I didn't make a suggestion!!! I just stated that Apple COULD do it IF THEY WANTED TO. Obviously I know they don't want to, that was my my point. I'm pretty sure we are on the same side of the argument here.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
MBP Fingerprint sensor
- Thread starter maflynn
- Start date
- Sort by reaction score
I don't see any sides. This is just a discussion. My bad if I have offended you. You implied that Apple's decision was restricting "freedom" in you previous post, thus it as if you were trying to suggest skirting this security. But in the end, user freedom doesn't change as they can opt out of not using Apple if they don't like the security decisions Apple took. Anyway, no sides, and no ill intention from my part, just having a discussion. 🙏
I know that requiring the password at startup is by design and it's a carry-over from how iOS and iPadOS have worked with Touch ID (since well before the advent of Face ID). It threw me off when I first realized it. But, it's the same deal. Face ID and Touch ID on the 'Phones and 'Pads won't work after a cold boot without you first entering your password. I was not aware that fully logging out of one user account wouldn't allow Touch ID to work with another one. I do know that Touch ID works with Fast-User-Switching. But Fast-User-Switching has its own problems.
I agree that it's dumb that it is this way when it isn't for other platforms. I'm guessing that Apple and Microsoft have differing opinions on whether biometrics or passwords are ultimately the more secure means of authentication.
I agree that it's dumb that it is this way when it isn't for other platforms. I'm guessing that Apple and Microsoft have differing opinions on whether biometrics or passwords are ultimately the more secure means of authentication.
“Why” is because that’s how it’s designed. I don’t disagree with you that fingerprint could/should be allowed for initial login though. Provide feedback.
Imo it is the complete opposite of dumb. Apple considers your biometric data to be private, and they are stored securely and locally in the hardware secure enclave, under lock and key.
Microsoft, OTOH, stores your biometric data in a database file.
I leave it up to you which way you prefer. Security and convenience are a balance. More of one will always be less of the other.
What I am never able to work out is why performing some actions (besides log-in) that require authentication, you can use your fingerprint -- but other times, seemingly at random, it requires the password.
For both MacOS and iOS it seems like Apple is regarding the passcode as somehow more secure than biometrics. In both OSes, for example, you can change key security settings with a password and not with biometrics. Hence all the publicity lately about people's iPhones being compromised by people shoulder-surfing their passcodes, stealing the device, and then having total access to everything in it because biometrics are treated as secondary to passcodes -- when it should really be the other way around.
I think this is the answer for why it's needed at startup. I don't think it explains why, though, switching to a user account that is already logged in (coming from another user account, or waking from sleep, for example), a password is sometimes required.
For both MacOS and iOS it seems like Apple is regarding the passcode as somehow more secure than biometrics. In both OSes, for example, you can change key security settings with a password and not with biometrics. Hence all the publicity lately about people's iPhones being compromised by people shoulder-surfing their passcodes, stealing the device, and then having total access to everything in it because biometrics are treated as secondary to passcodes -- when it should really be the other way around.
The most secure thing about a password is that generally, it's either very difficult (impossible I believe if you're in the US) to legally make you disclose it or enter it.
Whereas in most situations with law enforcement you can be very easily forced to unlock your device with fingerprint/face unlock. This isn't just with the big agencies like the FBI or the CIA, this is just police, or airport security. In many of these situations they just decide it's easier/safer to violate your privacy and force you to unlock your device for them. Sometimes they'll take your phone, copy the entire contents to their drive, do god knows what else, and give it back to you.
Thus, easy solution is just shut down your Apple devices and you can't be forced to unlock them because they simply won't do biometrics until you put in the password. Even in a place like Australia where we obviously don't have the fifth amendment, you still have to be dragged in front of a judge in order to be compelled to provide your password, and that protects you from routine nosy lazy law enforcement, airport security etc that have no legitimate reason to get into your devices. Their policy is to try to intimidate you into unlocking your device, and when you refuse they eventually just give up unless they actually have a serious reason.
Law enforcement here in the U.S. can still force you to unlock your device, but they have to get a warrant first, if I remember correctly.
Actually I need to clarify something. Apparently, sometimes law enforcement can’t force you to unlock your device even though they have a warrant, because it is still seen as self incrimination. However, don’t take my word for it, because I have been finding contradictory evidence about this.