Recent years have witnessed a remarkable growth in the number of smart wearable devices. For many of these devices, an important security issue is to establish an authenticated communication channel between legitimate devices to protect the subsequent communications. Due to the wireless nature of the communication and the extreme resource constraints of sensor devices, providing secure, efficient, and user-friendly device pairing is a challenging task. Traditional solutions for device pairing mostly depend on key predistribution, which is unsuitable for wearable devices in many ways. In this article, we design Gait-Key, a shared secret key generation scheme that allows two legitimate devices to establish a common cryptographic key by exploiting users’ walking characteristics (gait). The intuition is that the sensors on different locations on the same body experience similar accelerometer signals when the user is walking. However, one main challenge is that the accelerometer also captures motion signals produced by other body parts (e.g., swinging arms). We address this issue by using the blind source separation technique to extract the informative signal produced by the unique gait patterns. Our experimental results show that Gait-Key can generate a common 128-bit key for two legitimate devices with 98.3% probability. To demonstrate the feasibility, the proposed key generation scheme is implemented on modern smartphones. The evaluation results show that the proposed scheme can run in real time on modern mobile devices and incurs low system overhead.