Talk at PasswordsCon 2018: How iOS Encourages Healthy Password Practices

The video of the talk I gave at PasswordsCon 2018 in Stockholm is now available.

My claim: a password manager needs to be more convenient and reliable than reusing memorable passwords to be widely adopted.

The talk covers:

  1. The fact that I have amazing colleagues
  2. Some background on Apple’s role in password management
  3. Why iOS 11.3 removed filling user names and passwords into web pages without user consent
  4. What iOS 12 does to make it easier to log into websites
  5. How iOS uses Face ID and Touch ID to secure logging into websites and apps
  6. What iOS does to guide users toward strong, unique passwords
  7. Why we changed the format of passwords that iOS generates for users
  8. Why iOS allows users to bring their own password manager
  9. Password Rules, a computer-readable description of a service’s password requirements
  10. The Well-Known Change Password URL, why it exists, and how to adopt it

I had a lot of fun preparing this talk, and I hope that folks find it useful.


Introducing Password AutoFill for Apps

I presented a session at WWDC this year. The video can be found on

What Twitter Means to Me

I tweeted for the first time ten years ago today.

That’s not very interesting, but it is an excuse to write a little bit about what Twitter means to me personally.

Lots of people are down on Twitter these days, and there are legitimate reasons to be. The open API that allowed third-party clients to flourish has been locked down in a way that’s discouraged the kind of innovation we used to see on the platform. Unchecked harassment that started on Twitter during GamerGate has fueled a movement of hatred that arguably contributed to the toxic atmosphere surrounding the 2016 US election. At different points, it hasn’t been clear whether the company takes harassment seriously, and if it does, whether it’s capable of addressing it. And recently, Twitter shut down Vine, a service that was source of joy for many people, including me.

Moving beyond issues that are within Twitter’s direct control, friends of mine have been talking about or actually leaving Twitter solely due to increased non-harassment negativity leading up to and persisting beyond the 2016 US election. Twitter reflects and amplifies our anxieties; it’s hard to escape news of Donald Trump, a resurgence of fascist tendencies, and a political movement that rejects empathy and science.

These are real problems, and if someone wants to stop using Twitter, that’s their decision to make. I still use it daily, because I love the people that Twitter has helped me meet or stay in touch with, and they’re an important part of my life.

When I was in high school in a small town in upstate New York, I didn’t really have anyone around to help develop or even share my interest in technology with. Twitter was my connection to the world I wanted to live in. Although I’d been a member of several forums in the past, I liked Twitter more than any forum because there was no pretense of being limited to any particular topic. In 2008, Twitter was accessible on my iPod touch in a way that other communities weren’t. From that iPod, I followed people who talked about Mac software, making web pages, podcasting, and politics, and that stream of information helped me figure out what I wanted to do with my future.

What started as a way for me to fill a void in the types of people I knew in “real life” changed as I left that small town. Today, Twitter is how I get my news. It’s helped me see different perspectives, particularly around gender-related issues both in and outside of the technology industry. It’s how I tell the world about the cool stuff I’ve worked on. And recently, I count on it as the first place I’ll find out where important protests are taking place.

I can find humor and entertainment in all sorts of places, but Twitter is the online community where I can check in with friends I care about. Friends who share common interests, like Apple, web development, certain music, or a narrow interest in video games. Friends who are sincere, thoughtful, and willing to change their minds. Friends who share their jokes, their hopes, their fears, their good days, and their bad days. Friends who cheer each other up, push each other forward, and celebrate each other’s accomplishments.

From what I can tell, the cloud of anxiety that has surrounded everything since the 2016 US election is real, and it’s affected a lot of us. As a society, we’ve moving backwards, and many of us are directly under attack by the new administration. While attempting to cope with this new reality, my Twitter friends have been a bright spot. If you are one of these people, I hope you know that I think you’re great.

Introducing Safari View Controller

I presented a session at WWDC this year. The video, along with a transcript, can be found on

Ya Facked

Here are some photos of things in Boston that are currently facked. My iPhone shut itself off twice while taking these from being too cold.

This bicycle is facked.

These receptacles are facked.

This bench is facked.

These pay phones are facked.

These bicycles are only slightly facked.

These parking meters are pretty facked.

This car is facked.

This car is also facked.

This car used to be facked. Good job unfacking your facked car, somebody.

This car is so facked.

This car is pretty facking facked.

No. Seriously. Look at how facked that car is.

This facked thing? Another facking parking meter.

To end with some hope, this bicycle is totally non-facked.


SEO is important because it keeps the search results fair.

Most people think that the best way to increase your Google SERPs is by improving your website. Unfortunately, that isn’t true, and we need to come up with another approach, one that covers all the SEO services entirely.

So let’s talk about how you can boost your SEO with a legitimate email list. I think that it’s crucial to not just send out newsletters to your subscribers. I’ve seen some people just spam their subscribers with links to their blog posts, but I don’t think that’s ideal.

The best way to send emails to your readers is by having them read and subscribe to a relevant blog post. So how do you make sure that your emails reach them?

First, you need to go to a web address like, click on the button with a red dot, and sign up for a newsletter.

Then, you need to use the Follow Blog button to make sure that your email doesn’t just go to the first email blast. The purpose of this is to try to open your email to see who it’s from and read through it. It’ll help you target the email recipients in your network.

After signing up, check the unsubscribe list box because this can bring on a flood of spam.

Now, I’ve used this system with others who were unable to get it to work. So, if you don’t get it to work right the first time, you may have to give it a try in a week or so. Just make sure to subscribe to the newsletters of bloggers who are relevant to you, and also not spam your readers.

If you just want to make sure that your emails are open and read, you can also check out It’s a tool that allows you to see the emails from a particular website and do a little search to see if it’s a relevant blog.

As far as which blog to focus on, there are actually a lot of different blog sites to find good content. One of the best is which is a resource that organizes thousands of search results. It’s a great way to find content that is relevant to your niche.

The other one to try is Uwe Krause’s blog. Uwe Krause has an interesting method for promoting your blog using social media. Basically, you tweet and blog all at once, and people read your posts and then share it on other social networks. The email blast won’t go to anyone on your list, but it will increase traffic to your blog.

The best time to do this is on your blog posts. Krause said in the interview with BuzzSumo that you can do this when you publish your blog post.

Last but not least, you need to make sure that you’re using the latest, best tools to keep your emails open and read. Many of the links that you write are going to get deleted in a couple of days, so you need to be sending out more than once a week to stay relevant.