Touch ID - Lack of integration

Discussion in 'MacBook Pro' started by CalandUK, Nov 24, 2016.

  1. CalandUK macrumors newbie

    Joined:
    Nov 19, 2016
    #1
    I love my new MBP 13" but it seems that Apple really screwed up by not releasing Sierra with full support for the Touch ID. Other than logging in and Apple Pay the Touch ID has almost zero integration.

    I can't be the only one to have this opinion, so if there are other posts on the matter then please feel free to delete this one.
     
  2. Brookzy macrumors 601

    Brookzy

    Joined:
    May 30, 2010
    Location:
    UK
    #2
    It's integrated everywhere it can be in Apple's software - for example throughout System Preferences, in Notes (for locked/secure notes), for iTunes and the Mac App Store, for Keychain Access.

    For third party apps to use Touch ID, that is down to the creator of the app. Some apps with proactive developers have already updated for Touch ID such as 1Password. This will improve over time. :)
     
  3. Jaekae macrumors 6502a

    Joined:
    Dec 4, 2012
    #3
    Its developers that need to add it, 1password got it already so you can login on all websites with the finger for example
     
  4. ejl371 macrumors newbie

    Joined:
    Nov 24, 2016
    #4
    This is the same way iPhone was when touchID first came out. Now almost every app uses it. Patience my friend.
     
  5. CalandUK thread starter macrumors newbie

    Joined:
    Nov 19, 2016
    #5
    I'm not worried about 3rd party apps, they'll catch up if they decide its worth while.

    I mean integration into the OS itself. e.g. every time an 'admin' change is required, i.e. anything that requires unlocking the padlock. Plus what about iTunes and App Store account logins? They are a pain.

    It just seems that the Touch ID is almost never used as far as Sierra itself is concerned.
     
  6. Brookzy macrumors 601

    Brookzy

    Joined:
    May 30, 2010
    Location:
    UK
    #6
    It is used for the iTunes Store and Mac App Store.

    The only time Touch ID isn't used in Apple's own software is:
    • The first login after a reboot, so as to protect your fingerprint data from hacking (logging in unlocks the Secure Enclave).
    • When accessing any part of the System Preferences that impacts upon security and privacy settings.
    The reason for this is the security hierarchy is first (and most important) your password, and second your fingerprint.

    It has to be this way, otherwise what happens if your Touch ID sensor breaks? Or you cut your finger? You'd be locked out of your own computer.

    So, anything that deals with a higher tier of security than Touch ID (this broadly can be defined as any part of the system that has the authority to add, remove, or change your Touch ID settings, for example the Touch ID pane and Security & Privacy pane in System Preferences) must have your password - the highest security clearance - to be altered.

    These are the only exception that I've discovered. Everything else in macOS you can use your fingerprint for.
     
  7. Ma2k5 macrumors 6502a

    Ma2k5

    Joined:
    Dec 21, 2012
    #7

    I think it should be fingerprint first - even if fingerprint sensor stops working, you always usually get option to use password afterwards anyway (at least on my iPhone).

    Not sure why password is ever seen as more secure than fingerprint, things like requiring it after reboot baffles me.
     
  8. Brookzy macrumors 601

    Brookzy

    Joined:
    May 30, 2010
    Location:
    UK
    #8
    If your password is able to be a backup to a failed fingerprint then it is by definition higher in the hierarchy than a fingerprint and thus today's implementation would still have to happen!

    If you did not need a passcode after a reboot the secure enclave would be permantly unlocked. These are very important issues relating to security and privacy which I am very grateful to Apple for taking seriously.
     
  9. ejl371 macrumors newbie

    Joined:
    Nov 24, 2016
    #9

    It is a security measure. You can easily fake a fingerprint given enough time. Look around on Youtube for plenty of videos of people defeating fingerprint sensors. Fingerprint unlocking is a convenience, not security.
     
  10. Ma2k5 macrumors 6502a

    Ma2k5

    Joined:
    Dec 21, 2012
    #10
    You know what's easier than faking a fingerprint? Stealing/brute forcing passwords.
     
  11. Brookzy macrumors 601

    Brookzy

    Joined:
    May 30, 2010
    Location:
    UK
    #11
    Not when you can only try ten times with exponentially longer lock-down periods after that. If you look at the articles surrounding the FBI iPhone controversy all these questions are answered.
     
  12. chabig macrumors 68040

    Joined:
    Sep 6, 2002
    #12
    That's because the TouchID data is stored encrypted in a secure enclave. After a reboot your password is required to decrypt the fingerprint data.
     
  13. CalandUK thread starter macrumors newbie

    Joined:
    Nov 19, 2016
    #13
    I understand about 'security' but not at the expense of user experience. Touch ID and password shouldn't be mutually exclusive, they should work together. If the finger print sensor fails then use a password.

    To me its 'clunky' and inelegant and not a good user experience at all.

    If security is that important then at least have the option of 'opting out' of that level of security in order to make the user's experience better.

    I was expecting more I'm afraid. Not that I've lost anything, I didn't have it before, but I had hoped I'd have it now.

    However, iTunes is still a pain, purchases are fine with the Touch ID, but accessing the backend account of iTunes and app store etc are still iCloud password based, but I acknowledge that this is the same issues as system security as above.

    My MBP is great, Touch ID not so much. That said the touch id is super fast, far more impressive than I expected.
     
  14. Ma2k5 macrumors 6502a

    Ma2k5

    Joined:
    Dec 21, 2012
    #14
    I mean passwords in general, websites, apps and what not - hence the huge push for 2 factor auth, which adds a physical layer to your password. Again it's not full proof, but I didn't say touchID was either, I just think in life generally, my account getting compromised is far greater via passwords compared to my fingerprint being compromised.
    --- Post Merged, Nov 24, 2016 ---
    From what I understood, no one can access that data, regardless of whether I lock or unlock using password? Can someone confirm.
     
  15. chabig macrumors 68040

    Joined:
    Sep 6, 2002
    #15
    They aren't mutually exclusive. You always have the option to use either one, except after boot, for the reason I explained.
    You are never required to use TouchID. You can 'opt out' by not registering any fingerprints.
    --- Post Merged, Nov 24, 2016 ---
    I believe you are correct. The operating system presents a fingerprint to the secure enclave and it reports a match or not. That's it. The fingerprint data is locked inside. The password after boot unlocks the secure enclave.
     
  16. Ma2k5 macrumors 6502a

    Ma2k5

    Joined:
    Dec 21, 2012
    #16
    I should also add, touchID protects you against distance hacks (which probably make up 99% of all compromises) - while some guy in China might be able to compromise a site or your password using various means, he will have no way to get your fingerprint from China.

    Physical aspect of protection is huge which is why 2 factor auth, basically adding a physical device that needs to be used, is so secure.

    (No offence to Chinese, used random example)
     
  17. powertoold macrumors 6502

    Joined:
    Sep 8, 2014
    #17
    If you're sleeping on your bed, your partner can use your finger to unlock everything!

    That's why the password is prompted from time to time.
     
  18. CalandUK thread starter macrumors newbie

    Joined:
    Nov 19, 2016
    #18
    The point of my topic was to USE the Touch ID, not eliminate the use of it. Thus, you cannot ALWAYS choose which method you use i.e. password OR Touch ID, indeed if that were the case then my topic would have been very misguided.

    I wanted to be able to use Touch ID to replace the need for typing passwords, that's unfortunately not possible and Brookzy's posts explain the reasons why. However, I WANT a better user experience at the cost of security, if indeed there needs to be a compromise.

    No matter, its doesn't exist now, so I don't have it, tough poo poo to me.
     
  19. Brookzy macrumors 601

    Brookzy

    Joined:
    May 30, 2010
    Location:
    UK
    #19
    The issues here are extremely complex to the extent that the Supreme Court of the US nearly ruled on it. Just remember that Apple is the user experience company. If they are worsening user experience it will have to be for a damn good reason. The present security paradigm is the best they can do for the user experience at the moment whilst maintaining security.
     
  20. Ma2k5 macrumors 6502a

    Ma2k5

    Joined:
    Dec 21, 2012
    #20
    Your partner can also guess your password, use a key logger, peek and watch you enter password, record you entering password and many other things if they really wanted to hack ya ;). I have, ashamedly, done similar tricks in my younger days.
     
  21. CalandUK thread starter macrumors newbie

    Joined:
    Nov 19, 2016
    #21
    Just to simplify my position.

    I want to use my master admin password once, when logging in. Then everything else 'system' based to be Touch ID based, after all, I've already gained access as admin so it seems unnecessary to have to re-confim my admin access with a password every time.

    All previous posts fully acknowledged as to the validity of the stated arguments, BUT, I still think its a poor user experience not to use the system as I want and describe above.

    Enough already, topic dead, cheers.
     
  22. TheBacklash macrumors 6502

    TheBacklash

    Joined:
    Oct 23, 2013
    #22
    you know one thing that I like the ease of, but also can see the huge potential security problem with?

    Unlock with Apple Watch.

    All I have to be is on the same wifi network (from what i've seen) Someone I do NOT want to be on my mac can unlock it using my watch on my wrist.. Sure I have the notification... If I don't assume it's email etc and look at my watch right then. Easy to be distracted, "hey i'm sending you a few emails about whatever, no hurry so ignore them till later" you start getting notifications and ignore them "knowing" what they are.. and will deal with them later on your iPhone/mac.

    Meanwhile someone is on your mac.

    Nice feature that lessons your need to type in a password... but also can be easily exploited. What if you are in a meeting without your mac, and you see the notification... you can't get away, you have no clue who it is... but you know someone has full access to your mac. There is no "lock my mac" or "deny" option when the notification pops up on the watch..
     
  23. Brookzy macrumors 601

    Brookzy

    Joined:
    May 30, 2010
    Location:
    UK
    #23
    You have to be within about three feet, and it's done over Bluetooth. Some really advanced time-of-flight technology measures how far away your Watch is by calculating the latency of the connection. This also stops the style of attack of someone using a Bluetooth extender. Craig Federighi discusses this with John Gruber in The Talk Show filmed live at WWDC. They've thought this stuff through... :p
     
  24. TheBacklash macrumors 6502

    TheBacklash

    Joined:
    Oct 23, 2013
    #24
    it's asked again because your mac has NO CLUE if you are actually in front of the mac. you log in sure, but did you run to the bathroom? forgot to hit the screensaver to lock your mac?
    Touch ID is nice, but it's not meant to replace every aspect of the security of your system.
    --- Post Merged, Nov 24, 2016 ---
    I was 10 feet away and it unlock for my mom.
     
  25. Brookzy macrumors 601

    Brookzy

    Joined:
    May 30, 2010
    Location:
    UK
    #25
    I set myself up for that one... close is the point. You can't be in another room.
     

Share This Page