2016 MBP w/ Touch Bar — no Touch ID for admin?

Discussion in 'MacBook Pro' started by jk73, Dec 24, 2016.

  1. jk73 macrumors 6502

    Joined:
    Jul 19, 2012
    #1
    Maybe I'm still following outdated advice, but I always use a non-admin account as my main MBP user account and then have a separate administrator account that's only used for admin purposes — installing apps or updates, changing various preferences, etc.

    Obviously, this requires typing in my admin name and password each time an admin account needs to approve something, which, admittedly, isn't all that often.

    The new MBPs with Touch Bar seemingly could cut down on the typing, since an admin account could (theoretically) authenticate via Touch ID rather than by typing in the admin name and password. However, after a day with my new 2016 MBP, I see this isn't the case — if an admin needs to approve something, the only option is to type in the admin name and password; Touch ID can't be used, even if the admin's fingerprint has been registered. (The Touch Bar shows "Change user"; nothing happens if one tries to authenticate via Touch ID.)

    Does the Touch ID implementation/protocol only allow one user account's fingerprint to be active at a time, or is it possible that Apple will add Touch ID as an option for when an admin's credentials are needed? This seems like an obvious feature, so I'm not sure if it's a limitation of the protocol, or if it just hasn't made it into the OS yet, since only a very small percentage of Mac users have a Touch Bar right now. Thanks.
     
  2. XSharp macrumors newbie

    Joined:
    Nov 24, 2016
    #2
    I have an admin account that uses my index finger for TouchID and my regular user account that uses my middle finger. When logged into regular account and I need to authenticate as admin I just use my index finger. This generally works well for me.
     
  3. SoyCapitanSoyCapitan macrumors 68040

    SoyCapitanSoyCapitan

    Joined:
    Jul 4, 2015
    #3
    Some older apps and utilities need to be updated to call up Touch ID.

    There is always the risk that Simon Phoenix will chop of your hand and use it to log into your computer.
     
  4. XSharp macrumors newbie

    Joined:
    Nov 24, 2016
    #4
    Or secretly film you typing your password. Or put a knife to your throat and kindly request it. I'll keep my TochID.

    Regarding software needing updating, I think TouchID will become quite useful in the next year or two.

     
  5. Jaekae macrumors 6502

    Joined:
    Dec 4, 2012
    #5
    having 2 accounts for that purpose is pointless
     
  6. XSharp macrumors newbie

    Joined:
    Nov 24, 2016
    #6
    Inefficient perhaps, but pointless? I agree that Apple should consider streamlining the procedure to authenticate as admin.
     
  7. jk73 thread starter macrumors 6502

    Joined:
    Jul 19, 2012
    #7
    Thanks to all for the feedback.

    Interesting. I used my index finger for both my main account and the admin account, but the few times I've needed an admin to authenticate something I've done in the OS, Touch ID hasn't been an option.

    Do you say this because of the low risk of Mac OS malware? I've been using a main account plus an admin account for years now; at one point here and elsewhere, it was considered a Mac OS best practice for people to maintain a separate admin account so that nothing vital could be installed, changed, etc., without explicit permission. Thanks.
     
  8. xraydoc macrumors 604

    xraydoc

    Joined:
    Oct 9, 2005
    Location:
    192.168.1.1
    #8
    While still 'best practice', it's definitely on the conservative side. Better safe than sorry I suppose, but there will be some hassles to put up with. I think not having the admin fingerprint available at all times will be one of them.
     
  9. jk73 thread starter macrumors 6502

    Joined:
    Jul 19, 2012
    #9
    OK. The bolded part goes back to my original question: Is there any (known) reason, from an OS or Touch ID security standpoint, an admin's Touch ID can't always be available when a non-admin user account is active? Whenever an admin dialogue box appears, it seems like the Touch ID should also become available, but maybe I'm missing something. One person above claims to be doing this already, but I haven't been able to replicate it myself. Thanks.
     
  10. xraydoc macrumors 604

    xraydoc

    Joined:
    Oct 9, 2005
    Location:
    192.168.1.1
    #10
    I know that other users' fingerprints can be used to engage fast user switching, but I didn't see anywhere where one could be used to authenticate a session while a different one is logged in.

    With that said, even with my admin account, I can't use my fingerprint to authenticate the password request when editing certain admin-protected system preferences. I presume this is either by Apple's design or that some areas of the OS haven't been TouchID optimized. So I don't think it's a problem specific to you.
     
  11. jk73 thread starter macrumors 6502

    Joined:
    Jul 19, 2012
    #11
    The person who left comment #2 above seems to be saying he's able to do what I'd like to do — i.e., use Touch ID to authenticate as an admin while a non-admin user account is active.

    Given that only a tiny percentage of macOS users currently have a Touch Bar, I'm hoping the bolded part is the issue here. Thanks.
     

Share This Page