That's correct, which typically defeats the point of using it since in that case you still have access to Touch ID. The above link works in both scenarios, and can be used as a fallback for pam_tid.
It would be cool if they built it into the touchpad in a future generation. I'm guessing once they can figure out fingerprint through the glass on iPhone they'll do it in the touchpad, too.
I'd have some concerns with this being trigger-able without positive intent to do so if it were in my mouse or trackpad. Having a small interruption can be beneficial for safety.
I've always wondered why they can't just build a fingerprint sensor into a capacitive touchscreen. After all, a fingerprint sensor IS just a really high density capacitive touch sensor right? Or is that not right?
Google gives me no answers and I assumed it was not fundamentally impossible, just that it was two separate companies with two separate production lines making touchscreens and fingerprint sensors so it was hard in practice due to the realities of supply chains.
Many existing fingerprint sensors, like TouchID, were glass, and I wonder why they can't just make it bigger and put an OLED under that glass (even if it was only dense enough for fingerprints at one spot).
Yet here we are, 4 years after the downgrade too FaceID, and still not a single phone in existence with a capacitive fingerprint sensor in the screen.
Maybe that’s better, if you’re using sudo you should probably think a second before you do what you were going to do. I used to enforce the disclaimer coming up every time after I broke a package one too many times.
The fact it is the last key in the first row makes it easy to find by touch without looking at it. Just like regular touch typing, it becomes habitual/muscle memory.
I haven't used a full size keyboard in so long, I had to think about the print reference. I have lost direct placement of Home/Print Screen/End type button locations in my memory. To be more accurate to the keyboard in question, it is a slight extension past the delete key. The only hazard is if you come up short, you might bring up Siri (depending on touchbar mode) which is an even bigger distraction. </pedanticmode>
I'd love for iPhone and Watch to serve as a second-screen touch id for MacOS. Then I can tuck the laptop (or Mini) away, and not have to type passwords into various systems.
I agree using your watch is cool. However I think you lose out on the security aspect, an important element that a fingerprint provides all on the same device.
The watch unlocking mechanism only works if it’s in an unlocked state, i.e. you haven’t taken it off your wrist since the last time you entered your PIN. Somebody would have to double-press the side button on your watch while you were wearing it.
The watch is already used on other parts of the MacOS (anything in System Preferences), I don't think that sudo is much different than allowing kernel extension to run, for example.
Can you clarify what you mean by this? I love the idea of unlocking and running admin stuff with my watch but kinda gave up on the idea because I assumed there would be security implications. After thinking about it a little more, though, I haven't really been able to come up with anything that didn't already require physical access to my machine and some way to authenticate (password or fingerprint). Since you have to authenticate your device to authenticate the watch and it un-authenticates any time it's removed, it seems like you don't lose anything security-wise.
I think it’s not that bad, security wise. Your watch unlocks as soon as it leaves your wrist, and the unlock handshake uses the BT hardware to figure out how close your watch is.
I think this isn’t a great UX for other reasons I posted on this discussion. But the security is acceptable to me.
[0] https://github.com/insidegui/pam-watchid