You can make a difference in the Apple Support Community!
When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.
When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.
I have a MacBook 2019 (with touch ID) and want to set a user to have to scan a fingerprint and enter a password to log-in. Is this a native feature or is there any way to implement this with third party software (preferably open-source)? It would also be nice to be able to have a usb key as a form of authentication if a fingerprint isn't possible.
MacBook Pro 13″, macOS 13.4
I believe there is a method of using third party methods for authentication with an Apple Silicon Mac to log into a macOS user account, but I don't recall what that method is or what it is called.
For Intel Macs, there is no method of using third party authentication methods due to the limitations of EFI firmware.
FYI, when a user configures TouchID to register a fingerprint, they will only need to use the fingerprint to login (they can still use a password too). About once a week, and also after the laptop has been rebooted, then a password will need to be used to log into the Mac even when TouchID fingerprint is configured.
I believe there is a method of using third party methods for authentication with an Apple Silicon Mac to log into a macOS user account, but I don't recall what that method is or what it is called.
For Intel Macs, there is no method of using third party authentication methods due to the limitations of EFI firmware.
FYI, when a user configures TouchID to register a fingerprint, they will only need to use the fingerprint to login (they can still use a password too). About once a week, and also after the laptop has been rebooted, then a password will need to be used to log into the Mac even when TouchID fingerprint is configured.
Any Apple Laptop with a Touch ID Sensor will require a Manual Input of the Computer password under the following Conditions
1 - Start from a Cold Boot ( Off Position )
2 - After and Restart
3 -" If you still have to enter your password: For security, you need to enter your password when you start your Mac. Sometimes you need to enter your password to continue using Touch ID. For example, users must re-enter their password every 48 hours and after five incorrect fingerprint attempts."
Excerpt in point 3 above comes from Use Touch ID on Mac - Apple Support (CA)
Then there is the Third Party way.
Would suggest to verify which Apple Support if this third Party Security Key is Certified as Apple Compatible
https://www.yubico.com/blog/why-we-designed-the-yubikey-the-way-we-did/
Yea so the thing is that when fingerprint authentication is enabled you can still log in with just the password. I would like to harden the security of my MacBook so that access is restricted unless the user enters a password and scan a fingerprint (or plug in a usb key). But it seems like there is no native MFA capabilities at the moment.
As @P. Phillips suggested YubiKey would might work as a 3rd party way to have MFA. This could be the service that you were thinking about.
There are also other products, like SecureID. Some of these use a physical token, and other forms allow a key to be generated from one's iPhone or other type of phone.
There are also other products like government CAC cards.
Here is the thing about these systems. None are perfect and all are affected by bugs. If they have to install something to your system, those can be affected when the MacOS is updated or upgraded.
My employer uses these and they do malfunction sometimes. In which case the user is "locked out" but my employer fixes these problems so I can use my work computer once again. However, if you are doing this on your own, be aware that you may have to be prepared to resolve these problems n your own.
Some of the problems are hardware or software related. Some occur because of issues with the USB devices or readers.
System complexity creates new vulnerabilities. You have to decide if the added security is worth the additional risk in other areas.
AnonymousNA wrote:
You are absolutely right the more complexity a person adds the more new vulnerabilities pop up. It seems worth to me cause a password is very easily brute forced.
Brute Force password of the computer ?
This would require Direct and Physical access to the computer
You could always put a Firmware password to Lock even booting the computer at all.
AnonymousNA wrote:
You are absolutely right the more complexity a person adds the more new vulnerabilities pop up. It seems worth to me cause a password is very easily brute forced.
I don't agree. If you make the password long and complex with different types of characters, it could take more than 100 years to brute force it. And that would require connecting a super computer. You also should make your network password very secure.
If you add too much complexity to accessing your computer, you may find access is lost because one of those complex system failed or was imperfect, or was imperfectly used. Losing access is exactly what you were trying to prevent. Behavior of users represents a much larger threat to computer security than settings or systems on the computer. What companies have found is that as they require more and more complexity to access a network or computer, users take steps to make it easier, such as writing complex steps and passwords down on pieces of paper. Which in turn makes things less secure.
In Ventura go System Settings->Touch ID & Password selection and register your fingerprints!
I'll give Yubikey a try! $50 is quite a bit for a usb key but it's not a subscription so it's not that bad.
You are absolutely right the more complexity a person adds the more new vulnerabilities pop up. It seems worth to me cause a password is very easily brute forced.
Is there multifactor authentication for user logins?
