Skip to content

Robust Key Management with Multi-Key Registration and WebAuthn

Overview

UnoLock allows one Safe to be opened by multiple registered access keys. Each key can be a passkey, hardware key, phone-based authenticator, or other supported WebAuthn authenticator. This gives users redundancy across devices and also allows multiple people to share the same Safe while each person keeps their own key.

How It Works

  • Multiple Registered Access Keys: A Safe can have more than one registered access key, up to the limits of the user’s tier.
  • WebAuthn Authentication: Each key uses phishing-resistant public-key authentication rather than a shared password.
  • Independent User Keys: Multiple people can access the same Safe with their own keys instead of sharing one credential.
  • Permission Control: Access keys can be granted full Safe administration or narrower rights such as selected Spaces.
  • Key Revocation: Lost or retired keys can be removed without changing every other key on the Safe.

Security Implications

  • No Shared Password Secret: Users do not need to pass around a common login secret to collaborate.
  • Phishing Resistance: WebAuthn reduces exposure to replay, credential stuffing, and fake login pages.
  • Operational Redundancy: Losing one key does not have to mean losing the Safe if other authorized keys remain.

Use Cases

  • Multiple Devices: One person can register a laptop passkey, phone passkey, and hardware key for the same Safe.
  • Family or Team Access: Several people can share one Safe while each retains their own access key.
  • Granular Collaboration: An admin can keep full control while granting another access key limited access to selected Spaces.

Why It Matters

Because UnoLock is cloud-based, the real control point is not the device, it is the access key. Multi-key registration makes that model practical by letting users spread access safely across devices and people without weakening the Safe into a shared-password workflow.

FAQs

What kinds of access keys can I register?

Supported WebAuthn authenticators such as passkeys, hardware keys, and compatible device authenticators.

Can multiple people share the same Safe?

Yes. Each person can have their own access key for the same Safe, with either limited rights or full administration depending on what is granted.

What happens if one access key is lost?

Other authorized keys can still be used, and the lost key can be revoked from the Safe.

Compliance & Privacy Regulations

  • Secure Authentication: WebAuthn-based key registration supports strong authentication without requiring shared passwords.

Integration with Other Features

  • FIDO2 Authentication with WebAuthn: Provides the underlying authentication model.
  • Access Keys, Limited Access, and TimeLock: Explains the difference between key permissions and temporary per-key TimeLock behavior.