← Back to context

Comment by xp84

2 days ago

I think if done right, typing that password should be more like a once a quarter exception rather than a daily occurrence.

Granted - there are blockers to getting there. IDK why for example, macOS can't use Touch ID from a cold boot, that's stupid, at least when there haven't been too many failed attempts or anything.

2 comments

xp84

Reply
zimpenfish  2 days ago

> macOS can't use Touch ID from a cold boot

Isn't that because the Secure Enclave (the only place which contains the Touch ID biometric data) is locked by your password?

"When a user's password is set up on an Apple Silicon Mac, the password is passed through a one-way hashing algorithm that produces a key used to encrypt the Secure enclave's key."[0]

[0] https://blog.greggant.com/posts/2023/04/14/the-security-encl...

Retric  2 days ago

Touch ID isn’t that secure. It’s fine for personal devices, but I wouldn’t trust it alone in a government or cooperate environment.

A ~1:50,000 error rate per finger added sounds fine, but lose a few laptops and have multiple valid fingerprints etc and the odds quickly look significantly worse. Or a janitor could end up trying to log into a significant number of machines etc.