TouchID does not work for logging in first boot?

[Sensamic]

Trying out my girlfriends iMac M1 with Magic Keyboard and TouchID I just check that I can't use my fingerprint to log in after initial boot. Is that so for everyone? Or is there a setting I have to find?

 

[adrianlondon]

You need to log in once using a password to unlock the drive (filevault) and the area (secure enclave) that stores fingerprints.

Secure Enclave

The Secure Enclave is a dedicated secure subsystem in the latest versions of iPhone, iPad, Mac, Apple TV, Apple Watch and HomePod.

support.apple.com

 

[casperes1996]

Yeah it’s a fundamental part of the security architecture. The fingerprint reader in the keyboard and the Secure Enclave have no session key to unlock with on first boot. Fingerprint is not considered a master key on the system only the password is. So after you enter the password the Secure Enclave generates a session key that the fingerprint reader can unlock with.
It can be invalidated with a timeout or find my marking the device as lost and such to reduce the threat vector

 

[Jackbequickly]

No way around it.

 

[Lee_Bo]

And it’s the same with TouchID on older iPhones and FaceID on newer iPhones. First login after reboot requires pin.

 

[admwright]

Also, if you do not use the Mac for 3 days (I think) you also need to enter the password.