You’ve been able to unlock your Mac with your Apple Watch for some time now. If your Mac is asleep, and you wake it up, if you’ve activated this feature, the Mac confirms your identity via your Apple Watch and wakes up.
This is an interesting chain of identification. It requires that you have two-factor authentication turned on for your Apple ID, and having authenticated on your iPhone by entering your passcode, your Apple Watch then inherits this authentication (or you can authenticate on the Apple Watch by entering its passcode), and the Mac then accepts this as proof that the watch belongs to you.
To activate this feature, go to System Preferences > Security & Privacy > General and check Use your Apple Watch to unlock apps and your Mac.
This allows you to wake up your Mac, and approve certain secure actions in macOS. For example, if you want to access a secure preference pane – one that shows a padlock at the bottom left of the window – click the padlock then authenticate on your watch by pressing the side button twice (this is the same gesture you use to authenticate for Apple Pay).
Another action where you can use your Apple Watch to authenticate is if you want to delete files in certain folders. For example, to delete an app downloaded via the Mac App Store, you need to authenticate:
If you have a Mac with Touch ID, the Mac defaults to using that option for authentication, but if you have an iMac, which doesn’t offer Touch ID, this can make it a lot easier to perform secure tasks.
Note that this feature is only available to recent Macs, ones that support Continuity and Handoff, not all recent Macs can perform all of these operations. See this Apple support document for more information.
Is there a list of which systems support this? I presume it’s partly the bluetooth support, but my old pre-retina MacBook Pro 2012 does have BT 4 and supports most of the handoff stuff – I can answer and make calls on my Mac using my iPhone etc, but I don’t get the watch option on my Security prefs pane.
Here: https://support.apple.com/en-gb/HT206995
Seems not all Macs get the ‘authenticate’ option.
I have been using my Watch to unlock my Mac Pro and MacBook Pro for about a year, but the option in Sys Prefs is only to ‘Unlock the Mac’ and not ‘unlock the Mac and apps’ (or words to that effect). I suspect it might only be available for latest the Macs with the security chip.
Whatever the reason, not all Macs get both options.
See my link to an Apple Support document above.
Would you mind please commenting on the security of your mac’s contents if both your mac and watch are stolen.
If someone got both your phone and your watch, and knew the passcodes, and your Mac hadn’t been shut down, they could get into your Mac. But you have to enter your password when it restarts.
Thanks, I missed the phone needing to be nearby the watch. So I almost never shut down my mac – i have it go to sleep and require the password for access. I looks like you are saying that if all three are stolen the security effectively degenerates to knowing the passcode of the phone – is that right? At that point they have full access to my mac provided they don’t initiate a restart. If you have setup the 2fa between the phone and watch already, do you still need to enter the passcode into the phone? I’m trying to definitively know that if all three were stolen if there is a valid period of time where the mac can be fully accessed by a bog-simple double click on the watch or some other pathological situation you could come up with).
This is a bit complex. Let’s say that your MacBook Pro is asleep, and someone has stolen it, your iPhone, and your watch. Having the passcode for the iPhone will allow someone to authenticate the watch, if the setting to allow the iPhone to do so is set. (In the Watch app, Passcode > Unlock with iPhone.) So you’d have to put the watch on, unlock the phone, then that should allow you to wake up a sleeping Mac. This said, if you know that all three have been stolen, go to the Find My app on another device, or on iCloud, and shut them down so they can’t be accessed.
Sorry, I can see with each answer that I haven’t framed my question clearly enough. If I already have granted my watch access via the phone and then all 3 are stolen, am I vulnerable to the catastrophic security risk I speak of. I haven’t also mentioned that my mac is encrypted but I wanted that aspect off the table to keep the discussion more generic. In short, can you come up with a doomsday scenario of pre-existing device setups that leave my mac exposed until I realize what’s happened and can do something about it. Sorry for being so persistent.
When you take your watch off, when you put it back on, you need to authenticate, either by tapping its passcode, or by unlocking your iPhone, if you have the setting I mentioned turned on. So there is always something that needs authentication in this situation.