Inside Sierra: How Apple Watch 'Auto Unlock' will let you jump straight into macOS

Posted:
in macOS
One of the most anticipated features of macOS Sierra may actually be one of the simplest: Auto Unlock, which stands to save some Mac and Apple Watch owners trouble if they regularly log in and out of their system.




The technology requires that a person be wearing an "authenticated" Apple Watch when they approach a powered-on Mac sitting at its login screen, according to Apple. The computer will then transition to the desktop within a few seconds, eliminating the need to type in a password.

Authentication means that the device is not only paired with an iPhone but has been approved via a PIN code or Touch ID fingerprint recognition. People must also be wearing their Watch, since the device's sensors will break authentication if they detect being removed from a wrist. The same scheme is what allows the Watch to use Apple Pay.

Apple hasn't specified what kind of wireless protocol Auto Unlock relies on, but it's presumably Bluetooth, since that has a short enough range to be precise, and Macs lack any built-in NFC support -- at least so far.

People without a Watch should still be apple to rely on third-party apps like Knock, which requires only that you have an iPhone. Apple's system is simply more convenient as there is no middle step involved.

macOS Sierra will launch as a free update sometime this fall.
«13

Comments

  • Reply 1 of 46
    Folks, how is this "Inside Sierra: How Apple Watch 'Auto Unlock' will let you jump straight into macOS"? The title implied a dive inside the technology that allows this functionality to work.... And yes, I guess you can say, mentioning Bluetooth could explain the title. But this really didn't cover anything that the key note hasn't already covered.
    Solilolliver
  • Reply 2 of 46
    danwellsdanwells Posts: 39member
    I hope that, by the time Sierra is released, this will be extended to the iPhone as well, rather than used as a ploy to sell the Apple Watch. It would be perfectly easy to do the same thing with an iPhone, which most Mac owners have (there are so many more iPhones out there than Macs that I'd assume the Mac/Android combination is somewhat rare (or owning a relatively expensive recent Mac but no smartphone at all)). Of course, you can still unlock your Mac the old way if you prefer Android or don't have a smartphone - but MANY more people could use auto-unlock if it worked with the iPhone.
    mwhite
  • Reply 3 of 46
    ppietrappietra Posts: 288member
    no support for auto-unlock with an iPhone? weird
    Are there any other security policies involved? Since the Watch can be authenticated with a PIN, that means it would become the weakest security link to get into a Mac. For most people it wouldn’t be of much concerned, but it todays world a PIN is not a good security policy
  • Reply 4 of 46
    sockrolidsockrolid Posts: 2,789member
    Looking forward to this feature.  Yet another benefit of the tightly integrated Apple hardware / software / ecosystem.

    But seriously, iPhone not performing Auto Unlock on your Mac is definitely a First World Problem.
    Relax. You'll be fine.
    stevehai46Solijbdragonlollivercornchip
  • Reply 5 of 46
    macguimacgui Posts: 2,419member
    I didn't see the title as implying a dive into the tech at all but into the actual action of unlocking a Mac. A lot of people didn't watch the Keynote and may not watch at all. This doesn't tell them much more than the Keynote would have, but if they didn't see it, it's more than nothing at all.

    As mentioned, apps like Knock or MacID can be used with the iPhone. It just makes more sense to use the Watch, ploy or not.

    Apple might bring it to the iPhone, but that doesn't make for as sexy a presentation as using the Watch. With as many detractors of the Watch as there are, bringing a little more functionality to it, as well as convenience AND security to the Mac, isn't a bad thing.
    nolamacguynhughes
  • Reply 6 of 46
    volcanvolcan Posts: 1,799member
    AppleInsider said:

    Apple hasn't specified what kind of wireless protocol Auto Unlock relies on, but it's presumably Bluetooth, since that has a short enough range to be precise, and Macs lack any built-in NFC support -- at least so far.
    Saying BT has a short enough range does not make any sense even with today's version 4.1 which is around 100 meters. The new Bluetooth 5 coming late this year or early next is supposed to quadruple the effective range.
    edited June 2016 Soli
  • Reply 7 of 46
    volcan said:
    AppleInsider said:

    Apple hasn't specified what kind of wireless protocol Auto Unlock relies on, but it's presumably Bluetooth, since that has a short enough range to be precise, and Macs lack any built-in NFC support -- at least so far.
    Saying BT has a short enough range does not make any sense even with today's version 4.1 which is around 100 meters. The new Bluetooth 5 coming late this year or early next is supposed to quadruple the effective range.
    They can always use Power Class 3 for short range transmission. Full range is for Power Class 1
    volcanSoli
  • Reply 8 of 46
    rob53rob53 Posts: 3,290member
    If I were to begin writing a security plan with the Apple Watch as a way to unlock a system, I'd be very nervous. I understand it's acceptable for ApplePay because it has more than one requirement to make it to work: 1) Watch attached to wrist, and 2) Watch authenticated to iPhone using PIN or TouchID (my emphasis, I wouldn't allow just the PIN), and 3) iPhone must be present. On the surface I might have been able to justify this combination but I'd like a few other questions answered before I would even have attempt to include it as a secure means of unlocking a computer.

    1. Does the Apple Watch have some way of authenticating to the wrist it is attached to? Don't start laughing because if it doesn't, the FBI and other law enforcement people could simply attach the Apple Watch to their wrist, get close to a locked Mac and it would unlock.

    2. How long does the authentication process stay in effect before the user has to re-authenticate their Apple Watch? If the time period isn't too long, say one day, then it might be acceptable and make #1 moot.

    3. How secure and anti-sniffing is the version of Bluetooth used in all these devices? Can a hacker walk around with a sniffer in their pocket and sniff the Bluetooth communication going on between the devices and, most importantly, simulate it enough to unlock the computer the minute the user steps away?

    4. When the user leaves their Mac, does the computer get automatically locked? If so, from how far away. If not, this is a feature I'd absolutely demand and I'd want the distance to be minimal, like maybe 10 feet.

    5. The hardest part with getting this new feature approved for use on government computers is the unfortunate fact that the US government continues to ignore Macs and Mac security. They have begun to use iOS devices and have approved configurations (there are approved configured for Macs but they really could care less). In order for this combination of hardware to be approved for government use, all three devices would need to be approved individually then the unlocking process specifically approved. The government isn't going to "waste" its time doing this so Apple needs to step up and make sure that before macOS Sierra is released all the updated security enhancements have been documented and approved by NIST, NSA, and the US government. I'm not holding my breath so I see this feature as being fun for Apple Watch users but doubt it will ever be used within the enterprise or government installation. Apple, please prove my wrong.
  • Reply 9 of 46
    hmlongcohmlongco Posts: 563member
    rob53 said:
    If I were to begin writing a security plan with the Apple Watch as a way to unlock a system, I'd be very nervous. 
    As mentioned, a watch needs to be authenticated. This is done by putting on the watch and entering the watch passcode, or by putting on the watch and then authenticating on the iPhone paired to the watch. Then and only then can it be used to unlock a Mac.

    So no, you can't just put on someone else's watch and wave it at the nearest MBP. At least not unless you have the PIN for the watch or you have the watch and phone and the PIN for the phone.

    As to #4, your Mac locks however it's always locked. After a timeout period or when told to do so.
    Solinolamacguyroundaboutnowjbdragonlolliverbestkeptsecret
  • Reply 10 of 46
    hmlongcohmlongco Posts: 563member

    danwells said:
    I hope that, by the time Sierra is released, this will be extended to the iPhone as well, rather than used as a ploy to sell the Apple Watch. 
    When you put on the watch you authenticate the watch. The watch stays authenticated until its removed. Hence an authenticated watch can unlock a paired Mac, since the Mac is trusting that authentication process.

    An iPhone, however, doesn't know when its been removed from its user and so its not a good idea to simply unlock a Mac whenever a phone is near.

    Now, you might be able to do some sort of Apple Pay-like authentication, and have the phone do a TouchID request that then unlocks the Mac, but the process is never going to be as simple as it would be with the watch
    Soliroundaboutnowrazorpitjbdragonlolliverbestkeptsecret
  • Reply 11 of 46
    Eric_WVGGEric_WVGG Posts: 972member
    rob53 said:
    1. Does the Apple Watch have some way of authenticating to the wrist it is attached to? Don't start laughing because if it doesn't, the FBI and other law enforcement people could simply attach the Apple Watch to their wrist, get close to a locked Mac and it would unlock.

    2. How long does the authentication process stay in effect before the user has to re-authenticate their Apple Watch? If the time period isn't too long, say one day, then it might be acceptable and make #1 moot.

    3. How secure and anti-sniffing is the version of Bluetooth used in all these devices? Can a hacker walk around with a sniffer in their pocket and sniff the Bluetooth communication going on between the devices and, most importantly, simulate it enough to unlock the computer the minute the user steps away?

    4. When the user leaves their Mac, does the computer get automatically locked? If so, from how far away. If not, this is a feature I'd absolutely demand and I'd want the distance to be minimal, like maybe 10 feet.
    1. The Watch doesn't work for authentication until the user has tapped a passcode. Once the watch is removed from the wrist, the passcode must be re-entered.

    2. It's sort of a moot question, the watch battery will die in under 24 hours, at which point it's removed from the wrist and must be re-unlocked before it can be used for authentication again.

    3. It's about as likely that they're NOT encrypting communication as Eddie Cue is going to walk on stage at the next iPhone keynote with his dick literally hanging out of his pants.

    4. If you absolutely demand that the laptop fall asleep when you're x feet away, how are you coping with using your laptop without presence-awareness today? Manual sleep or sleep upon lid-shut is perhaps not magically ideal but no worse that what we have today.

    But for what it's worth, MacID (similar to aforementioned Knock) will auto-sleep the laptop based on iPhone proximity, if a 3rd party utlity can do that I see no reason why Apple's solution wouldn't be at least as sophisticated.
    Solinolamacguyfastasleeplolliver
  • Reply 12 of 46
    rob53 said:
    4. When the user leaves their Mac, does the computer get automatically locked? If so, from how far away. If not, this is a feature I'd absolutely demand and I'd want the distance to be minimal, like maybe 10 feet.
    Well, if they use a Class 3 antenna, it's max range is about 3 feet, so that would take care of that. For encryption, I'd assume they'd stick with their usual 256 bit AES algorithm
  • Reply 13 of 46
    brucemcbrucemc Posts: 1,541member
    rob53 said:
    If I were to begin writing a security plan with the Apple Watch as a way to unlock a system, I'd be very nervous. I understand it's acceptable for ApplePay because it has more than one requirement to make it to work: 1) Watch attached to wrist, and 2) Watch authenticated to iPhone using PIN or TouchID (my emphasis, I wouldn't allow just the PIN), and 3) iPhone must be present. On the surface I might have been able to justify this combination but I'd like a few other questions answered before I would even have attempt to include it as a secure means of unlocking a computer.

    1. Does the Apple Watch have some way of authenticating to the wrist it is attached to? Don't start laughing because if it doesn't, the FBI and other law enforcement people could simply attach the Apple Watch to their wrist, get close to a locked Mac and it would unlock.

    2. How long does the authentication process stay in effect before the user has to re-authenticate their Apple Watch? If the time period isn't too long, say one day, then it might be acceptable and make #1 moot.

    3. How secure and anti-sniffing is the version of Bluetooth used in all these devices? Can a hacker walk around with a sniffer in their pocket and sniff the Bluetooth communication going on between the devices and, most importantly, simulate it enough to unlock the computer the minute the user steps away?

    4. When the user leaves their Mac, does the computer get automatically locked? If so, from how far away. If not, this is a feature I'd absolutely demand and I'd want the distance to be minimal, like maybe 10 feet.

    5. The hardest part with getting this new feature approved for use on government computers is the unfortunate fact that the US government continues to ignore Macs and Mac security. They have begun to use iOS devices and have approved configurations (there are approved configured for Macs but they really could care less). In order for this combination of hardware to be approved for government use, all three devices would need to be approved individually then the unlocking process specifically approved. The government isn't going to "waste" its time doing this so Apple needs to step up and make sure that before macOS Sierra is released all the updated security enhancements have been documented and approved by NIST, NSA, and the US government. I'm not holding my breath so I see this feature as being fun for Apple Watch users but doubt it will ever be used within the enterprise or government installation. Apple, please prove my wrong.
    You are a little off on your understanding of Apple Watch and Apple Pay usage.
    - The Apple Watch is "authenticated" by either a PIN that you setup, and/or via TouchID on a paired watch, after you have put it on your wrist.
    - Once AW is taken off wrist (no longer detects heartbeat), it automatically locks.  Then repeat step 1.
    - Apple Pay on the AW does not require the paired iPhone to be present - just that it is authenticated & on the wrist.  The NFC secure transaction happens from AW to terminal, no iPhone in the loop.

    You should really use things before you start writing about their deficiencies...


    nolamacguyfastasleeplolliver[Deleted User]
  • Reply 14 of 46
    volcanvolcan Posts: 1,799member
    jbishop1039 said:

    They can always use Power Class 3 for short range transmission. Full range is for Power Class 1
    Can the Watch change it's power class dynamically? 

    Apparently Apple has figured it out.
  • Reply 15 of 46
    volcanvolcan Posts: 1,799member
    Eric_WVGG said:
    1. The Watch doesn't work for authentication until the user has tapped a passcode. Once the watch is removed from the wrist, the passcode must be re-entered.
    Unless you have the setting enabled that unlocks the Watch when you unlock the iPhone. Of course the Watch needs to be on a wrist.
  • Reply 16 of 46
    This is nice, I guess. Call me a codger if you will, but I never felt like the 0.5 seconds it takes me to enter my password to unlock my computer was any kind of hassle. 
  • Reply 17 of 46
    SoliSoli Posts: 10,038member
    A special thanks to @volcan, @brucemc, @hmlongco, and @jbishop1039 for their explanations (and hopefully putting the Apple Pay on Watch misconception to rest once and for all). Yeah, I know that last part is wishful thinking on my part.
    edited June 2016 brucemcroundaboutnowjbishop1039lolliver
  • Reply 18 of 46
    nolamacguynolamacguy Posts: 4,758member
    rob53 said:
    If I were to begin writing a security plan with the Apple Watch as a way to unlock a system, I'd be very nervous. I understand it's acceptable for ApplePay because it has more than one requirement to make it to work: 1) Watch attached to wrist, and 2) Watch authenticated to iPhone using PIN or TouchID (my emphasis, I wouldn't allow just the PIN), and 3) iPhone must be present. On the surface I might have been able to justify this combination but I'd like a few other questions answered before I would even have attempt to include it as a secure means of unlocking a computer.

    1. Does the Apple Watch have some way of authenticating to the wrist it is attached to? Don't start laughing because if it doesn't, the FBI and other law enforcement people could simply attach the Apple Watch to their wrist, get close to a locked Mac and it would unlock.

    2. How long does the authentication process stay in effect before the user has to re-authenticate their Apple Watch? If the time period isn't too long, say one day, then it might be acceptable and make #1 moot.

    3. How secure and anti-sniffing is the version of Bluetooth used in all these devices? Can a hacker walk around with a sniffer in their pocket and sniff the Bluetooth communication going on between the devices and, most importantly, simulate it enough to unlock the computer the minute the user steps away?

    4. When the user leaves their Mac, does the computer get automatically locked? If so, from how far away. If not, this is a feature I'd absolutely demand and I'd want the distance to be minimal, like maybe 10 feet.

    5. The hardest part with getting this new feature approved for use on government computers is the unfortunate fact that the US government continues to ignore Macs and Mac security. They have begun to use iOS devices and have approved configurations (there are approved configured for Macs but they really could care less). In order for this combination of hardware to be approved for government use, all three devices would need to be approved individually then the unlocking process specifically approved. The government isn't going to "waste" its time doing this so Apple needs to step up and make sure that before macOS Sierra is released all the updated security enhancements have been documented and approved by NIST, NSA, and the US government. I'm not holding my breath so I see this feature as being fun for Apple Watch users but doubt it will ever be used within the enterprise or government installation. Apple, please prove my wrong.
    id suggest using these things (or at least obtaining a basic idea of how they work) before shitting on them. because your "points" are all FUD nonsense, as has been already explained.

    fastasleeplolliver
  • Reply 19 of 46
    volcan said:
    jbishop1039 said:

    They can always use Power Class 3 for short range transmission. Full range is for Power Class 1
    Can the Watch change it's power class dynamically? 

    Apparently Apple has figured it out.

    Would putting the class 3 antenna in the Mac solve that? Then the Mac is the device controlling the range requirement. Just a thought, by no means am I a Bluetooth expert
    edited June 2016
  • Reply 20 of 46
    volcanvolcan Posts: 1,799member
    This is nice, I guess. Call me a codger if you will, but I never felt like the 0.5 seconds it takes me to enter my password to unlock my computer was any kind of hassle. 
    Last year when Apple developer site supposedly got hacked, I changed my passwords to really long phrases that greatly increase the chance of a typo so I LOVE Touch ID in lieu of typing in a password. It will be great to get a similarly simple but secure way to unlock my Macs.
Sign In or Register to comment.