Category Archives: Conferences

[kcdc 2025] designing for behavioral change – the science behind habit-forming products

Posted on by
Reply

Speaker: Preston Chandler

For more see the table of contents

General

  • Why do some products become second nature while others are forgotten – valuable, fun, etc

Habit Loop

  • Cue -> Response -> Reward
  • If you put a golf ball near a nest, a goose will pull it into nest. Maximizes number of chicks from when egg rolls out of nest

Hook Model

  • Trigger -> Action -> Variable reward -> investment
  • Investment can be effort/time/money
  • Consultants expensive. If free, wouldn’t care about. “That was just $100 of advice”
  • Variable rewards are more appealing than predictable ones. ex: gambling
  • Some things need to be predictable – ex: excel formula

B=MAP

  • behavior = motivation * ability * prompt
  • Cathedral in Milan – had to sign up for entry with a QR code. Prompt was QR code. Motivated to get in. Couldn’t get website to work after 20-30 minutes

Effort vs Reward

  • Amazon – easy – buy now button, reward by getting stuff faster, microtransactions, made easy for you to give them money.
  • Tiktok – easy – just scroll down and get gratification. Variable reward; not every video good. Also dark pattern.
  • US Treasury – hard. Keyboard where click each letter and not in order. Changed since
  • hard website – abandon
  • AT&T – expensive. Negative reward compared to others. 8 hours to leave service. Multiple calls to customer service. People will never go back if left dissatisfied
  • Rewards – money, time, scrolling motivation
  • Checklists motivate most people, satisfaction of moving as done
  • Line of sight goals are motivating. Ex: daily goals, gold coins
  • Different people motivated by different things

Dark Patterns

  • Sign up for newsletter and get 30% in
  • Confusing radio buttons on whether to opt in
  • Link with very little contrast to background so can barely see
  • Company and user incentives not aligned

Voice Assistant

  • Use for music, timer, shopping
  • Sticky because personalizable to you

DuoLingo

  • Motivated to keep streak alive. Child said didn’t have enough time to finish homework. Said ok because went zoo. But wanted to keep streak
  • Easy to pick up, don’t need a lot of time
  • Bird will look angry and shame you – dark pattern
  • Constantly upselling – dark pattern

Exercise

  • For trigger clarity, action simplicity, reward value and investment payoff, think about obstacle today and how make better

Other

  • Behavior is deisgnable – ex: clear trigger, low effort
  • Ethics = engagement + trust
  • Small changes can have a big impact. If hose squished, have a constraint and hardly any water goes though. Must fix that to improve

Playbook

  • Identify internal/external triggers
  • Minimize friction, simplify first action
  • Offer variable rewards tied to meaning
  • Encourage invementment, effort builds attachment
  • Align outcomes with user values

Creativity

  • Chore Kanban
  • Have ChatGPT make budget a Shakespearean sonnet

My take

Great examples to understand ideas. Fun examples

[kcdc 2025] Passkeys: The end of Passwords and the Future of Authentication

Posted on by
Reply

Speaker: Mateusz Zajac

For more see the table of contents

General

  • Don’t need complex passwords
  • Phishing proof
  • Public key crypto _ biometrics
  • One tap sign in
  • Secure
  • Fewer breaches
  • Simpler flows
  • Lower support costs – fewer password resets/tickets
  • Lower fraud – starting to move to customer facing apps like travel. Not just finance
  • 1 billion people use daily

Problems with passwords

  • Easy to guess/steal
  • Phishing
  • Credential stuffing – if one account falls, others follow
  • Server breaches. Most common attack
  • Users have to keep track

Passwords vs Passkeys

  • Passkeys auto generates. Passwords type twice.
  • Passkeys can use face id
  • Passkeys don’t require reset. Password reset flow has many steps. Including memorable but different than last batch of passwords. 57% users forgot password after reseting. 30-40% help desk calls password reset related
  • 81% breaches involve compromised credentials
  • 51% of people reuse password
  • 2.5 million passwords stolen each week
  • Passkeys synced via iCloud
  • 92% users give up and don’t try to reset
  • 400 million google accounts use

2FA

  • SMS phishable
  • Push fatigue where keep getting notification until give in and click

Passkey

  • Pair of keys
  • Private key on your device
  • Private key kept safe
  • Phone creates a sharing key
  • Website sends challenge need secret key to solve
  • Use face id and solves
  • Sign ins are four times faster than passwords

Amazon login example

  • One time setup – your device creates a private/public key pair. Amazon stores public key
  • When try to login, Amazon sends a cryptographic challenge. This avoids replay attacks.
  • Your phone uses Face ID to confirm it is you. Then phone has private key sign the challenge and sends to Amazon. Amazon authenticates

Phishing prevention

  • Scammer tries with fake sight
  • Your phone refuses to sign because domain is wrong

iOS Code

  • WebAuthn
  • FIDO2 – gets url, challenge size, etc

Cross Device Sign in

  • Websitte generates QR code
  • Scan with phone. Uses bluetooth to verify physical proximity
  • Single use
  • Expires quickly
  • Private key never leaves device
  • Useful if want to log in from someone else’s computer

Challenge

  • If lose phone
  • Cross platform sync
  • Inconsistent browser support
  • Human factors – trust, education

Good references

  • w3c.org/TR/webauthn
  • fidoalliance.org
  • developer.apple.com/passkeys
  • etc

Informal Q&A

  • Two people had facial recognition not work
  • External device

My take

Great comparison and great statistics.

[kcdc 2025] The Amazing Features of Modern Java

Posted on by
Reply

Speaker: Venkat Subramaniam

For more see the table of contents

Switch

  • Showed switch with break missing
  • Turned it into a switch expression by changing the code in place.
  • Emphasized code more concise and not writing extra break
  • Can match multiple values
  • Can add {} and multiple lines of code with yield. Not recommended. [so glad he said not recommended}.
  • If use return instead of yield, compiler tells you what is wrong “attempt to return out of a switch expression” instead of what to do. [fun analogy about inlaws telling you what is wrong]

[i had more notes than this – record and sealed classes – i messed up saving]

My take

I missed some of this because I was getting ready for my session immediately after this. I’ve seen Venkat speak many times and am familiar with the content. I came mainly because Venkat is an amazing speaker and has great energy.