macOS: Password Utility unlocks FileVault and makes sudo biometric-capable
Remote Macs restarting and becoming uncontrollable, forced password entry instead of Touch ID, and more: A new tool is intended to help with this.
Password Utility in use: Apple should have gotten this right.
(Image: Twocanoes)
Users of macOS know the problem: Not all authentication dialogs in the system use convenient user recognition via fingerprint – even though it is more secure than the often annoying password entry. The biometric function Touch ID is, for example, deactivated for sudo commands; the same applies to the first login / FileVault decryption during system or restart, access to the keychain, storing configuration profiles, or creating new users. The developers of Twocanoes, a software provider specializing in Mac admin tools, have now introduced Password Utility, a new tool that brings capabilities that simplify the handling of macOS authentication processes.
Working without a local password
The app allows you to work completely without a local password by saving the system password and inserting it into corresponding dialogs after biometric confirmation via Touch ID, which normally do not allow this. The app can also “refresh” Touch ID, meaning it ensures that the regular authentication methods that use biometrics by default do not fall under the 48-hour timeout. Furthermore, the app allows FileVault Macs to be decrypted without SSH activation and to be remotely controllable (again).
Videos by heise
Password Utility is activated via a shortcut. After that, the Touch ID dialog appears, with which the password can then be inserted. Further functions include displaying the Secure Token status, including volume ownership, as well as the option to allow login without a password: FIDO2 sticks, including PIN entry, are supported.
Software is not open source
Password Utility can be easily distributed to local Macs via MDM. However, a major reservation remains: those who use the app must rely on Twocanoes having worked correctly and that the app itself does not create new security vulnerabilities. Since it is not open source, this cannot be controlled from the outside, and an independent audit has not yet taken place.
The app costs 10 US dollars plus sales tax per machine per year. It is to be hoped that Apple will be inspired by Password Utility; the functions would be much better suited to macOS itself. For example, users should be able to decide whether biometrics becomes the default unlock method or not. Currently, there is always a fallback to the password. On iOS, this is already different as part of the anti-theft function.
Empfohlener redaktioneller Inhalt
Mit Ihrer Zustimmung wird hier ein externer Preisvergleich (heise Preisvergleich) geladen.
Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (heise Preisvergleich) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.
(bsc)
