Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Wearable security: Two-factor authentication apps for Apple Watch

Glenn Fleishman | June 2, 2015
Early extensions of iPhone apps for varying forms of authentication find a useful home as Watch apps.

knock apple watch primary

The Apple Watch could become our central hub in a wheel of identity, in which all spokes rotate around our wrist. Some early Watch apps already have a high degree of utility. But we're only scratching the surface of what's to come.

In this roundup, we look at six apps that offer varying forms of authentication on the Watch. Three allow a tap on the Watch to unlock something: an account, a login, a computer, or more. The other three handle the most common form of app-generated second-factor authentication codes.

Speak, Friend, and enter

As a highly personal device, the Watch should let you chain its security with that of your phone: the default configuration locks a Watch when it's removed from your wrist, and unlocks it when your phone is unlocked. To use these apps, you'll always have to have your phone with you, and you'll have to unlock one or both devices to use them.

That combination means that a tap on a Watch can be as secure as enter a passcode or using Touch ID by inference. I wouldn't gamble nuclear security on it, but for unlocking the right set of resources, it's a powerful but reasonable shortcut.


Knock ($5) is a very simple app with a very simple purpose that it accomplishes admirably on a phone and on the Watch. The iOS app pairs with an OS X app. Once installed and set up, you can unlock your Mac by knocking twice on your phone when you're nearby. Good enough.

With the Watch app for Knock, whenever you jiggle the mouse, swipe the trackpad, or tap a key to wake the login screen, a notification appears on your Watch as well as in iOS. Tap Unlock, and, voilà, your Mac is available. The current version only pairs with one Mac, and it's more parlor trick than absolutely useful. But after installing it, I find myself using it every single morning to unlock my desktop computer rather than type in a password.


oneID (free) takes a little getting used to, because although it seems to have much in common with software like 1Password (see below) and LastPass, it's instead a web-site login capture system. As with many newer apps, it has a strong, single focus. After installing the OS X app, whenever you log into a website in Chrome and Firefox (Safari should be coming), oneID captures the login information.

You can configure through a web dashboard or via an iOS app whether replaying that login on a subsequent visit requires approval from a phone or with a PIN. If you check Require Phone, then the next time you visit a site for a login that's been captured in oneID, a phone overlay will appear in the upper right of the browser, and your phone and Watch will receive a notification. You can then tap Confirm (or Reject or Dismiss).


1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.