles aren't being designed only to play ports of hundreds of old, less-demanding games. He added that they should primarily serve the purpose of promoting and popularizing domestic video game products.Another organization following Putin's instructions is Russian telecommunications firm MTS. Its console (above) will use the company's cloud-based gaming platform, called Fog Play. It allows owners of high-end PCs to rent out their computing power to those with less-powerful equipment, charging an hourly price. Those with more powerful PCs can access games on the service and use their own hardware to play them.MTS' device is expected to cost no more than $45 and come with an Xbox-like controller, suggesting it's unlikely to appeal to those who enjoy current-gen console games.

Table of ContentsTable of ContentsSamsung Galaxy S25 Slim: possible release dateSamsung Galaxy S25 Slim: possible priceSamsung Galaxy S25 Slim: designSamsung Galaxy S25 Slim: specsSamsung Galaxy S25 Slim: other detailsSamsungs January Galaxy Unpacked event is just around the corner. We know the event will show off the Galaxy S25 lineup, but theres a chance that it could also unveil the long-rumored Samsung Galaxy S25 Slim (and maybe give us a proper name for it besides the rumored title).Weve been following the rumors about this handset for a long time, and weve gathered quite a bit of information about the Galaxy S25 Slim. If youre curious about its specs, potential release window, and everything else we know, read on.Recommended VideosEvan Blass / XAccording to all of the information weve uncovered so far, the Galaxy S25 Slim will be receiving an international launch not just a Korea-focused one. As for the date, theres no firm information. The Galaxy S25 Slim isnt expected to launch anytime soon, though. Most predictions place it sometime in the middle of summer, perhaps around June.Please enable Javascript to view this contentRumors also suggested it wouldnt be announced at the Galaxy Unpacked event in January, but a fresh leak says the handset could be announced in January though it wont be available to purchase for a while longer.RelatedTraditionally, Samsung has released new entries in its handheld lineup earlier in the year. Releasing a phone in summer would be out of the norm; its entirely possible we wont see the Slim until September or October when Samsung usually releases the new FE devices.Andrew Martonik / Digital TrendsThe problem with looking to the FE series for a possible release window is that the Galaxy FE phones are priced lower than the base models. The Samsung Galaxy S24 FE is $650, versus the $800 for the base Galaxy S24.From what weve seen so far, the Galaxy S25 Slim could receive upgraded specs versus the base S25. Better internals, combined with the already likely price increase for the Galaxy S25 lineup means the S25 Slim could cost as much as the base model if not more.For reference, the Galaxy S24 was $799 for the base model, $999 for the Plus model, and $1,299 for the Ultra. We expect an increase of around $100 for each size for the S25, meaning the S25 Slim could very likely cost over $1,000.Galaxy S24 FE Joe Maring / Digital TrendsUnlike the other entries in the S25 lineup, the Slim is one we dont quite have a dummy unit for yet. That means theres no clear picture of what the devices silhouette might look like, but we do know that it should be smaller than nearly anything else Samsung currently offers.Last week, well-known tipster Ice Universe shared on Weibo that the S25 Slim should fall between 6mm and 6.9mm thick. We still arent sure how thin the Slim will be, but early information says its significantly narrower than the latest Pixel or the iPhone.Andy Boxall / Digital TrendsThe technical specifications are another area were still largely in the dark about. Some leaks have suggested a camera setup that is more in line with the Vivo X200 Pro Mini, with three 50MP cameras and a 32MP selfie cam.Preliminary reports from GSMArena give the S25 Slim the following configuration:Display6.7 inchesPlatformAndroid 15, One UI 7RAM12GBStorage256GBMain Camera200MP primary, 50MP telephoto, 50MP ultrawideSelfie Camera10 MPVideoBetween 720p@960FPS and 8K@30FPSThe Samsung Galaxy S24 Ultra with the Galaxy Buds3 Pro Andy Boxall / Digital TrendsThere is still much we dont know about the Samsung Galaxy S25 Slim. What kind of battery life we can expect, the different color options, and more concrete details about the cameras are still unknown.However, we do expect it to make an appearance either at Galaxy Unpacked in January or later in the year, and the existence of the handset is all but guaranteed. Well update this guide as we learn more, so stay tuned.Editors Recommendations

NOT (QUITE) READY FOR PRIMETIME Passkey technology is elegant, but its most definitely not usable security Just in time for holiday tech-support sessions, here's what to know about passkeys. Dan Goodin Dec 30, 2024 7:00 am | 8 Credit: Getty Images Credit: Getty Images Story textSizeSmallStandardLargeWidth *StandardWideLinksStandardOrange* Subscribers only Learn moreIt's that time again, when families and friends gather and implore the more technically inclined among them to troubleshoot problems they're having behind the device screens all around them. One of the most vexing and most common problems is logging into accounts in a way that's both secure and reliable.Using the same password everywhere is easy, but in an age of mass data breaches and precision-orchestrated phishing attacks, it's also highly unadvisable. Then again, creating hundreds of unique passwords, storing them securely, and keeping them out of the hands of phishers and database hackers is hard enough for experts, let alone Uncle Charlie, who got his first smartphone only a few years ago. No wonder this problem never goes away.Passkeysthe much-talked-about password alternative to passwords that have been widely available for almost two yearswas supposed to fix all that. When I wrote about passkeys two years ago, I was a big believer. I remain convinced that passkeys mount the steepest hurdle yet for phishers, SIM swappers, database plunderers, and other adversaries trying to hijack accounts. How and why is that?Elegant, yes, but usable?The FIDO2 specification and the overlapping WebAuthn predecessor that underpin passkeys are nothing short of pure elegance. Unfortunately, as support has become ubiquitous in browsers, operating systems, password managers, and other third-party offerings, the ease and simplicity envisioned have been undoneso much so that they can't be considered usable security, a term I define as a security measure that's as easy, or only incrementally harder, to use as less-secure alternatives."There are barriers at each turn that guide you through a developer's idea of how you should use them," William Brown, a software engineer specializing in authentication, wrote in an online interview. "None of them are deal-breaking, but they add up."Passkeys are now supported on hundreds of sites and roughly a dozen operating systems and browsers. The diverse ecosystem demonstrates the industry-wide support for passkeys, but it has also fostered a jumble of competing workflows, appearances, and capabilities that can vary greatly depending on the particular site, OS, and browser (or browser agents such as native iOS or Android apps). Rather than help users understand the dizzying number of options and choose the right one, each implementation strong-arms the user into choosing the vendor's preferred choice.The experience of logging into PayPal with a passkey on Windows will be different from logging into the same site on iOS or even logging into it with Edge on Android. And forget about trying to use a passkey to log into PayPal on Firefox. The payment site doesn't support that browser on any OS.Another example is when I create a passkey for my LinkedIn account on Firefox. Because I use a wide assortment of browsers on platforms, I have chosen to sync the passkey using my 1Password password manager. In theory, that choice allows me to automatically use this passkey anywhere I have access to my 1Password account, something that isn't possible otherwise. But it's not as simple as all that.When I look at the passkey in LinkedIn settings, it shows as being created for Firefox on Mac OS X 10, even though it works on all the browsers and OSes I'm using. Screenshot showing passkey is created for Firefox on Mac OS X 10.Why is LinkedIn indicating otherwise? The answer is that there's no way for LinkedIn to interoperate flexibly with the browsers and OSes and vice versa. Per the FIDO2 and WebAuthn specs, LinkedIn knows only the browser and OS I used when creating the credential. 1Password, meanwhile, has no way to coordinate with LinkedIn to ensure I'm presented with consistent information that will help me keep track of this. Suddenly, using passkeys is more confusing than it needs to be for there to be utility to ordinary users.Things get more complicated still when I want to log into LinkedIn on Firefox for Android, and am presented with the following dialog box. Screenshot showing a dialog box with the text: "You're using on-device encryption. Unlock your passwords to sign in." At this point, I don't know if it's Google or Firefox that's presenting me with this non-intuitive response. I just want to open LinkedIn using the passkey that's being synced by 1Password to all my devices. Somehow, the mysterious entity responsible for this message (it's Google in this case) has hijacked the process in an attempt to convince me to use its platform.Also, consider the experience on WebAuthn.io, a site that demonstrates how the standard works under different scenarios. When a user wants to enroll a physical security key to log in on macOS, they receive a dialog that steers them toward using a passkey instead and to sync it through iCloud. Dialog box showing macOS passkeys message. The user just wants to enroll a security key in the form of a USB dongle or smartphone and can be used when logging in on any device. But instead, macOS preempts this task with directions for creating a passkey that will be synced through iCloud. What's the user to do? Maybe click on the "other options" in small text at the very bottom? Let's try and see. The dialog box that appears after clicking "other options." Wait, why is it still offering the option for the passkey to be synced in iCloud, and how does that qualify as "other options"? And why is the most prominent suggestion that the user "continue with Touch ID"? It isn't until selectng "security key" that the user will see that option they wanted all alongto store the credential on a security key. Only after this stepnow three clicks indoes the light on a USB security key begin blinking, and the key is finally ready to be enrolled. Dialog box finally allows the creation of a passkey on a security key. The dueling dialogs in this example are by no means unique to macOS.Too many cooks in the kitchen"Most try to funnel you into a vendor's sync passkey option, and don't make it clear how you can use other things," Brown noted. "Chrome, Apple, Windows, all try to force you to use their synced passkeys by default, and you have to click through prompts to use alternatives."Bruce Davie, another software engineer with expertise in authentication, agreed, writing in an October post that the current implementation of passkeys "seems to have failed the 'make it easy for users' test, which in my view is the whole point of passkeys."In April, Son Nguyen Kim, the product lead for the free Proton Pass password manager, penned a post titled Big Tech passkey implementations are a trap. In it, he complained that passkey implementations to date lock users into the platform they created the credential on.If you use Google Chrome as your browser on a Mac, it uses the Apple Keychain feature to store your passkeys, he wrote. "This means you cant sync your passkeys to your Chrome profile on other devices. In an email last month, Kim said users can now override this option and choose to store their passkeys in Chrome. Even then, however, "passkeys created on Chrome on Mac dont sync to Chrome in iPhone, so the user cant use it seamlessly on Chrome on their iPhone."Other posts reciting similar complaints are here and here.In short, there are too many cooks in the kitchen, and each one thinks they know the proper way to make pie.I have put these and other criticisms to the test over the past four months. I have used them on a true heterogeneous environment that includes a MacBook Air, a Lenovo X1 ThinkPad, an iPhone, and a Pixel running Firefox, Chrome, Edge, Safari, and on the phones, a large number of apps, including those for LinkedIn, PayPal, eBay, Kayak, Gmail, Amazon, and Uber. My objective has been to understand how well passkey-based authentication works over the long term, particularly for cross-platform users.I fully agree that syncing across different platforms is much harder than it should be. So is the messaging provided during the passkey enrollment phase. The dialogs users see are dictated arbitrarily by whatever OS or browser has control at the moment. There's no way for previously made configuration choices to be communicated to tailor dialog boxes and workflow.Another shortcoming: There's no programming interface for Apple, Google, and Microsoft platforms to directly pass credentials from one to the other. The FIDO2 standard has devised a clever method in an attempt to bridge this gap. It typically involves joining two devices over a secure BLE connection and using a QR code so the already-authenticated device can vouch for the trustworthiness of the other. This process is easy for some people in some cases, but it can quickly become quirky and prone to failure, particularly when fussy devices can't connect over BLE.In many cases, however, critics overstate the severity of these sorts of problems. These are definitely things that unnecessarily confuse and complicate the use of passkeys. But often, they're one-time events that can be overcome by creating multiple passkeys and bootstrapping them for each device. From then on, these unphishable, unstealable credentials live on both devices, in much the way some users allow credentials for their Gmail or Apple ID to be stored in two or more browsers or password managers for convenience.More helpful still is using a cross-platform password manager to store and sync passkeys. I have been using 1Password to do just that for a month with no problems to report. Most other name-brand password managers would likely perform as well. In keeping with the FIDO2 spec, these credentials are end-to-end encrypted.Halfway house for password managersWith my 1Password account running on my devices, I had no trouble using a passkey to log into any enrolled site on a device running any browser. The flow was fast and intuitive. In most cases, both iOS and Android had no problem passing the key from 1Password to an app for Uber, Amazon, Gmail, or another site. Signing into phone apps is one of the bigger hassles for me. Passkeys made this process much easier, and it did so while also allowing me the added security of MFA.This reliance on a password manager, however, largely undermines a key value proposition of passkeys, which has been to provide an entirely new paradigm for authenticating ourselves. Using 1Password to sync a password is almost identical to syncing a passkey, so why bother? Worse still, the majority of people still don't use password managers. I'm a big believer in password managers for the security they offer. Making them a condition for using a passkey would be a travesty.I'm not the first person to voice this criticism. David Heinemeier Hansson said much the same thing in September."The problem with passkeys is that they're essentially a halfway house to a password manager, but tied to a specific platform in ways that aren't obvious to a user at all, and liable to easily leave them unable to access ... their accounts," wrote the Danish software engineer and programmer, who created Ruby on Rails and is the CTO of web-based software development firm 37signals. "Much the same way that two-factor authentication can do, but worse, since you're not even aware of it."He continued:Let's take a simple example. You have an iPhone and a Windows computer. Chrome on Windows stores your passkeys in Windows Hello, so if you sign up for a service on Windows, and you then want to access it on iPhone, you're going to be stuck (unless you're so forward thinking as to add a second passkey, somehow, from the iPhone will on the Windows computer!). The passkey lives on the wrong device, if you're away from the computer and want to login, and it's not at all obvious to most users how they might fix that.Even in the best case scenario, where you're using an iPhone and a Mac that are synced with Keychain Access via iCloud, you're still going to be stuck, if you need to access a service on a friend's computer in a pinch. Or if you're not using Keychain Access at all. There are plenty of pitfalls all over the flow. And the solutions, like scanning a QR code with a separate device, are cumbersome and alien to most users.If you're going to teach someone how to deal with all of this, and all the potential pitfalls that might lock them out of your service, you almost might as well teach them how to use a cross-platform password manager like 1Password.Undermining security promisesThe security benefits of passkeys at the moment are also undermined by an undeniable truth. Of the hundreds of sites supporting passkeys, there isn't one I know of that allows users to ditch their password completely. The password is still mandatory. And with the exception of Google's Advanced Protection Program, I know of no sites that won't allow logins to fall back on passwords, often without any additional factor. Even then, all bug Google APP accounts can be accessed using a recovery code.This fallback on phishable, stealable credentials undoes some of the key selling points of passkeys. As soon as passkey adoption poses a meaningful hurdle in account takeovers, threat actors will devise hacks and social engineering attacks that exploit this shortcoming. Then we're right back where we were before.Christiaan Brandt, co-chair of the FIDO2 technical working group and an identity and security product manager at Google, said in an online interview that most users aren't ready for true passwordless authentication."We have to meet users where they are," he wrote. "When we tested messaging for passkeys, users balked at 'replace your password with passkeys,' but felt much more comfortable with more softened language like "you can now use a passkey to log in to your account too.' Over time, we most definitely plan to wean users off phishable authentication factors, but we anticipate this journey to take multiple years. We really can only do it once users are so comfortable with passkeys that the fallback to passwords is (almost) never needed."A design choice further negating the security benefits of passkeys: Amazon, PayPal, Uber, and no small number of other sites supporting passkeys continue to rely on SMS texts for authentication even after passkeys are enrolled.SMS-based MFA is among the weakest form of this protection. Not only can the texts be phished, but they're also notoriously vulnerable to SIM swaps, in which an adversary gains control of a target's phone number. As long as these less-secure fallbacks exist, passkeys aren't much more than security theater.I still think passkeys make sense in many cases. I'll say more about that later. First, for a bit more context, readers should know:Passkeys are defined in the WebAuthn spec as a "discoverable credential," historically known as a "resident key." The credential is in the form of a private-public key pair, which is created on the security key, which can be in the form of a FIDO-approved secure enclave embedded into a USB dongle, smartphone, or computer. The key pair is unique to each user account. The user creates the key pair after proving their identity to the website using an existing authentication method, typically a password. The private key never leaves the security key.Going forward, when the user logs in, the site sends a security challenge to the user. The user then uses the locally stored private key to cryptographically sign the challenge and sends it to the website. The website then uses the public key it stores to verify the response is signed with the private key. With that, the user is logged in.Under the FIDO2 spec, the passkey can never leave the security key, except as an encrypted blob of bits when the passkey is being synced from one device to another. The secret key can be unlocked only when the user authenticates to the physical key using a PIN, password, or most commonly a fingerprint or face scan. In the event the user authenticates with a biometric, it never leaves the security key, just as they never leave Android and iOS phones and computers running macOS or Windows.Passkeys can be stored and synced using the same mechanisms millions of people already use for passwordsa password manager such as Bitwarden, Apple iCloud, Google Password Manager, or Microsoft's cloud. Just like passwords, passkeys available in these managers are end-to-end encrypted using tried and true cryptographic algorithms.The advent of this new paradigm was supposed to solve multiple problems at oncemake authenticating ourselves online easier, eliminate the hassle of remembering passwords, and all but eradicate the most common forms of account takeovers.When not encumbered by the problems mentioned earlier, this design provides multifactor authentication in a single stroke. The user logs in using something they havethe physical key, which must be near the device logging in. They must also use something they knowthe PIN or passwordor something they aretheir face or fingerprintto complete the credential transfer. The cryptographic secret never leaves the enclave embedded into the physical key.What to tell Uncle Charlie?In enterprise environments, passkeys can be a no-brainer alternative to passwords and authenticators. And even for Uncle Charliewho has a single iPhone and Mac, and logs into only a handful of sitespasskeys may provide a simpler, less phishable path forward. Using a password manager to log into Gmail with a passkey ensures he's protected by MFA. Using the password alone does not.The takeaway from all of thisparticularly for those recruited to provide technical support this week but also anyone trying to decide if it's time to up their own authentication game: If a password manager isn't already a part of the routine, see if it's viable to add one now. Password managers make it practical to use a virtually unlimited number of long, randomly generated passwords that are unique to each site.For some, particularly people with diminished capacity or less comfort being online, this step alone will be enough. Everyone else should also, whenever possible, opt into MFA, ideally using security keys or, if that's not available, an authenticator app. I'm partial to 1Password as a password manager, Authy as an authenticator, and security keys from Yubico or Titan. There are plenty of other suitable alternatives.I still think passkeys provide the greatest promise yet for filling the many security pitfalls of passwords and lowering the difficulty of remembering and storing them. For now, however, the hassles of using passkeys, coupled with their diminished security created by the presence of fallbacks, means no one should feel like a technophobe or laggard for sticking with their passwords. For now, passwords and key- or authenticator-based MFA remain essential.With any luck, passkeys will someday be ready for the masses, but that day is not (yet) here.Dan GoodinSenior Security EditorDan GoodinSenior Security Editor Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords. In his spare time, he enjoys gardening, cooking, and following the independent music scene. Dan is based in San Francisco. Follow him at here on Mastodon and here on Bluesky. Contact him on Signal at DanArs.82. 8 Comments

Lisa Morgan, Freelance WriterDecember 30, 20249 Min ReadDmitriy Shironosov via Alamy Stock After surviving the pandemic with work-from-home policies, some organizations have decided that work should return to its pre-pandemic state in which most employees were expected to be in the office at least part of the week, if not the whole week.The problem with that is two-fold: First, organizations admitted that they were pleasantly surprised by remote work productivity, but now theyre saying, Yeah, but training is easier and water cooler conversations are golden. While those are compelling facts, organizations are forgetting that employees may vote with their feet.One reason is that employees discovered a new work-life balance during the pandemic that many do not want to give up. For some, that means flexible hours. For others, its the ability to be present at work and at home simultaneously.Especially the United States, [workers] have moved from big cities or simply to other areas far from their corporate offices, and their children have started attending schools near their new homes to work remotely. So, the requirement to start working in the office again means either a new move or a job change, says Diana Soprana Blaaitien, international HR and remote work expert for hospitality and IT sectors across Scandinavia and Germany. Employees who are told to return to the office are also unhappy about the increased costs of work: clothing, transportation, lunches, [and commute time].Related:Return to office (RTO) is the main reason why some people are changing jobs right now, particularly Gen Z.Gen Z, who prioritize work-life balance, will undoubtedly choose organizations without a strict RTO policy. This means that top talent and more candidates in general will be attracted by those that offer the opportunity to work remotely at least part of the time, says Blaaitien. Even some employees who come to me for selections identify the RTO policy as a deception by the employer because they were hired when they could work remotely, and now they are required to return to the office.The real reason RTO is happening is that some executives and managers feel more in control, or they believe remote work processes are not properly structured and managed. Theres also the real estate issue of leased and owned properties that are not being used to capacity.Diana Soprana BlaaitienI think that CEOs need to understand that the factory work structure -- work from 8 to 5 -- is already outdated and we are inevitably entering an era of a different perception and nature of work, says Blaaitien.Related:Dovil Gelinskait, senior talent manager at omnichannel marketing platform Omnisend, agrees.RTO mandates ignore the true purpose of on-site work: fostering creativity and teamwork. At Omnisend, we recognize that brainstorming, workshops and team building cant be replicated remotely. However, weve also found that rigid, outdated workplace models fail to reflect how much the nature of work has changed, says Gelinskait. Flexibility is now an expectation, especially among younger generations, so finding that balance between flexibility and in-person interactions is crucial. Companies that fail to do so will lose great talent to companies that do.RTO Adds to Stress and BurnoutOrganizations are facing pushback on their RTO policies, but employee exoduses will send a much more powerful message.In general, people do not like feeling that things are happening to them, and that they have no say, or choice in the matter. So, when you suddenly pivot to an RTO mandate, employees will take it personally, as it does impact their personal lives, and they will likely feel demoralized, says Ashley Alexander, chief people officer at observability platform Chronosphere. In most cases, employees are professional adults, so making knee-jerk decisions is going to cause unnecessary stress or burnout.Related:One reason RTO policies fail is because the employees who were forced back to the office spend their day on Zoom calls with colleagues who arent physically present.To avoid [this annoyance], there needs to be a thoughtful strategy ensuring pods or teams collaborating closely or benefiting from shared learning are in the office together, says Alexander. A sudden shift from remote work to RTO often highlights how dispersed teams have become. Without a clear location-based strategy tied to roles and responsibilities, the transition can feel chaotic and ineffective.A better way to approach it is to clearly explain how RTO benefits employees, or how the mandate positively impacts customers and the ability to get work done more efficiently. There should also be reasonable time given for employees to opt in or out of the RTO mandate, and executives should have to follow the same expectations as everyone else.According to Rachel Marcuse, COO at organizational consulting firm ReadySet, many employees see RTO as a regressive, antiquated move.Employees may be less engaged during a workday bookended by commutes and less than enthusiastic about the financial and climate costs of traveling to the office daily, says Marcuse. [B]usinesses could lose out on the best Gen Z talent, with recent studies showing that Gen Zers want the option to work remotely -- even as they also crave some level of in-person collaboration.Downstream EffectsAs companies enforce their RTO policies, there are downstream effects, the most obvious of which is getting employees to change their behavior, yet again.More rigid mandates shrink the available talent pool, especially for organizations, particularly those in smaller markets. Remote work has been a boon for these companies, granting access to talent they wouldnt typically be able to attract, says Darrin Murriner, CEO and co-founder at automated technology coaching platform Cloverleaf. For candidates, rigid RTO decreases the number of available job opportunities, creating a lose-lose situation for both sides.For example, such mandates increase operational costs, including housing in-office employees and managing relocations. These policies can also create disruption and uncertainty, driving valuable employees to reconsider their roles within the organization.For employees, rigid RTO policies can disrupt work-life balance and push them to seek employers offering more flexibility. For candidates, RTO mandates reduce job opportunities by limiting options to local markets rather than leveraging the global opportunities remote work provides, says Murriner. This creates a more constrained and less competitive job market, diminishing both employee and employer prospects for finding the best matches.Rather than simply issuing an RTO policy from the top-down, it is wiser to gather input from all levels, creating tailored solutions for specific roles, and providing flexibility for individual managers to adapt policies to their teams. Such strategies mitigate disruption and uncertainty, help retain top talent, and foster trust by focusing on clarity and predictability.How DOGE May Impact RTOThe United States new Department of Government Efficiency, (DOGE) a consultancy jointly spearheaded by Elon Musk and Vivek Ramaswamy, has already made it clear that RTO five days a week will be non-optional for government employees. What impact might that have on the private sector? For one thing, it may embolden more private companies to issue RTO mandates of their own.Cloverleafs Murriner believes government RTO mandates like DOGE will likely shift costs rather than solve workforce challenges.These mandates increase the financial burden of housing in-office employees and managing relocations, and they exacerbate societal costs in cities with larger federal employee bases, like DC, where traffic congestion and infrastructure challenges could worsen, says Murriner. For private organizations, these mandates may have some influence, but the private sector is more likely to prioritize adaptable, talent-driven policies over rigid government models, avoiding the pitfalls of unnecessary cost and limited flexibility.What if RTO Mandates Really Do Fail?If RTO mandates fail, it will prove that strict office policies no longer fit the realities of modern work, according to Omnisends Gelinskait.Employers will have to invest in flexible work models and employee well-being instead of maintaining office space. In the long run, this could make such companies more competitive in todays job market, whereas those that cling to office-first policies will likely struggle to attract and retain top talent, says Gelinskait. A sound RTO strategy should make people want to be there. Employers should clearly communicate the benefits of office attendance, such as tasks or activities that thrive on in-person interaction. A strong strategy should also involve employees in shaping how office time is used.For example, at Omnisend, the team leads decide what kind of working model they apply. Some teams benefit from in-office work much more than others, so this dynamic approach allows each team to tailor their work model to what works best for them.Chris Rowe, co-founder of executive recruiting firm pltfm believes that any mandated policy in 2025, RTO or not, has potential to fail. If talent has a choice of being in the office two or three days a week versus five, theyll choose the lesser amount.Chris Rowe, pltfm My sense is that [4 days in the office and one at home or five days in the office] are far more common and the fully remote icecaps are somewhat melting under people's feet, says Rowe. Companies need to compete for talent, so I suspect there will be policy, and then there will be shades of grey around that policy. The strongest companies in [each] sector typically have the strongest and most defined cultures, says Rowe. Any of those companies will tell you that regardless of the multimillion-dollar budgets they deploy via digital learning initiatives, the best learning comes via an apprenticeship culture, fostered by listening, watching and doing. This latter argument supports RTO.While Rowe believes most career-orientated candidates will compromise if the opportunity is right, a mandated five-day RTO is a significant buzzkill for talent, even if the brand will significantly elevate someone's resum. He recommends that companies:Identify core competitors for talent. (Tip: they probably arent your core competitors.)Understand what they are doing RTO-wise.Be curious about what you can learn from them.Design an RTO strategy that satisfies the executive committee and still keeps the company looking more progressive than the full-week RTO competitor.Train hiring managers to deploy "shades of grey" around the rhetoric and policy.Bottom LineOrganizations are engaging in risky behavior by issuing top-down RTO mandates that are in direct conflict with what employees embraced as the new normal during the pandemic. While there are benefits of working in an office, a blanket five-day RTO mandate is likely to face considerable resistance.After all, a simple change in policy can have far-reaching implications for employees that employers need to consider. The price of the mismatch may be losing good employees to competitors and difficulty attracting top or critical talent.About the AuthorLisa MorganFreelance WriterLisa Morgan is a freelance writer who covers business and IT strategy and emergingtechnology for InformationWeek. She has contributed articles, reports, and other types of content to many technology, business, and mainstream publications and sites including tech pubs, The Washington Post and The Economist Intelligence Unit. Frequent areas of coverage include AI, analytics, cloud, cybersecurity, mobility, software development, and emerging cultural issues affecting the C-suite.See more from Lisa MorganNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeWebinarsMore WebinarsReportsMore Reports

Venkat Rangan, CTO & Co-Founder, ClariDecember 30, 20244 Min ReadBill Cheyrou via Alamy StockGartner recently shared that AI is the No. 1 technology that CEOs believe will significantly impact their industries within the next three years. However, as enterprise leaders have realized by now, turning AIs promise into measurable outcomes requires more than technology -- it demands aligned strategies, governance, and scalable operating models.AI councils have emerged as essential tools for enterprises to harness the full potential of this evolving technology, ensuring investments align with business goals and deliver tangible results.AI Councils: Essential for ROIAI initiatives can quickly become fragmented and ineffective without strategic coordination. In fact,Gartner revealed in its report that49% of leaders note challenges scaling AI due to scattered approaches. This is where AI councils come into play. Acting as central hubs, these councils streamline efforts by unifying AI investments, helping enterprises move beyond experimental projects to scalable strategies that deliver measurable outcomes. For example, AI councils bridge insights across departments, from pre-sales to customer support, while establishing governance and literacy.At the heart of AI transformation are CIOs, making them uniquely positioned to guide their organizations through an AI council approach. No longer confined to the traditional IT role, todays CIOsare stepping forward as leaders of business transformation and revenue growth. With comprehensive access to enterprise data and systems, CIOs can align current AI initiatives with business goals and position this technology as a competitive differentiator and growth enabler. Related:Establishing an AI CouncilTo effectively establish an AI council, business leaders must consider these three elements:1. Identify stakeholders: Bring together leaders from cross-functional teams to ensure diverse perspectives and enterprise-wide alignment.2. Set objectives and KPIs: Define clear, measurable goals for AI initiatives to track progress and demonstrate value.3. Align strategies: Gartner emphasizes the importance of synchronizing AI strategies with IT and data and analytics plans to maximize synergy and streamline implementation.Strategic Questions Every AI Council Should AddressA foundational aspect of an effective AI council is its ability to frame and address the right questions -- those that maximize the impact of AI initiatives across an organization. By doing so, the council provides clarity, alignment, and actionable insights to guide strategic decisions.Related:Questions serve as a unifying thread, connecting diverse roles, technologies, and objectives. They ensure that every AI-related initiative contributes to broader organizational goals. In my own experience with AI councils, these questions have been instrumental in guiding successful outcomes.For instance, my enterprises AI council was established with a clear purpose: to act as a cohesive force across various roles, connecting experiments, pilots, proofs of concept, and broader investments in AI. This focus has helped the council provide meaningful answers to questions such as:How can customer support teams leverage insights from pre-sales calls to enhance service and outcomes?How do we create a through-line across go-to-market (GTM) roles to avoid isolated productivity improvements and foster collective advancement?How can we extract maximum value from existing technologies within the enterprise tech stack?Is there a consolidation opportunity, such as adopting a single tool or shared technologies, to enhance collaboration and efficiency across teams?By addressing these questions, the AI council not only found impactful solutions but also surfaced additional questions that needed to be asked -- ensuring a continuous cycle of refinement and innovation.Related:Measuring AI Outcomes and Driving ROIMany organizations overestimate AIs immediate potential, leading to challenges in scalability and implementation. For example, RAND recently shared that 80% of AI projects are failing. Insufficient training data, a focus on cutting-edge technology over user needs, inadequate infrastructure for deployment, and applying AI to problems beyond its current capabilities, are shared as common barriers to successful AI implementation.AI councils enable enterprises to avoid common AI integration pitfalls like technology overhype by helping leaders focus on the impact of AI on business-critical objectives rather than the appeal of the technology itself. A successful AI council willtrack technology metrics such as: time saved on revenue-critical tasks, improved customer engagement, and cost savings. Gartner also recommends developing KPIs tied directly to business priorities for clearer impact evaluation.The Future of AI Councils: A Strategic ImperativeAs CIOs and enterprise leaders take on the challenge of scaling AI, the importance of a well-structured AI council cannot be overstated. Its a strategic imperative, not just a tactical tool. By focusing on measurable impact, ensuring alignment across roles, and embracing a continuous cycle of refinement, AI councils position organizations to thrive in an AI-driven future.About the AuthorVenkat RanganCTO & Co-Founder, ClariVenkat Rangan brings over 37 years of technology innovation and leadership experience to Clari. Prior to Clari, Venkat was the co-founder and CTO of Clearwell Systems, Gartner's highest-ranking e-discovery company, which was acquired by Symantec in 2011. At Clearwell, Venkat's team developed several industry-leading innovations in search, machine learning & predictive analytics.See more from Venkat RanganNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeWebinarsMore WebinarsReportsMore Reports