Multi-peer secrets are those that require at least two parties to unlock access to. Secret Chest creates shards of secrets and stores them on different devices. We can just as easily store shards on devices owned by multiple accounts as those owned by a single user. Therefore, users can store shards on devices owned by two accounts and only unlock a secret if a device from two different users, or peers, is present. The math is hard, but we made the feature simple.
To create a multi-peer secret, open Secret Chest, tap See All, and tap on an existing secret (for more on how to create a secret, see this article).
Next, tap on the ellipse in the upper right corner of the screen and select Share.
At the Share Secret screen, it's possible to share a secret to another user in its entirety, or to share a single shard, and so only a part of the secret. Choosing to do so will remove a shard from the account that shares the secret and make the secret a multi-peer secret. From this moment on, at least two parties will be required to perform a biometric check in order to unlock the secret for use. To create a multi-peer secret, click or tap Create Multi-Peer Secret and then the Continue button.
At the Share Secret screen, enter each email address the secret will be shared to and hit the plus sign button (+) as each is added. If using a company account, users in the company will automatically be populated in the list, so use the checkbox to define each that will get the secret. Further, if policies are configured globally or for the domain, sharing secrets to external users (so those without accounts in the tenant) will be disabled.
Users who have been added will be listed under the Selected Recipients section. Tap the X to remove any that were accidentally added. Once all of the users have been added, tap on the Share button to proceed.
The secret has now been shared. The person receiving the secret will receive a push notification that a secret has been shared to them, unless they have the app open already. Notice in the below screen that there are two types of shared secrets. One is Accepted and the other is multi-peer. Tap the pending Multi-peer secret.
The share will appear, along with the list of devices where a shard can live. The shard will be the same on each device, but encrypted with the Secure Enclave (TPM chip) of that individual device, and so will require a TouchID or FaceID in order to use it to unlock a secret. Check the box for each device that should have a shard and then click or tap on the Launch button.
The multi-peer secret is then automatically created on the device. To access it, tap on it in the list of secrets. The secret will require a biometric check from both parties, so provide that to proceed.
The secret is then displayed. This same flow is also available for multi-peer secrets from autofill dialogs.
Multi-peer secrets can autofill, which means they are in the clear when unlocked. We'd love to some day make this optional, so auto-fill them without allowing a user to see the password, but that would provide a false sense of security, as most web forms will allow a user to view the decrypted objects anyway.