Is the knowledge of which finger to use protected as much as a passcode? Law enforcement might have the authority to physically hold the owner's finger to the device, but it seems that the owner has the right to refuse to disclose which finger is the right one. If law enforcement doesn't guess correctly in a few tries, the device could lock itself and require the passcode.
Another reason to use my dog's nose instead of a fingerprint.
I really wish Apple would offer a pin option on macos. For this reason, precisely. Either that, or an option to automatically disable touchid after a short amount of time (eg an hour or if my phone doesn't connect to the laptop)
You can setup a separated account with a long password on MacOS and remove your user account from accounts that can unlock FileVault. Then you can change your account to use a short password. You can also change various settings regarding how long Mac has to sleep before requiring to unlock FileVault.
I didn’t understand how a user that cannot unlock FileVault helps. Can you please elaborate on this setup? Thanks.
With that setup on boot or after a long sleep one first must log in into an account with longer password. Then one logs out of that and switches to the primary account with a short password.
As another alternative, rather than using Touch ID you can setup a Yubikey or similar hardware key for login to macOS. Then your login does indeed become a PIN with 3 tries before lockout. That plus a complex password is pretty convenient but not biometric. It's what I've done for a long time on my desktop devices.
I often see people use a "pin" on Windows and I never got it. What is the purpose of a pin makes it different from a password?
PIN numbers are easier to remember. Remember, 99% of the population does not care about defense against state actors, just stopping nosy co-workers or family members from looking at their stuff. The next group (which I would include myself in) is concerned about theft (both physical and remote), where someone can get "unlimited" access to your machine and may be able to defeat a short PIN but is unlikely to beat a strong password. If you are in the realm of defending against state actors, then that is something you have to take multiple steps to ensure, and a single slip-up will tank your operation (like with this lady).
Wait, wasn’t touch id phased out together with the intel touch bar macbooks? I’ve never used anything but a long password to unlock.
No, it's been part of the power button since then.
On my Macbook Pro, I usually need to use both touch and a password but that might be only when some hours have passed between log ins.
You can script a time out if desired.
uhm, are you saying its not possible to require an actual password to unlock osx?
My guess is they want to have a PIN as a short-term credential analogous to the Touch ID, that is, it only works for X hours per password auth before needing password auth again, and then you only get X tries on the PIN before it either locks the PIN out and you need the full password to reactivate it (or I guess it could wipe the laptop à la iPhone).
> uhm, are you saying its not possible to require an actual password to unlock osx?
uhm, are saying that i'm saying that? if so, please show me where i said that. thank you
no, thats why i was asking, as i was not fully sure what you meant
what im saying is that i dont want to type in a long ass password all the time
and biometrics have "legal problems" as stated above
a pin or allowing touchid to automatically be disabled after a period of time or computer movement ("please enter password to login") would be greatly appreciated
as it stands now, i have biometrics disabled.
seems reasonable
There's only ten possible guesses, and most people use their thumb and/or index finger, leaving four much likelier guesses.
Also, IANAL, but I'm pretty sure that if law enforcement has a warrant to seize property from you, they're not obligated to do so immediately the instant they see you - they could have someone follow you and watch to see how you unlock your phone before seizing it.
0.1 in itself is a very good odd, and 0.1 * n tries is even more laughable. Also most people have two fingers touchID, which makes this number close to half in reality.