We’ve all been there. You’re signing up for a new service or creating an account for a new app, and you’re asked to pick a password. You know you should use a strong, random password, but in a rush to get started, you take the easy path and choose a weak, memorable password instead because it’s the path of least resistance.
Apple has been pushing back against those bad habits with new iOS features designed to combat password reuse by flipping the calculus on its head. In an excellent presentation given at PasswordsCon 2018 in Stockholm, Sweden last week, Apple engineer Ricky Mondello explains the iCloud Keychain features implemented in iOS since iOS 11 and the thinking behind them. He also provides tips and resources for web and app developers who want to integrate better with those features.
What I especially like about Mondello’s talk is the insight into the thought and effort that’s gone into making good passwords easy to create. It’s not something I’ve thought about much before, which I take as a sign that Apple’s Safari and iCloud Keychain engineers are succeeding.
The presentation is also fascinating from a design and user experience standpoint. As Mondello explains, people are ill-suited to create and remember random passwords. It’s a problem that’s right in a computer’s wheelhouse, but one that also requires users’ trust and an understanding of their habits to solve.
I recommend watching Mondello’s talk. There are a lot of interesting implementation details throughout the talk and insights into the thinking behind them, which are approachable whether you have a background in the topics covered or not.