top of page
Search

Use Apple Watch With Secret Chest


Secret Chest supports using an Apple Watch as a second factor for authentication. We have two bodies of work planned, of which the first is now shipping in the app. We'll talk about that first.


How Secret Chest Works On Apple Watch Today

The Apple Watch shows up in the app and will prompt for a PIN when a secret is unlocked.


Setup the Web PIN

When you first install Secret Chest, you'll be prompted to setup a PIN. To change that PIN, log into the web page and click the cog wheel button and use the RESET PINCODE button. That button will probably move, but we'll update this article when it does.



Each account needs a PIN and the logic to that is that each time it's accessed, it works like the PIN on the iPhone - after a certain number of incorrect entries, it will require extra time to enter new attempts and then eventually lock the PIN until a voice verification or destruction of assets.

Unlock A Secret

If there's an Apple Watch bound to an iOS device, Secret Chest will automatically detect the presence of the watch and prompt for a PIN when attempting to fetch (or unlock) secrets. To see if there's an Apple Watch accessible from Secret Chest on an iPhone, open Secret Chest and check the list of Nearby Devices, using the Nearby Devices button.



The watch will then prompt to unlock the secret when they're accessed. When it does so, enter the PIN.


Under the hood, if you care, the PIN is sent to unlock a shard from the cloud escrow service and then transmitted in the same way it works between devices. This works great and is secure, but is not all that we wanted to build. Now let's talk about what the second phase of Apple Watch support will look like.


How Secret Chest Will Work In The Future

The first option will always be available: to use a PIN to access a cloud shard. Some Apple Watches also come with its own secure enclave. We'd like to secure a part of each secret (which we call a shard) on the watch itself without that part being exposed unless a second factor is available while not requiring the use of the cloud escrow service at all. We're exploring options to do so with multipeer connectivity and with iCloud Keychain - and hope to have a solution that works sooner rather than later. However, we don't have every programming interface that we need on the watch today. So stay tuned and we'll update this article once we do!

68 views0 comments

Recent Posts

See All

Comments


bottom of page