Secret Chest works by placing a shard of each secret (password, note, file, key, token, passkey, etc) on each device. Each shard is secured by a key that is unlocked via the biometric sensor on each device (the Secure Enclave or TPM chip). However, shards you choose to escrow to our cloud don't have the same protections.
Turns out that a password will unlock a keychain in the event that a biometric check fails on a Mac, or a pin on iOS. Also turns out that the pin code logic built into iOS all these years is a brilliant design pattern to apply to a second factor that can unlock a shard (and remember it's just one of potentially many shards) on our cloud service. So we might as well just crib that logic.
Apple's pin code logic is a complex system that is designed to protect users' devices and data. The system uses a variety of factors to determine whether or not a pin code is valid, including the length of the pin, the type of characters used, and the number of times the pin has been used before.
One of the most important factors in Apple's pin code logic is the length of the pin. Apple recommends that users create a pin code that is at least six characters long. This makes it more difficult for attackers to guess the pin code by brute force. Another important factor in Apple's pin code logic is the type of characters used. Apple recommends that users use a mix of numbers, letters, and symbols in their pin code. This makes it even more difficult for attackers to guess the pin code.
Finally, Apple's pin code logic also takes into account the number of times the pin code has been used before. If a pin code has been used many times, it is more likely to be compromised. For this reason, Apple recommends that users change their pin code regularly. We support Apple Watch and there's no real biometric check for Apple Watch. Futher, the watch doesn't have its own Secure Enclave/TPM. This means it exchanges information to the phone through Keychain and any authentication flows and data flows then go through that. So a pin enables us to have a factor on a device that's able to do a basic (albeit secure) CuRL to our web service, but we needed a secret to make it work.
Apple understands how users interact with devices as well as anyone, so we stole theirs. Apple's pin code logic is a complex system that is designed to protect users' devices and data. By following Apple's recommendations, users can create a pin code that is difficult for attackers to guess. In addition to the above, here are some other things to keep in mind when creating a pin code (on Apple devices and our cloud service):
Avoid using personal information in your pin code, such as your birthday, address, or phone number.
Do not use the same pin code for multiple devices or accounts.
If you are using a shared device, such as a work computer, create a separate pin code for your personal use.
If you think your pin code may have been compromised, change it immediately.
Keep in mind, it's a pin and a username and password to unlock one shard. The other shards are still protected behind biometric sensors on their devices. But if you're at the grocery store and need to re-authenticate to your app to pay, you might not want to go home and grab a device with a biometric sensor to do so. Thus, unlock the password from the phone, get prompted for the pin on the watch and viola, the password is autofilled or displayed. The whole process takes about 2 seconds! Get it wrong too many times, and just like the old ATM days, we might just shred what we have (but you'll thank us for it some day).
Comments