MBP Fingerprint sensor

[maflynn]

Can someone answer me why the fingerprint sensor doesn't work in all cases. What I mean, is if I restart my Mac, or let me daughter use the laptop and I log back in, I have to type my password and not use the fingerprint sensor. Why bother having a sensor if you're not going to use it as an alternative to typing in a password.

 

[Ifti]

When you restart or log in to your profile you need to enter the password for the first time, after which you should be able to wake the system from sleep using your finger. It has always been this way from what I remember.
Its the same with other devices, such as the iPhone. Upon a restart you need to enter the pin code, after which FaceID or TouchID will take over as the phone wakes from sleep.

 

[maflynn]

When you restart or log in to your profile you need to enter the password for the first time,

That defeats the purpose of a fingerprint sensor.

such as the iPhone. Upon a restart you need to enter the pin code, after which FaceID or TouchID will take over as the phone wakes from sleep.

Yes and again, I don't see how entering a password is more secure then biometrics, Just because the phone does it this way means it's a good idea.

In the windows world, when I turn on my Thinkpad, its camera fires up and logs me in. No need to worry about the password - seems less secure and more work then it ought to

 

[jdb8167]

Can someone answer me why the fingerprint sensor doesn't work in all cases. What I mean, is if I restart my Mac, or let me daughter use the laptop and I log back in, I have to type my password and not use the fingerprint sensor. Why bother having a sensor if you're not going to use it as an alternative to typing in a password.

You can stay logged in while your daughter uses the laptop. You can even set it up to log in to another account via a fingerprint. Don’t shutdown your Mac. Just let it sleep.

Simple solutions.

 

[maflynn]

Simple solutions.

Its a work around not a solution and it doesn't address the fact that using a password is considered more secure then biometics.

What happens is if I'm logged out by my daughter or the system is rebooted, there I am moving my finger over the sensor and its not logging me in.

In the scope of things, its not a huge deal, but it is an area where Apple is strangely inefficient.

 

[jdb8167]

Its a work around not a solution and it doesn't address the fact that using a password is considered more secure then biometics.

What happens is if I'm logged out by my daughter or the system is rebooted, there I am moving my finger over the sensor and its not logging me in.

In the scope of things, its not a huge deal, but it is an area where Apple is strangely inefficient.

Not really a workaround but just how Apple expects you to use the computer. Most people don’t shut down very often as it is mostly unnecessary. I suspect that Apple wants you to type in your password occasionally so it’s not forgotten. If you find that it happens too often, you can change your usage patterns.

 

[maflynn]

you can change your usage patterns.

This is what frustrates me, yes its a small issue, but there are other platforms like windows and Linux that let me work and use the laptop as I want too. For Macs I'm forced to work the way Apple wants me too, they evidently know how I want to work better then me ¯\_(ツ)_/¯. Its a tool and it ought to let me use it the way I think its best.

 

[jdb8167]

This is what frustrates me, yes its a small issue, but there are other platforms like windows and Linux that let me work and use the laptop as I want too. For Macs I'm forced to work the way Apple wants me too, they evidently know how I want to work better then me ¯\_(ツ)_/¯. Its a tool and it ought to let me use it the way I think its best.

Every platform has tradeoffs. With Apple you have to be ok with them being highly opinionated. Work with the tool rather trying to force your specific habits on it and life becomes easier.

 

[maflynn]

At least I got the answer to my question.

Can someone answer me why the fingerprint sensor doesn't work in all cases.

Because Apple made it so on purpose. To put it another way they feel its better to use passwords then biometrics to fully secure a laptop.

 

[jdb8167]

At least I got the answer to my question.

Because Apple made it so on purpose. To put it another way they feel its better to use passwords then biometrics to fully secure a laptop.

Right. Apple sees biometrics as a convenience not an absolute security measure. It allows users to have stronger passwords without inconveniencing them by requiring it to be typed in as often.

 

[okkibs]

That defeats the purpose of a fingerprint sensor.

No, it does not. Most people don't reboot their computer daily. Mine has an uptime of currently over 20 days, likely because that's when the last MacOS update came out that required a reboot. It will still let you unlock with biometrics after locking the screen.

There are two reasons for this behaviour, the first one is that asking for the code from time to time ensures that users don't forget it. I have seen a few situations where people kept using biometrics to unlock and ended up forgetting their code altogether, and lost access to their data when biometrics ended up not working. For this, the OS forces you to enter the code at least once every 7 days, even if no reboot or logout has occured. I too am annoyed by this, but I have forgotten PIN codes in the past and after a couple weeks who knows if I'd still remember it.

The 2nd reason is that the biometric data is actually locked away by the code. So after a reboot your Apple device has no access to the biometric data, if you press your finger on the scanner it can scan your finger, but it has nothing to compare it to. It is unlocked when entering your code for the first time after rebooting.

And it will stay unlocked until one of three conditions are met: You reboot the device again, you log the user out, or the mentioned 7 day timer runs out.

I don't see how entering a password is more secure then biometrics

It is. Back in 2013 TouchID was tricked by researchers who took high resolution images from fingerprints found on the housing of the very same device (an iPhone 5S) and were able to manufacture a high resolution replica that unlocked the device with TouchID successfully. That is a very basic attack that Apple can't protect against, since your device has no way of knowing whether the finger used is actually yours, attached to your own body.

To put differently, biometrics are something you are, whereas a password is something you have. Those are two fundamentally different factors, and they are treated differently by law as well. For example, in the States police have in the past used biometrics to unlock the iPhone belonging to a deceased suspect. And depending on your local laws you might be required to unlock your device with biometrics but not with a password.

In some situations biometrics are more secure, in some situations passwords are better. There is no clear winner, but the technical implementation by Apple makes it impossible to use biometrics after a device reboot, and these functions are based in the proprietary firmware and soldered on to the Apple device's logic boards, there is nothing that can be changed about it.

...which is a good thing. I wouldn't want some workaround to circumventing device security preventing a third party from accessing my personal data.

 

[maflynn]

This is how it should be and here’s why:

Thank you for the detailed response, you clearly provided a coherent description and justification on why its better this way. This is a lot better, then saying its the apple way and you need to adjust to it.

 

[jeremysteele]

So... you are upset at Apple making your device more secure? That's the purpose of requiring it; as others said, biometrics are useful for convenience or possibly a second/third factor.

This is the same reason you can disable face ID by smacking your power button a bunch of times - biometrics are incredibly easy to bypass and Apple knows it, so sometimes they require a pass or give you a way to temporarily disable it. They try to keep your device secure while also giving users an easy way to use it.

Also I have used Windows and Linux with finger prints, both of them also require a password on first login. At least on the 4 devices I used (3 work, 1 personal). Seems like this is a setting you can adjust, but not sure why you would.

 

[Spaceboi Scaphandre]

Can someone answer me why the fingerprint sensor doesn't work in all cases. What I mean, is if I restart my Mac, or let me daughter use the laptop and I log back in, I have to type my password and not use the fingerprint sensor. Why bother having a sensor if you're not going to use it as an alternative to typing in a password.

The same reason the Face ID doesn't work sometimes as it requires a passcode. It's a stupid oversight by Apple. You don't like it, complain about it in the Feedback Assistant so the software engineers at Apple know, because they don't read Twitter or MacRumors, they read the Feedback Assistant. https://support.apple.com/guide/feedback-assistant/get-started-fbab81460adb/mac

 

[MauiPa]

That defeats the purpose of a fingerprint sensor.


Yes and again, I don't see how entering a password is more secure then biometrics, Just because the phone does it this way means it's a good idea.

In the windows world, when I turn on my Thinkpad, its camera fires up and logs me in. No need to worry about the password - seems less secure and more work then it ought to

Is that the windows wake up with a picture of you. Ya very secure

 

[MauiPa]

I’m just going with. To make sure you actually are you

 

[Ifti]

That defeats the purpose of a fingerprint sensor.

Well not really.
I may restart my MacBook once a month. That's once in a month I have to type my password in, against the 5-10 times PER DAY I could be using the fingerprint sensor. Easy to do the math here.

Same with my iPhone. In fact I cant remember the last time I reboot my iPhone, so that's generally FaceID all the time, other then the odd occasion it does a random pin unlock.

Guess Apple just expects these devices to be on and just put to sleep all the time.

With my Windows laptop I use only the fingerprint sensor - even after a reboot. On the odd occasion it doesn't register I take a second to remember what the password is!

 

[Fruit Stand]

Its a work around not a solution and it doesn't address the fact that using a password is considered more secure then biometics.

What happens is if I'm logged out by my daughter or the system is rebooted, there I am moving my finger over the sensor and its not logging me in.

In the scope of things, its not a huge deal, but it is an area where Apple is strangely inefficient.

It’s inefficient for you but it’s been working since TouchID was introduced in 2013.

It’s a decision of security over convenience and I applaud it as annoying as it is to have to re-enter a password after extended periods or reboots.

Your daughter should likely also be using a separate account with her own password and possibly parental controls if she’s under age.

And here is a thought, since security seems to be a non issue for you remove the password all together.

 

[h.gilbert]

It's the difference between logging in and unlocking.

Logging in requires the password. Unlocking requires biometrics. Simple.

 

[Lounge vibes 05]

This is what frustrates me, yes its a small issue, but there are other platforms like windows and Linux that let me work and use the laptop as I want too. For Macs I'm forced to work the way Apple wants me too, they evidently know how I want to work better then me ¯\_(ツ)_/¯. Its a tool and it ought to let me use it the way I think its best.

This might be a stupid question, but… If you like Windows and Linux so much, why didn’t you get a Windows or Linux computer?
seriously, the biggest complaint I’ve ever seen from new Mac users is that… Their computer isn’t just like and or absolutely identical to Windows.
Fast User Switching with Touch ID Macs is actually really cool, if everyone’s logged into the same computer, you can just… rest your finger on the touch ID button, then click it to switch accounts.
it’s really sweet, it’s got a nice animation when switching between accounts as well.
admittedly, Apple doesn’t make it as easy to find as it should be, but use it, it sounds like exactly what you’re looking for

 

[maflynn]

This might be a stupid question, but… If you like Windows and Linux so much, why didn’t you get a Windows or Linux computer?

I do.

My MBP is a great machine and I use that for some things, and I have a desktop and laptop that is windows based (I had one other laptop for linux but I've moved away from that) and I use that for other tasks.

 

[antiprotest]

At least I got the answer to my question.

Because Apple made it so on purpose. To put it another way they feel its better to use passwords then biometrics to fully secure a laptop.

It is to make you enter your password at the most inconvenient times, such as when there are people next to you.

Sadistic Apple wants to make you feel awkward and paranoid.

That's the true answer.

 

[EmotionalSnow]

The reason why you have to enter your password after a restart is not because it's more secure or something like that. Your Mac has to decrypt the contents of the hard drive, which it can only do with your password and not a fingerprint -- since fingerprints don't have an exact mathematical representation that is the same every time.

 

[maflynn]

Also I have used Windows and Linux with finger prints, both of them also require a password on first login. At least on the 4 devices I used (3 work, 1 personal). Seems like this is a setting you can adjust, but not sure why you would.

My Thinkpad X1 E, does the windows hello 100% of the time, whether I'm waking it up, rebooting, or turning it on.

 

[MayaUser]

windows hello is all about comfy with very low security level
The booting and entering your pass is way from the OS level...faceID is working the same way, touchID from the iphone 5s worked the same...decrypt on the enclave SoC
I love to have a way to req my password that only I know it and for the normal uses toucID/faceID