1. Secret Logo
  2. Blog

Tip Tuesday #5 – Unlocking your secrets

Any good security solution should be adjustable to underlying risks. That's why Secrets is very flexible when it comes to unlocking your data. Discover the available options and their differences.

If you want to follow along be sure to subscribe on YouTube.

Welcome to another Tip Tuesday. On this episode, we'll be exploring the different ways you can use to unlock Secrets and how you might choose the one that's right for you. I believe every security solution should be as seamless as possible, but different risks require different security measures. So any good solution should be adjustable. That's why you can unlock Secrets in many different ways, using Touch ID, Face ID, Passcode, Passphrase, or even with your Apple Watch. Not only that, but you can use a different method for each of your devices. This is important because each device carries a different risk. Compare your desktop Mac that always stays at home versus your iPhone that you carry everywhere with you. You are much more likely to lose your iPhone or have someone get a glimpse of your passcode or passphrase by shoulder surfing. Or you might have a shared iPad that's used by everyone around your house and its passcode is common knowledge. Allowing that passcode to unlock Secrets is probably not a good idea. So when it comes to unlock methods, what are your choices? Well, it depends on your device. For example, I can unlock this iPad. with passcode, face ID, passphrase, or with a combination of these. If you have a MacBook with Touch ID and an Apple Watch, your options will be Touch ID, Passphrase, Passphrase or Touch ID, Passphrase and Touch ID, Passphrase or Apple Watch, Passphrase, Touch ID or Apple Watch. Let's focus on the last four, the ones where you have more than one method. These three are the most flexible. Either method will be able to unlock Secrets by itself. For example, if you choose Passphrase or Apple Watch, you'll still be able to unlock Secrets using your Passphrase even when you don't have your Apple Watch with you. If you choose Passphrase or Touch ID and you use your MacBook with the lid closed, with an external display and keyboard, you'll still be able to use your Passphrase Even though the Touch ID sensor is unreachable. But the more interesting and the most secure option is passphrase and Touch ID. This is a form of multi factor authentication. You need both your passphrase, something you know, and your fingerprint, something you are, to unlock Secrets. In the end, it's up to you to choose which method is right for each of your devices. You might just use Touch ID for the Mac you have at home. Or choose any of the multifactor options for your iPhone. No matter what you choose, make sure you have set up a recovery key or a paper device in case you burn your finger or you drop your iPhone and the face ID sensor malfunctions. Finally, and speaking of multifactor, there's one more thing I'd like to mention that answers a question I get from time to time, can you use a hardware security key such as a YubiKey with secrets? The answer is yes, but probably not in the way you're expecting. YubiKeys are commonly used as a second factor in performing a multi factor authentication with an online service. But Secrets is not an online service. Your secrets are already stored and encrypted on your device. You're not authenticating with Secrets. You're actually unlocking the key that decrypts your data. So many of YubiKey's features, like the one time password, Do not apply here. One feature of the YubiKey you can use with Secrets today is the static password. With this feature, you can have your key input a long random password on any text field on your Mac, including the text field you use to unlock Secrets. So, if you don't have a Mac with Touch ID, you can still use one of these to have a form of multifactor unlock with Secrets. Here's how you set that up. First, make sure your YubiKey is set to output a static password when you tap its button. You can do that with YubiKey Manager software. Simply configure either the short touch or the long touch to output a static password. Now open Secrets and set the unlock method to Passphrase. For your passphrase you'll enter something you know such as a pin or a small password. And then tap on the YubiKey's button to have it input the static password, which is something you have. To unlock secrets, you just repeat this process. That's it for this tip. Thanks for watching.