WWDC 2019 Talk: What’s New in Authentication

Published on July 6, 2019.

I presented a session at WWDC this year. You can find the video on developer.apple.com, or in the WWDC app. If you’re interested in how apps and websites authenticate users, or you’d like to know how I’ve been spending some of my time at Apple, it’s worth checking out.

An aside: This was the fourth talk I’ve prepared and delivered at WWDC. (That’s four in seven years!) I’ve learned a lot every time I’ve done public speaking, but this time I picked up a specific, tactical lesson: empty your back pockets before getting on stage.

About fifteen minutes before showtime, I took a hairbrush to the bathroom to fix up my hair, stashed the brush in my back pocket, and then immediately forgot about it. I might have been too nervous to remember it.

As I was walking up the staircase to get onto the stage, a loud ~ THWACK ~ surprised me from behind. Oh no! My audio gear fell off the back of my jeans. It’s all over; I’m about to fail. The time I spent preparing and practicing doesn’t matter — the demo gods have enacted their revenge for my talk not actually including a demo.

Or not. When I turned around, I could see that the forgotten hairbrush was to blame, and that it hit the metal stairs on its descent, making the loud sound.

I got lucky. If the brush had held on for just a moment or two, it could have leapt out of my back pocket mid-sentence, as I was being filmed. I’m not sure how I would have recovered from that. Would I bend or kneel down to pick it up? Casually kick it to the side or off the front of the stage? Pretend nothing happened? While ignoring it, trip on it?

My brief terror turned into an overwhelming sense of relief and thankfulness. I haven’t failed. This could have been so much worse. Let’s go do the thing!

This whole episode, playing out over just a few seconds, neutralized a lot of the nervous energy I normally have at the start of a talk, and I think for the better. For me, a lot of what goes into public speaking is managing my emotions; I’m trying to be calm enough to be clear, but enthusiastic enough to keep the audience’s attention. The next time I’m in front of a crowd, I’d like to summon this feeling of gratitude — I’m so lucky; let’s do this! — and incorporate it into that emotional balance. I’ll just have to find a way to do that without first having a moment of all-consuming panic! 🙃

Talk at PasswordsCon 2018: How iOS Encourages Healthy Password Practices

Published on December 4, 2018.

The video of the talk I gave at PasswordsCon 2018 in Stockholm is now available.

My claim: a password manager needs to be more convenient and reliable than reusing memorable passwords to be widely adopted.

The talk covers:

  1. The fact that I have amazing colleagues
  2. Some background on Apple’s role in password management
  3. Why iOS 11.3 removed filling user names and passwords into web pages without user consent
  4. What iOS 12 does to make it easier to log into websites
  5. How iOS uses Face ID and Touch ID to secure logging into websites and apps
  6. What iOS does to guide users toward strong, unique passwords
  7. Why we changed the format of passwords that iOS generates for users
  8. Why iOS allows users to bring their own password manager
  9. Password Rules, a computer-readable description of a service’s password requirements
  10. The Well-Known Change Password URL, why it exists, and how to adopt it

I had a lot of fun preparing this talk, and I hope that folks find it useful.

Resources

Introducing Password AutoFill for Apps

Published on June 13, 2017.

I presented a session at WWDC this year. The video can be found on developer.apple.com.