Talk at PasswordsCon 2018: How iOS Encourages Healthy Password Practices

The video of the talk I gave at PasswordsCon 2018 in Stockholm is now available.

My claim: a password manager needs to be more convenient and reliable than reusing memorable passwords to be widely adopted.

The talk covers:

  1. The fact that I have amazing colleagues
  2. Some background on Apple’s role in password management
  3. Why iOS 11.3 removed filling user names and passwords into web pages without user consent
  4. What iOS 12 does to make it easier to log into websites
  5. How iOS uses Face ID and Touch ID to secure logging into websites and apps
  6. What iOS does to guide users toward strong, unique passwords
  7. Why we changed the format of passwords that iOS generates for users
  8. Why iOS allows users to bring their own password manager
  9. Password Rules, a computer-readable description of a service’s password requirements
  10. The Well-Known Change Password URL, why it exists, and how to adopt it

I had a lot of fun preparing this talk, and I hope that folks find it useful.