Why we sunset the Okta Verify watch app

In the most recent version of Okta Verify for iOS (8.2), we decided to sunset the companion watch app. This blog aims to explain our thinking and share knowledge.

Watch apps are cool. Pulling out your phone to accept an MFA push notification is not a great experience. Why would anyone sunset such great functionality? In a nutshell, you don’t need a watch app for that, and our users agree.

What did the watch app do?

Okta Verify was once primarily a vehicle for push MFA, with a side job as a one-time code generator. In this context, the watch app was a way to make the user experience a bit better – we could improve the text of notifications and show the list of generated codes even if your phone was hidden in your pocket.

As new features were added to Okta Verify, such as number challenges, we added them to the watch at non-trivial development and complexity cost. 

What the watch app couldn’t do

As we built new features that raised the security bar for MFA in response to more advanced phishing attacks, we ran into issues supporting the watch.

Biometric verification, for example, is impossible on Apple Watch – there are no biometrics – only a passcode with unknown strength. 

Next, we introduced Fastpass, an on-device authentication method to prevent phishing attacks. On-device authentication methods, by definition, can’t depend on a secondary device such as a watch.

Informed by real-world usage data

While the watch app demos very well, very few users interact with it regularly. Even fewer used the flows that required the on-device watch app (as opposed to built-in iOS push mirroring functionality).

Watch app usage

Usage Indicator

User Count

% of Sample

Sample of Okta Verify iOS users on the latest version

2.7M

100%

Expected Apple Watch Attach Rate 

270K

~10%

Users with Okta Verify watch app installed

101K

~3%

Users who interacted with a watch notification

3.6K

~0.1%

Users who executed a yes/no via the app

(not via the notification)

511

~0.02%

Users who executed a number challenge flow via the watch app

23

~0.001%

What we see here is that a majority of users with an Apple Watch never installed the app. Since they don’t need the app to execute basic push flows, why would they?

Focusing Engineering Effort

The code behind watch interactions adds a surprising amount of complexity to our iOS app. It’s like turning your phone into a web server to handle the watch as a client. In this context, we must account for testing multiple devices with various watchOS/iOS version combinations installed.

We have a high bar for quality at Okta – regressions in authentication flows are unacceptable. It’s hard to automate Apple Watch flows, even harder on real hardware. The end result was that we were spending cycles every release to ensure these low usage flows worked properly. This came into conflict with our desire to increase the frequency of releases, which multiplies the cost of the manual testing effort.

Ultimately, we were forced to invest more in the watch app to make it useful in the context of phishing-resistant authentication or abandon it to focus on protecting larger slices of users in more impactful ways. We can best serve users by focusing on the security and usability of Fastpass.

You can still use your Apple Watch with Okta Verify

There is one flow that users use in reasonable numbers: the “Yes, It’s Me” push acceptance flow. This flow still works as it always has, even without a watch app! We believe that ~75% of iOS users with a paired Apple Watch have never installed the watch app, which is why they don’t need it.