diff --git a/.env.example b/.env.example
index b76d155..d302927 100644
--- a/.env.example
+++ b/.env.example
@@ -3,3 +3,4 @@ REACT_APP_DEFAULT_GAS_PRICE=0.025
 # Reference: https://github.com/cosmos/cosmos-sdk/issues/16020
 REACT_APP_GAS_ADJUSTMENT=2
 REACT_APP_LACONICD_RPC_URL=https://laconicd-sapo.laconic.com
+REACT_APP_AUTH_SECRET=
diff --git a/src/screens/AutoSignIn.tsx b/src/screens/AutoSignIn.tsx
index f135ead..42b1e32 100644
--- a/src/screens/AutoSignIn.tsx
+++ b/src/screens/AutoSignIn.tsx
@@ -44,7 +44,7 @@ export const AutoSignIn = () => {
         return
       }
 
-      const signature = await signMessage({message: event.data.message, accountId: accountsData[0].index, chainId: event.data.chainId, namespace: EIP155})
+      const signature = await signMessage({ message: event.data.message, accountId: accountsData[0].index, chainId: event.data.chainId, namespace: EIP155 })
 
       sendMessage(event.source as Window, 'SIGN_IN_RESPONSE', { message: event.data.message, signature }, event.origin);
     };
@@ -60,6 +60,12 @@ export const AutoSignIn = () => {
     const getAccountAddress = async (event: MessageEvent) => {
       if (event.data.type !== 'GET_ACCOUNT_ADDRESS') return;
 
+
+      if (event.data.secret !== process.env.REACT_APP_AUTH_SECRET) {
+        console.log('Unauthorized app.');
+        return;
+      }
+
       let accountsData = await getAccountsData(event.data.chainId);
 
       if (accountsData.length === 0) {
@@ -71,7 +77,7 @@ export const AutoSignIn = () => {
       }
 
       if (!accountsData.length) {
-        return
+        return;
       }
 
       sendMessage(event.source as Window, 'ACCOUNT_ADDRESS_RESPONSE', accountsData[0].address, event.origin);
@@ -86,7 +92,6 @@ export const AutoSignIn = () => {
 
   return (
     <>
-    Auto sign in
     </>
   )
 };