When Tim Cook took the stage back in September to announce the next generation of Apple hardware, and that there was already an SDK for it, we were incredibly excited (and that’s putting it mildly!)
I believe our reaction was something akin to:
“We can make a 1Password app for Apple Watch!”
“What would a 1Password app for Apple Watch do?”
Day 0: the idea phase
We tossed a number of ideas around that first day, but the one we kept coming back to was our new (at the time) support for one-time passwords in 1Password for iOS.
One-time passwords seemed like a perfect fit for Apple Watch. They are a fixed length of 6 characters, so fitting them on the Apple Watch’s screen would be simple. They are refreshed every 30 seconds, so they could be stored and displayed without the need for authentication each time.
Also, they fit perfectly into the use case of logging into a site on your computer, and then looking to your wrist for the second factor verification.
So, we were decided, one-time passwords it was!
Day 23: build/design phase, part 1
1Password for Apple Watch was a simple three screen app in its infancy. There was one screen for the scenario of “no data”, one screen to list the items that included one-time passwords, and one screen to show the selected item’s one-time password.
A crucial part of the design was that we didn’t want you to have to enter your Master Password anywhere to access the information on Apple Watch. The usefulness of having your 1Password data on your wrist went way down if you needed to pull your phone out of your pocket to access it.
Apple Watch apps are an interesting animal in that very little code actually runs on Apple Watch itself. Instead, each Apple Watch app is comprised of two parts: the visual “shell” that runs on Apple Watch, and an app extension that runs on the phone. The app on Apple Watch talks to the app extension over Bluetooth to get its data and respond to user interactions.
- Information about the tap is sent via Bluetooth to the 1Password Watch Extension (running silently in the background on your iPhone).
- The 1Password Watch Extension determines which digit was tapped and adds it to any digits tapped before.
- The extension then tells the Apple Watch app to update the PIN length indicator at the bottom of the screen, which requires another transfer of information over Bluetooth.
- If the tapped digit is the fourth in a series the 1Password Watch Extension checks to see if it is the correct PIN code, and if so tells the watch app to display the list of items, which requires yet another trip over Bluetooth.
As you can see, even a simple interaction with an app on Apple Watch can create a lot of Bluetooth traffic back and forth between Apple Watch and iPhone.
Day 45: fine-tuning
Once we had a baseline set of requirements and user interface designs we started to work out how to get the one-time password data to 1Password for Apple Watch.
Because we weren’t going to require your Master Password to access your data we precluded ourselves from being able to decrypt your 1Password vault, meaning we needed a place to store the one-time password secrets for use by 1Password for Apple Watch. We decided to utilize the iOS keychain as a secure storage location that wouldn’t require decryption each time we wanted to use it.
Of course this decision came with its own set of challenges, namely that we were going outside of the 1Password ecosystem to store secure data. Because of this fact we knew we had to ramp up our customer education efforts about this new feature and make sure that it was opt-in only.
We added what we called a “keychain maintainer” to the main 1Password app that would listen for changes in the 1Password database, determine if those changes were one-time password-related, and update the iOS keychain accordingly. The keychain maintainer worked out really well as it handled changes that were made by our sync system as well as any changes made to an item by a person manually.
With the keychain successfully populated with data all we needed to do was load this data in the 1Password Watch Extension and use it to populate the list of items. We finished up the implementation of the three screens and 1Password for Apple Watch was done…or so we thought.
Day 97: 1Password for Apple Watch v1 debut …
At this point we were quite happy with ourselves. 1Password for Apple Watch was complete months before Apple’s launch date of late April. We began to show it off to friends and industry acquaintances to get their reactions. Some of them thought it was very cool that they’d have access to their one-time passwords on their wrist, but many more of them weren’t exactly over the moon about it, and some had to be educated about one-time passwords before they understood exactly what it was we were offering.
It all came to a head when we were on a business trip and in a meeting with a handful of individuals whose opinions we really respect. With our usual gusto we showed off 1Password for Apple Watch and…it fell flat. Out of the five people in the room with us, only one person was genuinely excited about. They say two outta three ain’t bad. No one ever says anything about one outta five.
We knew we needed to do more.
So we went back to the drawing board: beyond one-time passwords, what kind of information would be useful to have on your wrist? We started to brainstorm ideas and realized there was a whole class of secure information that could be stored in 1Password that we weren’t leveraging: all kinds of small pieces of secure information that you need throughout the day.
We started to work up some use cases. Gym locker combination? Check. Garage door code? Check. Would it be useful to see your credit card info while placing an order over the phone? Yep. We discovered all sorts of situations where it might not be convenient to pull your phone out of your pocket, unlock it, open 1Password, unlock 1Password, and search your vault for the data you needed. Apple Watch, however, was the perfect place for this kind of information. App interactions are incredibly short and perfect for the things you need on the go: you get in, get your data, and get out.
Day 98: the re-build phase
With this new vision for 1Password for Apple Watch we began to rework both the user interface and the code.
Because we were expanding beyond one-time passwords we no longer wanted 1Password for Apple Watch populated with a whole set of information automatically. Everything that appeared on your wrist needed to be there because you put it there. A button was added to the bottom of the item detail screen that allows you to add/remove an item to/from your Apple Watch. This button ended up being a shortcut for adding a new “Apple Watch” tag to the current item. The cool thing about this approach is that you can manage your Apple Watch items not only on your phone, but also on any of your other devices or computers simply by adding the “Apple Watch” tag and syncing the changes over.
Our keychain maintainer evolved beyond looking for one-time passwords to looking for items tagged with “Apple Watch” instead. We added an extra set of attributes (encrypted with the 1Password Apple Watch PIN code) to our keychain entries to handle the extra data for logins, passwords, secure notes, and credit cards.
In 1Password for Apple Watch itself we ended up adding four new screens to support the new item types in addition to the original one-time password screen. When Apple Watch shipped at the end of April our app’s design looked like so:
I hope you’ve enjoyed this little glimpse into the process behind 1Password for Apple Watch. If you have any questions please leave them in the comments below, I’d love to talk some more about our process here. For some further reading I’d recommend our excellent Apple Watch User Guide and our Apple Watch Security Guide.