The Practical Guide To Mac Security: Part 19, Touch ID

Check out the rest of the videos in this special course: The Practical Guide To Mac Security.

Touch ID makes it more convenient to log on to your Mac and perform other tasks. By making it easier it encourages more people to use stronger account passwords.

Video Transcript: This is Gary with MacMost.com. This is Part 19 of my course The Practical Guide to Mac Security. This course is brought to you thanks to my great Patreon supporters. Go to MacMost.com/patreon to find out more and join us. 
So Touch ID is a feature that you get on newer MacBook Pros and MacBook Air. It allows you to unlock your computer by just using your fingerprint. Now you may think that this sounds less secure. After all instead of having to enter your password you can just use your fingerprint and perhaps there's some way to more easily get around a fingerprint lock than a password lock. But there are several reasons why it's not. 
First, you still need your password for many things. So it doesn't replace the password. It's not instead of the password. In fact, what Touch ID really does is it unlocks the password itself. So every time you use Touch ID it's typing the password for you. But to get access to that password it's using your fingerprint. Also, a lot of people are worried about registering their fingerprint on their Mac thinking that where could that fingerprint go. Is it stored by Apple? It's actually stored in a secure place on your Mac. In a secure piece of hardware. So if you were to setup Touch ID on an iPhone and Touch ID on your MacBook notice that it doesn't pull it through iCloud or anything like that. You have to actually set it up individually for each device. It's stored just on the device. It's never sent anywhere. 
If you're worried about there being an error because fingerprints, while unique for everybody, can be similar and perhaps maybe the sensor isn't perfect. Apple estimates a one in fifty thousand chances of an error. Which means the chances of somebody stealing your MacBook and then being able to use the fingerprint sensor   to get access is extremely remote. If you think about passwords and passcodes on phones, a one in fifty thousand chance is kind of halfway between a four and five digit code on the phone. Having to guess it over and over again except that you can't guess a fingerprint. You have to either try your fingerprint or not. So, it really is pretty impossible to fool a fingerprint sensor. 
Now note that when you use Touch ID a password is still needed in a lot of cases. For instance, if you log out of Restart, when you log back in you have to enter your password. Also, if you haven't used your Mac in 48 hours, so it's just been sitting there asleep or off for 48 hours, then you need to use it. You can't just use the fingerprint. It has to be a password. You can't change your Touch ID using your fingerprint. You have to enter your password or if you want to change your password it's also going to ask you for your password. So a lot of the highest most secure, most sensitive things require a password not Touch ID. If you try five attempts with the fingerprint it's going to then require your password. So you can see how there the one in fifty thousand chances of randomly having the wrong fingerprint unlock your Mac kind of stops there because you can't just keep guessing. After five attempts, five fingerprints that have been tried, it's going to lock somebody out. You could also use Find My as we looked at before to lock the Mac. At that point it has to use a password to get in, not Touch ID. 
Now here's how Touch ID helps to improve security. Now this may not affect your as an individual but it affects Mac users in general. First, there's still a lot of Mac users that don't use an account password. They find it inconvenient. This is a shame because it's, of course, critical for security as we have learned. But Touch ID makes it so much easier to login. It will encourage more people to use a password. Instead of having to enter the password throughout the day for many different things you can go from day to day using Touch ID and only occasionally need to use the password. Also it encourages longer and stronger passwords. If maybe you've set your Mac's password to be something very short, like maybe only six characters, maybe even a word or something that's a weak password, this may encourage you to use a longer, stronger password knowing that you rarely have to enter it in. Instead of many times a day, maybe once a day or less. 
So let's take a look at Touch ID. Of course you find it in System Preferences on MacBooks that have a Touch ID. Of course that includes the new iMacs which have Touch ID on the keyboard. Then when you setup your Mac you are prompted to use Touch ID and to register your fingerprint. But you could always go into System Preferences here. Go to Touch ID and then from there you can add new fingerprints and set Settings here. So, you see how you could even take away some of the privileges of Touch ID if you want to force a password to be used at a specific moment when different things are done. You can kind of set the level of when Touch ID is used and when it's not used. Also, you can add more fingerprints. So if you find sometimes you use your left index finger instead of your right index finger you can add both of those or you can add more of your fingers or your thumb to Touch ID. 
So you should definitely use Touch ID. Not be afraid to use it. If you want ultimate security for your Mac then you would just use a long, strong password and not use Touch ID. But a good compromise is to use Touch ID and then use a longer, stronger password for your Mac. So in the past you may have used an eight character password that's easy to type. Maybe extend that to a ten or thirteen character password that's randomly generated. Then pair that with using Touch ID so you're not always typing this strong password. That combination gives you fairly good security on your Mac while also giving you some level of convenience.

Comments: 5 Responses to “The Practical Guide To Mac Security: Part 19, Touch ID”

Gerald Aubertin

3 years ago

I was using touch ID on my IPhone, until watching a TV show were they used a touch ID on a dead person to open their phone.
I thought it made me valuable.

Howard Brazee

I really don't see the advantage in requiring a password instead of my fingerprint when I restart my M1 iMac.

I still haven't found an online store that I want to buy from using touch id.

Ilan Aisic

Touch ID works fine for me and it's very quick.
If you're not working for a criminal organization or for an intelligence service, then 1 in 50,000 is good enough.

Bob Smailes

Nice and informative as always, Gary. What fingerprint sensor could I use for my iMac?

Gary Rosenzweig

Bob: The newest iMacs come with a keyboard that includes Touch ID. But if you have an older iMac, there's no way to add it. It isn't as easy as adding a peripheral as this has to be integrated into the security hardware of the machine.

Comments Closed.

The Practical Guide To Mac Security: Part 19, Touch ID

Comments: 5 Responses to “The Practical Guide To Mac Security: Part 19, Touch ID”

Welcome to MacMost

Free Weekly Newsletter

MacMost Online Courses

Keyboard Shortcuts PDF

Connect with MacMost

MacMost Sections

Popular Tutorials

Information