Private I: Knock twice to see the future of the Apple Watch as a security device

The Knock app was always a simple and nifty idea. Install a bit of software on your Mac and then purchase the company's $5 iOS app. Using Bluetooth 4.0 to communicate, whenever your Mac was manually locked or via a timed setting, you can launch the Knock app or swipe a notification, and then knock twice on the screen.

While Knock isn't a two-factor security system as such, it relies on the notion that if you're the sort of person who locks a Mac, you're also likely to lock your iOS devices and carry them with you when you're away. Thus, the odds would be pretty low that someone could gain physical access to your iPad or iPhone and be able to unlock it to then use Knock to unlock a Mac in a cascading security failure. Further, because it requires Bluetooth, not an Internet connection, you have to be close to the Mac while using the associated iOS device.

The app also lets you lock your Mac with a tap in the iOS app, increasing the likelihood that you'll keep your computer locked down. Knock can also be set to use Touch ID on devices that support that feature, which shifts access to a biometric factor, requiring both the hardware and a finger. (Why lock your Mac? If you're concerned about theft or snooping roommates, or you're a parent who doesn't want a child to have unfettered access--or vice-versa!)

Knock's latest move is to extend itself to the Apple Watch, where it's a natural fit. And it's one of several apps related to security and access that were immediately available after the Watch's launch. This category of apps reveals more of the potential of what the Watch can offer as a hub of your identity.

Because the Watch locks when it senses it's been removed from your skin, it provides effective security whenever you aren't wearing it or if it were literally ripped off your wrist or otherwise stolen. (Touch ID offers the same sort of protection whenever an iOS device is put on standby or goes to sleep.)

Who's there?

Knock's Watch support comes in the form of notifications, a glance, and an app. (Knock currently only supports a one-to-one connection for a Mac and an iOS device.) When a Mac is locked, your associated iOS device and Watch can receive a notification. On the Watch, tapping the notification launches the app, while the glance shows the status and likewise when tapped launches the app. The app shows your Mac's current status and lets you lock or unlock with a tap.

Knock Software notes that it's having some trouble initially getting a consistent display across all three Watch appearances, which I've seen, and which is happening to other developers as well. Force-quitting the iOS app and relaunching it solved this problem for me.

Even before HomeKit has launched, where the Watch is expected to play a key element as a personal identifier, Knock shows some of the power of using a device that's easily available and for which a click or a quick look suffices.

Authy and 1Password also have Watch apps, and these prove similarly useful. 1Password lets you select which passwords and other items to display on the Watch, because having everything available wouldn't be sensible. You can see this problem clearly in Apple's Messages Watch app, where you have to scroll through what can be a lengthy list to pick a recipient. (Tip: Try using the Digital Crown to scroll instead of your finger.)

The Authy ecosystem manages time-based one-time passwords (TOTPs) used by Dropbox, Google, and others (but not Apple, which uses one-time messaging codes). These can be pulled up from the Watch app, which is actually quicker and simpler than using the full iOS version. Having a six-digit or similar code on your wrist displayed in large type makes it a snap to enter via a keyboard. In fact, I wouldn't mind a login option that let me choose to tap my wrist or even enter a tap pattern on the Watch to "release" a one-time code to a website or other login.

Pushing security options to a Watch that are simpler to engage because of a different basis of trust on a wearable and the necessity of stripping something down for Apple's requirements and the limits of the interface makes it more likely that you (clearly, a sophisticated user) and others (who may lack the specific interest in security and privacy) will turn on options for protection.

HomeKit will extend this by letting developers not have to build the infrastructure for straightforward scenarios that tie in location, proximity, and identity. Imagine driving up to your house and feeling a Watch tap with a notification, based on GPS. For an extra measure, the disabling function might only work when you're close enough that a Bluetooth handshake happens with the security system. And a force press could trigger a 911 call if you notice something awry.

The iCam app has already been updated with Watch support to allow seeing brief bits of recent events recorded on security or motion-sensing cameras. If you're like me, you often miss notifications on your phone. For categories like this, I'd like my Watch to bug me and I'd pay attention.

While I've been a Watch skeptic in my early days, as developers haven't had enough time to work with the hardware yet and many functions remain poky or require handholding, these sorts of cases are encouraging. They move the Watch closer to being a personal key to our stuff instead of another device demanding attention.

Join the CSO newsletter!

Error: Please check your email address.

Tags 2FA1PasswordsecurityauthenticationKnoApple watchsecurity software

More about AppleCrownDropboxGoogle

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Glenn Fleishman

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place