Apple's Opportunity to Take Two Factor Authentication Mainstream

Touch ID has brought a level of convenience, speed, and security to consumer electronics that has never been seen before. Your fingers are always with you, they're unique, and the fingerprint recognition is incredibly fast. In addition to that, an image of the fingerprint itself is not stored on the device, and what does get stored is kept in an ultra-secure enclave within the phone - never sent over the Internet. Each of these pieces is fundamentally critical to enabling mainstream adoption of two factor authentication. If the scanning were slower or less reliable, even only slightly, that could be enough to invalidation my entire assertion below.

Right now you've got people who not only avoid two factor authentication, many use the same password for everything, store passwords in a text file, use really simple and obvious words, or any number of other terrible practices. Then if they're hacked, they are surprised. Whether we like admitting it or not, the fact is that without an extraordinary amount of convenience, more secure practices will not become commonplace. 

The Potential

Apple has an opportunity to make two factor authentication commonplace; hopefully it will be instilled as a societal expectation that a hardware vendor provide a secure solution on par with this, but that's getting ahead of myself. So what does this hypothetical two factor authentication using Touch ID look like?

Apple releases an API so that websites support two factor authentication with Touch ID. When you log into the website with a username and password a request is sent to the device of your choosing, let's say an iPhone for now. Your phone lights up with the standard Touch ID authentication push alert with some basic information about the website that is making the request. Your fingerprint is never sent over the network, let alone to a third party website, but instead (much like third party apps in iOS 8) a simple "yes" or "no" is sent back to verify the user.

The push alert appears within a second or two, the scan doesn't require unlocking the device or anything, and in fractions of a second the fingerprint scan completes. Done. You now have an account that is nearly impossible to access without your permission (assuming the third party doesn't have some security loophole elsewhere).

Ultra fast. Ultra secure. Ultra convenient. Easy to understand and setup. It just works.

Longer Term

Longer term you could take this a step farther and include the Apple Watch. Right now, once authenticated, the Apple Watch doesn't require a PIN until contact with the skin is broken. Eventually the sensors on the back of the watch might to be able to use your biometrics (blood pressure, heart beat pattern, etc.) to create a unique identifier for you. The two factor authentication could be as simple as tapping "yes" on your watch face since the device already knows it is you.

What's the Hold Up?

There is nothing stopping Apple from doing this today. The hooks are already built into iOS to enable the Touch ID prompt from a third party. The API and third party implementation of the API is really the only big piece missing. It isn't trivial, but it is well within the scope of realistic.

One important consideration is how do you manage the situation where you've lost your phone? That's a tough one, likely a recovery password coupled with something else, maybe even a webcam based facial recognition option (which also has drawbacks). This isn't a perfect solution, but the benefits vastly outweigh the drawbacks as far as I can tell.

Closing Thoughts

I think Apple has a lot to gain here (for their image alone, if nothing else) and they're in a position to educate users how to take better care of their digital belongings. I cannot imagine any process that is more convenient that offers even a fraction of this level of security. Apple would be wise to roll this out as soon as possible, especially now that Touch ID equipped devices are numbering well into the tens of millions. I know I would use it for nearly everything, and I think this just might be enough for the average person to want to protect themselves.

Microsoft Buying Minecraft's Creator is a Long Play

If you haven't heard, Microsoft is buying Minecraft's creator for $2.5B. The young people hardly even know what Microsoft does and the older audience is thinking, "Mine what?" So here's why I think this, if positioned correctly, could be a vital long play for Microsoft.

It is no secret that Microsoft is having a miserable time launching Windows Phone into relevance. I suspect they'll keep up with the effort they have, however, by buying Minecraft's creator (who has a very loyal following) they can effectively admit defeat on the market of anyone 16 and over today and target those that are younger.

Obviously not many young teens or children buy flagship smartphones, but if Microsoft can slowly transition a Minecraft following into a Microsoft platform following, they'll have people (now grown up) with a decade of loyal love for the brand. Once these young buyers are the vital 18 to 25 year olds in the market there will be a decade of Windows Phone first (or Windows Phone exclusive) launches to bolster the image of their platform.

Microsoft is well aware they've lost the battle for now, but while all the competitors are fighting for sales today, Microsoft just made a wise long play for a decade from now. Keep in mind, execution of this is not guaranteed; in fact it will be challenging to keep their eye on a prize that far into the future, but make no mistake how loyal and enormous the Minecraft following is.

NFC on the iPhone 6 Just Might Happen

NFC is a neat technology, but it isn't terribly useful without a rich ecosystem in which to use it. Payments come to mind, but a lot of people have tried this before. While prior efforts haven't been a total flop, they aren't exactly exploding with popularity.

Every year there are rumors of the iPhone gaining NFC. Every year the event passes without mention of NFC. Until now, maybe.

I'm not sold on the notion that the iPhone 6 will have NFC, but I wouldn't bet against it at this point like I would have confidently in years past. If Apple does add NFC it will be accompanied by a launch of a rich platform in an attempt to drive their solution to complete ubiquity - on iOS devices only, naturally.

They already have hundreds of millions of credit cards on file. They already have a secure payment infrastructure. Apple is uniquely positioned to offer services to their customers that are tremendously secure and protect your data. Apple makes money from devices and that requires people trust their devices. Other services, offered for free, are rarely incentivized to provide the same level of protection. Coupled with iBeacon you could make the argument that a "retail 2.0" experience could be possible should Apple be successful in their hypothetical effort. There are speed bumps though. This would require a lot of retailers getting a lot of new hardware - though inexpensive, it is still nontrivial.

If they launch a wallet solution like they launched Passbook*, I don't have much confidence we'll see it take off. I also don't see them doing something like that. With Bluetooth Low Energy, Apple has very little reason to add NFC unless they are going to hit a grand slam with it.

The wallet is a concept that is painfully ready to be redesigned from the ground up. There are privacy and security concerns to slow down progress, not to mention legal concerns given the need to carry a photo ID as an adult.

I think that Apple is uniquely positioned to do something about it, at least in the US. Their devices are "everywhere," they have a tremendous incentive to keep your data totally secure, people trust them, governments trust them more than most tech companies, and the more they can lock you into their walled garden the better (for them).

I think it is safe to say that September 9, 2014 will be a day to remember for many reasons. If nothing else, it just might finally be the day that the annual NFC predictions finally come to fruition. 

*I love Passbook, but it hasn't exactly gone mainstream and adding passes is tremendously confusing for most people, especially when it launched with very little app support.

When the Users' Priorities are Eclipsed by the Brand's – Why I'm Leaving RunKeeper [Updated x2]

Update 2 (9/27): RunKeeper's updates this week reversed course on this, sharing is no longer an extra tap if you always bypass it! It sounds so dumb, but it is genuinely appreciated


458 activities. 851 miles. So much beautiful data... it is all as good as gone. Let me back up a few steps. I really enjoy data. I have tracked every mile, minute spent in my car, and thousandth of a gallon of gas put into my car, all because I love data. I have used RunKeeper for years to do the same with my walking. In fact, I have been a member since 1969 according to their records, who am I to argue that? 


Alright, that might be a bug, just possibly, but why am I throwing this data away?

Simply put, my priorities as a RunKeeper user have been eclipsed by the priorities of the company. Now, admittedly, I'm not a very valuable user to them because they do offer so much at the free tier, but I still believe that the user should matter. None of my complaints would be remedied by becoming a paid member, so that option is out.

For many months I have been hoping to gain a feature where "recently used" contacts appearing at the top of the list when tagging people in an activity (not social media, just including them so their RunKeeper stats reflect the activity recorded by my phone).  I contacted them about it after several months of frustration and received a "we'll see what we can do." Sadly no progress as of yet.

Tagging my wife by searching for her name is an annoyance, but nothing more.

However, a recent update added a "feature" that prompts the user for social media sharing on every single event. This is even present despite the fact that I have no social networks connected to the app. I am not the only one who is unhappy about the update, there are several feature requests with many up-votes and comments on each here, here, and here.

If the user has connected social media accounts, this might make sense, but only if there is a "never show this again" option. With no accounts connected this isn't only annoying, it is highly illogical. It sends the message that RunKeeper will do anything to get you to post the spammy "I just completed a walk!" messages to your feed. 

I went poking around the settings menu hoping to find an option to disable this, there isn't one. What I did find, though, are 2 prompts to rate the app – one at the top of the settings menu and one at the bottom. Again, they are putting their own needs ahead of the user.

To be perfectly clear, every app should have a link to leave a review, and I prefer this over the popup prompt that inspired Gruber's rants, but their implementation is annoying.

It isn't the end of the world, and I understand that complaining about a free app and free service is rather petty on my part. These frustrations have inspired me to begin shopping around for alternatives. Nike+, MapMyWalk, and others are on my radar, but I certainly welcome feedback and recommendations. I am happy to spend money, though I'd prefer to buy an app than to pay a monthly fee.

I hope RunKeeper changes their mind. Their brand is nearly ubiquitous so the self-centered behavior of the app seems senseless. I have enjoyed the rich feature set and general interaction with the app to this point; though not perfect it more than met my needs.

Update: I don't like the step backward in the user experience, but it has become clear why they can get away with it - there isn't anything better right now. Nike is focused solely on running. Map My Walk has a clunky UI, multiple prompts to upgrade, needless push notifications, and ad banners. There are others, but none seem to be able to dethrone RunKeeper. So for now, the solution is to suck it up. 

Withings Activité - Building A Watch, Then Making it Smart

The new Withings Activité smart watch is beautiful, unlike many of the other entrants to the market.

The first thing that stands out to me is how clearly different the approach to creating this product must have been. If you take Samsung, LG, or even Pebble (I'll talk about Motorola in a moment) it is pretty obvious they started with a list of features and built the watch around it. Withings has undoubtedly started with a simple and timeless watch design and added intelligence to it. These two approaches are worlds apart.


The Activité gets 1 year of battery life. Pebble et al. gets 3-7 days. The Activité could be worn on a first date (this is Bradley Chambers' rule of thumb for smart watch design, and I love it), the others... not so much. On the flip side, the Activité doesn't have the wide range of features found in the competition, but a feature checklist is never a good design guide for something like this.

I have stopped wearing my Pebble because it was bulky and unattractive as a time piece. I think time and unit sales will confirm this, but an elegant complement to the smartphone that people already love is vastly more appealing than a miniature smartphone strapped to the wrist. The biggest problem here is the price ($390), but that'll come down over time; not to mention people that are able will happily pay for high quality and beautiful products that appeal to them.

The Moto 360 looks to be an attempted hybrid between looks and features. I think Motorola is on the right track, but the watch is still quite thick, it is decidedly masculine, and the battery life isn't quite where we'd like to see it (even if it doesn't last a year). 

The looming question surrounding smart watches is "what problem do they solve?" With the Withings Activité looking like an elegant and classic timepiece, that question might be demoted in importance just enough to kick start the wearables movement beyond the early adopter market. By starting with design instead of features, Withings has shown a light on what might become a mass market product category. I wouldn't bet my lunch money on it, but there is very little doubt that it is a step in the right direction.

Solving the Wrong Problem

Throughout the switch from a Microsoft based solution (Outlook, SharePoint, Office, etc.) to a Google based solution, I witnessed a great deal of frustration, anxiety, and even anger. Why? A full generation of people have never used anything besides the Google solutions, and it works just fine for them. It is clear to me that there are two fundamental considerations - what is the problem, and how do we solve it? This applies broadly beyond technology, but I'll leave that part to the philosophers. 

Of those that struggled with the Microsoft to Google change, many had MSN, Hotmail, or Comcast personal email addresses, so this was very new territory for them. Their goal was clear, find a way to do with Gmail exactly what they were doing when they used Outlook - rules, formatting, distribution lists, folder structure, email retention methods, etc. 

Rather than taking an opportunity to re-evaluate how the fundamental problem (efficient email communication that is well organized) was solved, they wanted to fit the new software to the old flow. This is a single example that demonstrates a common theme in large bodies of people, be it companies or governments. Change is slow because there is an inherent cost to change beyond the fiscal cost. This results in "ghosts," or traces of the company's original ways, that haunt the employees for decades. When business decisions are based on these artifacts, often the best solution cannot be implemented with the old software. I suspect this plays a role in what ultimately brings about the demise of most large companies; there is, after all, a cycle.

This question has been asked of Apple many times, even directly to Tim Cook in his interview with Brian Williams (10:05) - how do you avoid the natural life cycle of a company? Is it even possible? I suspect Apple has a lot of historical artifacts internally as well, but something tells me that they're thrown to the wind in favor of the "right" solution much more often than the average company.

The only way to avoid this is to hire extremely curious and open minded people, but that isn't sustainable at a massive scale. The type of people that view the change as a way to improve upon the way things are done. Note that this isn't an engineering vs. non-engineering dilemma, I have seen more than enough instances of engineers and non-engineers alike excitedly exploring the changes while others avoided and complained about it.

Whenever possible, take change as an opportunity to clean house, re-evaluate how the original problem might be solved with new technology or software, and perhaps ultimately avoid being a "hoarder" of the old ways. 

Apple's Rumored Home Automation Solution is Already in Most Homes

[Note: Sorry for the duplicate post, I really didn't like that first title.]

News broke (subscription required) over the holiday weekend that Apple is rumored to announce a home automation solution and/or platform at WWDC this year. Of course, rumors like this are to be taken with a grain of salt, but John Gruber's reply of "I’m pretty excited for next week." is classic Gruber-speak (albeit not a sure thing) for "this is happening."

So why does Apple have a shot at this working? How do they possibly expect to release a platform for the home when they're so notorious for closed ecosystems? Surely everyone can't afford to outfit their entire home in Apple products. This is only speculation, but here's how I think Apple can easily capitalize on this opportunity.

Framework is in Place

I've pointed this out before, but it is worth highlighting again. Apple is exceptionally good at putting a framework in place over the course of years without anyone giving it too much attention, then they drop a bomb of an announcement and suddenly everyone realizes the framework is in place already. Competitors have a hard time catching up because that framework takes years to build. Their iBeacon strategy is exactly that, though I don't think we've seen the bombshell of how it'll be utilized yet.

One big hurdle for home automation is cost. There is always a hub that must act as a brain for the whole thing, and that hub is usually quite expensive. Apple has this problem solved already with at least one iOS device in hundreds of millions of homes across the world. There is some concern for whether or not those devices stay within the home (or even need to) to keep the smart home products working, but that doesn't seem like a hard problem to solve with devices being connected so much of the time now.

With this infrastructure, Apple already has the app distribution system in place, the payment solution in place, the third party relationships in place, and the biggest monetary investment from the customer's perspective has already been made. It also doesn't hurt that Apple's solution here is supported by their vested interest in user privacy. Apple has already made their money from the customer, they don't need to sell user data; in fact they're highly motivated to keep that data as safe as possible to keep customers happy - this solves one of the major potential road blocks I highlighted in my piece "The Trouble with the Internet of Things."

Closed Yet Open 

Apple has very tight rules on how you can play in their ecosystem. They've also drawn some very controversial lines in the sand related to things like customization, inter-app data sharing, and plenty more. However, they're also smart. They know that they can't do everything themselves, they saw that when they announced the App Store, and surely they see it with a smart home solution. Apple makes a hell of  a platform for both users and developers.

Apple doesn't have to make any new hardware for this home automation solution. That's pretty insane if you think about it. It also gives them a massive head start (except against Google, more on that later). All they have to do is enable third parties to make products that adhere to the rules and use the APIs that Apple creates.

What better time to announce these new APIs than at WWDC? With some choice hardware partners they'll have a modest set of "solutions" available on the day that iOS 8 ships to the public this fall. All a user has to do is update their iPhone or iPad and buy a couple of accessories and their home is suddenly connected. We aren't too far from this right now with Lockitron and others, but I think by Apple taking on the infrastructure costs (servers, security, APIs, etc.) we can drive the third party prices down to more reasonable levels for a wider market.

Perfectly Apple

This sounds perfectly Apple to me. The hints have been there for years. The market is very large. The platform is already in place with the up-front costs largely already behind us. Third parties and customers both need a stable and universal platform to enable the "smart home" dream, and that's been really hard for any one company to provide. Apple is positioned perfectly, their reputation for respecting user privacy is in place, their reputation for stability and ease of use is strong. I'd be more surprised if this doesn't happen than if it does. 

As an aside, the connected home dream is largely why Google purchased Nest. I expect to see offerings from them very soon as well, much sooner if Apple announces theirs next week. It'll be interesting to see how the two approaches to solving this sell and grow.