Device Lock and Witnessing controls
Device Lock and related witnessing controls are used to make witness-based signing workflows stricter and easier to defend.
They are most relevant when the signing process depends on a witness being physically present or when extra identity assurance is needed.
Device Lock
Device Lock forces the signer and their witness to act on the same device within the same session.
This helps when the workflow depends on the witness being physically present at the moment of signing.
Witnessing and extra verification
Witness workflows can be strengthened further with SMS or other two-factor controls. In practice, Device Lock and witness verification are complementary rather than interchangeable.
When to use stricter controls
Use stricter witnessing controls when:
- the document type requires stronger evidence of process
- the workflow depends on in-person witnessing
- the signing policy is designed to reduce delegation or misuse risk
Tradeoff
The stricter the workflow, the less flexible it becomes for recipients. These controls improve assurance, but they also add friction and should be used intentionally.