Inside Sierra: How Apple Watch 'Auto Unlock' will let you jump straight into macOS
One of the most anticipated features of macOS Sierra may actually be one of the simplest: Auto Unlock, which stands to save some Mac and Apple Watch owners trouble if they regularly log in and out of their system.
The technology requires that a person be wearing an "authenticated" Apple Watch when they approach a powered-on Mac sitting at its login screen, according to Apple. The computer will then transition to the desktop within a few seconds, eliminating the need to type in a password.
Authentication means that the device is not only paired with an iPhone but has been approved via a PIN code or Touch ID fingerprint recognition. People must also be wearing their Watch, since the device's sensors will break authentication if they detect being removed from a wrist. The same scheme is what allows the Watch to use Apple Pay.
Apple hasn't specified what kind of wireless protocol Auto Unlock relies on, but it's presumably Bluetooth, since that has a short enough range to be precise, and Macs lack any built-in NFC support -- at least so far.
People without a Watch should still be apple to rely on third-party apps like Knock, which requires only that you have an iPhone. Apple's system is simply more convenient as there is no middle step involved.
macOS Sierra will launch as a free update sometime this fall.
The technology requires that a person be wearing an "authenticated" Apple Watch when they approach a powered-on Mac sitting at its login screen, according to Apple. The computer will then transition to the desktop within a few seconds, eliminating the need to type in a password.
Authentication means that the device is not only paired with an iPhone but has been approved via a PIN code or Touch ID fingerprint recognition. People must also be wearing their Watch, since the device's sensors will break authentication if they detect being removed from a wrist. The same scheme is what allows the Watch to use Apple Pay.
Apple hasn't specified what kind of wireless protocol Auto Unlock relies on, but it's presumably Bluetooth, since that has a short enough range to be precise, and Macs lack any built-in NFC support -- at least so far.
People without a Watch should still be apple to rely on third-party apps like Knock, which requires only that you have an iPhone. Apple's system is simply more convenient as there is no middle step involved.
macOS Sierra will launch as a free update sometime this fall.
Comments
Are there any other security policies involved? Since the Watch can be authenticated with a PIN, that means it would become the weakest security link to get into a Mac. For most people it wouldn’t be of much concerned, but it todays world a PIN is not a good security policy
But seriously, iPhone not performing Auto Unlock on your Mac is definitely a First World Problem.
Relax. You'll be fine.
As mentioned, apps like Knock or MacID can be used with the iPhone. It just makes more sense to use the Watch, ploy or not.
Apple might bring it to the iPhone, but that doesn't make for as sexy a presentation as using the Watch. With as many detractors of the Watch as there are, bringing a little more functionality to it, as well as convenience AND security to the Mac, isn't a bad thing.
1. Does the Apple Watch have some way of authenticating to the wrist it is attached to? Don't start laughing because if it doesn't, the FBI and other law enforcement people could simply attach the Apple Watch to their wrist, get close to a locked Mac and it would unlock.
2. How long does the authentication process stay in effect before the user has to re-authenticate their Apple Watch? If the time period isn't too long, say one day, then it might be acceptable and make #1 moot.
3. How secure and anti-sniffing is the version of Bluetooth used in all these devices? Can a hacker walk around with a sniffer in their pocket and sniff the Bluetooth communication going on between the devices and, most importantly, simulate it enough to unlock the computer the minute the user steps away?
4. When the user leaves their Mac, does the computer get automatically locked? If so, from how far away. If not, this is a feature I'd absolutely demand and I'd want the distance to be minimal, like maybe 10 feet.
5. The hardest part with getting this new feature approved for use on government computers is the unfortunate fact that the US government continues to ignore Macs and Mac security. They have begun to use iOS devices and have approved configurations (there are approved configured for Macs but they really could care less). In order for this combination of hardware to be approved for government use, all three devices would need to be approved individually then the unlocking process specifically approved. The government isn't going to "waste" its time doing this so Apple needs to step up and make sure that before macOS Sierra is released all the updated security enhancements have been documented and approved by NIST, NSA, and the US government. I'm not holding my breath so I see this feature as being fun for Apple Watch users but doubt it will ever be used within the enterprise or government installation. Apple, please prove my wrong.
So no, you can't just put on someone else's watch and wave it at the nearest MBP. At least not unless you have the PIN for the watch or you have the watch and phone and the PIN for the phone.
As to #4, your Mac locks however it's always locked. After a timeout period or when told to do so.
When you put on the watch you authenticate the watch. The watch stays authenticated until its removed. Hence an authenticated watch can unlock a paired Mac, since the Mac is trusting that authentication process.
An iPhone, however, doesn't know when its been removed from its user and so its not a good idea to simply unlock a Mac whenever a phone is near.
Now, you might be able to do some sort of Apple Pay-like authentication, and have the phone do a TouchID request that then unlocks the Mac, but the process is never going to be as simple as it would be with the watch
2. It's sort of a moot question, the watch battery will die in under 24 hours, at which point it's removed from the wrist and must be re-unlocked before it can be used for authentication again.
3. It's about as likely that they're NOT encrypting communication as Eddie Cue is going to walk on stage at the next iPhone keynote with his dick literally hanging out of his pants.
4. If you absolutely demand that the laptop fall asleep when you're x feet away, how are you coping with using your laptop without presence-awareness today? Manual sleep or sleep upon lid-shut is perhaps not magically ideal but no worse that what we have today.
But for what it's worth, MacID (similar to aforementioned Knock) will auto-sleep the laptop based on iPhone proximity, if a 3rd party utlity can do that I see no reason why Apple's solution wouldn't be at least as sophisticated.
- The Apple Watch is "authenticated" by either a PIN that you setup, and/or via TouchID on a paired watch, after you have put it on your wrist.
- Once AW is taken off wrist (no longer detects heartbeat), it automatically locks. Then repeat step 1.
- Apple Pay on the AW does not require the paired iPhone to be present - just that it is authenticated & on the wrist. The NFC secure transaction happens from AW to terminal, no iPhone in the loop.
You should really use things before you start writing about their deficiencies...
Apparently Apple has figured it out.
Would putting the class 3 antenna in the Mac solve that? Then the Mac is the device controlling the range requirement. Just a thought, by no means am I a Bluetooth expert