MacID iOS app: Securely access OS X with multi-factor authentication

Jesus Vigo

Updated April 10, 2015 at 2:13 PM

In a recent article covering Sesame, a multi-factor authentication product, several readers responded with a request for more articles with a security focus. Sesame is just one great example of how a relatively small, lightweight product can enhance security beyond the traditional username/password combo. There are several other products on the market that provide a variation in enhancing the security of desktop access using hardware that many users will undoubtedly already possess: an iOS-based device.

Comparing one app to another would be akin to recommending a firewall over an IPS--both provide similar functions--however, they're implemented in different fashions and often seen as complimentary to each other. In this particular article, we'll take a closer look at the iOS app called MacID from Kane Cheshire.

MacID is an app for iOS/OS X that costs $3.99 (USD), and it functions as a replacement for the password combination used to access a modern Apple computer. Its strength lays in utilizing a piece of hardware as a trusted device that allows the end user to login to his/her computer by invoking the software on the iOS-based device and utilizing that trusted device plus the pin code, gestures, or fingerprint via Touch ID.

The iOS app works in conjunction with a parent app on OS X. Both devices communicate using Bluetooth 4.0's LE (Low Energy) standard, which in turn ensures that both end-points sip rather than gulp power while also encrypting bi-directional communication using AES-256. According to the developer's website, it never exposes information sent/received to the internet, which is a plus for users concerned with privacy.

Before reviewing the setup of MacID, let's first take a look at the requirements on both the OS X and iOS side of the app:

iOS: iPhone 4S or later, iPad (4th Gen or later), iPod Touch (5th Gen or later) running iOS 8+
OS X: MacBook Air 2011 or later, MacBook Pro 2012 or later, iMac 2012 or later, Mac Mini 2011 or later, Mac Pro 2013 or later running 10.10+ Yosemite
Bluetooth LE
MacID iOS app
MacID OS X app

Installation for both the iOS and OS X apps are pretty straightforward, yet configuration will require a few additional steps to customize it for your specific environment or to be in compliance with network security policies.

On the iOS device, install and then launch the app (Figure A)
Figure A
Figure A
On the OS X device, copy the app to the Applications folder and launch it.
On OS X, the app will scan for iOS devices and list the names of the devices it finds. Select the desired device, and click the Continue button to proceed (Figure B).
Figure B
Figure B
When prompted, enter the password to the user account on your Mac, enter it again to confirm the password, and click Finish to complete the trusted device configuration (Figure C).
Figure C
Figure C
On iOS, the name of the OS X computer should now appear as a trusted device in the connected devices list. Both iOS and OS X have now been configured as trusted devices (Figure D).
Figure D
Figure D
To lock down specific settings, access the MacID settings by clicking the icon in the menu bar. The trusted device (iOS) should appear on the top as a connected device. To test out the base settings, click Lock Screen from the drop-down menu. The computer will lock, and a prompt will appear on the iOS device that allows you to unlock the device by using Touch ID. If the device does not support Touch ID, then it will default to the pin code instead (Figure E).
Figure E
Figure E
The first setting to configure is Auto-lock when away from Mac. This includes a section for setting the sensitivity and notification to the iOS device when the device becomes locked. Medium is the recommended level for most users. It also provides an auto-lock when the iOS device is moved approx. 35ft. away from the Mac (Figure F).
Figure F
Figure F
Next, Proximity wake allows the Mac to be unlocked when the device is back within range when enabled (Figure G).
Figure G
Figure G
Tap to unlock is the next setting, which requires a bit more hands-on set up (Figure H).
Figure H
Figure H

This feature is aimed at computers that have a trackpad, which when configured, will allow the end user to tap their fingers on the trackpad to create a gesture-like pattern to unlock their Mac (Figure I).
Figure I
Figure I
Once a pattern is created and saved to the app, selecting the Tap to unlock setting again will yield two other settings: Taps visible on lock screen and Only unlock when iOS device is connected. These two settings extend security further by enabling a true, multi-factor authentication experience and should not be overlooked (Figure J).
Figure J
Figure J
Once the OS X settings have been configured to your satisfaction, it's recommended to test out the settings by locking and unlocking the Mac with your iOS device and testing out the notifications as well (Figure K).
Figure K
Figure K
Lastly, tapping on the Settings button on the iOS app will reveal a few settings that may be tweaked to further enhance the usability of the MacID (Figure L).
Figure L
Figure L

In real-world testing, I found MacID to be a solid performer, not missing a beat in the locking or unlocking phase. As with any app though, there are a few key points--both good and not--that were encountered that may (or may not) be a deal breaker for utilization in the enterprise.

The good

The app has incredible accuracy, easily handling locks/unlocks with ease each time
Lightweight, easy to use for all users, regardless of skill level
Low battery consumption, thanks to Bluetooth LE
AES-256 data encryption in both directions
Privacy is secured as neither app communicates via internet
Low price point for app implementation per device
Password may still be used as a backup in the event that the iOS device is lost, stolen, or powers off
Notifications for iOS inform end users when their Mac has been locked and unlocked

Needs work

Sensitivity levels, even on low, still require iOS device to be moved 20+ ft. from Mac to auto-lock (not ideal for smaller offices/businesses)
Not a true multi-factor authentication solution by default, as it serves more as a replacement for having to manually enter a password instead of performing a secondary check prior to allowing access
Enterprise rollout could prove difficult without the ability to configure settings remotely or via .mobileconfig XML file
Requires modern Mac computer and iOS device to implement/use (older devices using a prior Bluetooth spec are not supported)

Awesome feature(s)

Touch ID stores encrypted OS X password in secure enclave so the password is never exposed, even if the iOS device is lost or stolen
Setting up Tap to unlock enables two-factor authentication when gesture and only unlock when iOS device is connected are used
Use of MacID allows for end users to set a password utilizing a greater key space, since the user would not be required to remember it, instead defaulting to using the iOS device to handle locking/unlocking (this greatly enhances security and will likely curb shoulder surfing or brute force methods of password retrieval)

What tools do you use to securely connect iOS to OS X? Share your experience in the discussion thread below.

Also see

Yahoo Sports
Caitlin Clark catches fire from 3 in WNBA preseason; Arike Ogunbowale's late heroics send Wings past Fever
Caitlin Clark’s WNBA preseason debut went much like her senior year at Iowa. She hit a bunch of 3s and did so in front of a sold-out crowd.
Yahoo Sports
NFL Power Rankings, draft edition: Did Patriots fix their offensive issues?
Which teams did the best in the NFL Draft?
Yahoo Sports
2024 NFL Draft grades: Denver Broncos earn one of our lowest grades mostly due to one pick
Yahoo Sports' Charles McDonald breaks down the Broncos' 2024 draft.
Yahoo Sports
NBA playoffs: Predictions for each second-round series and Game 7 of Cavaliers-Magic
Our NBA staff makes its picks for Knicks-Pacers and every second-round series, plus the only Game 7 of the first round.
Yahoo Sports
Formula 1: Miami Grand Prix sends cease and desist letter to prevent Donald Trump fundraiser during race
Race organizers say they'll revoke a Trump fundraiser's suite license if he holds an event for the former president on Sunday at the race.
Yahoo Finance
Warren Buffett pays tribute to Charlie Munger on a 'tough day' for shareholders
This year’s Berkshire Hathaway annual shareholder meeting marked a new era for the Oracle of Omaha, Warren Buffett. It’s the investing legend’s first without his right-hand man, Charlie Munger.
Yahoo Sports
New details emerge in alleged gambling ring behind Shohei Ohtani-Ippei Mizuhara scandal
It turns out the money was going from Ohtani's bank account to an illegal bookie to ... casinos.
Yahoo Sports
The best RBs for 2024 fantasy football according to our analysts
The Yahoo Fantasy football analysts reveal their first running back rankings for the 2024 NFL season.
Yahoo Sports
NFL Draft grades for all 32 teams | Zero Blitz
Jason Fitz and Frank Schwab join forces to recap the draft in the best way they know how: letter grades! Fitz and Frank discuss all 32 teams division by division as they give a snapshot of how fans should be feeling heading into the 2024 season. The duo have key debates on the Dallas Cowboys, New York Giants, New Orleans Saints, Los Angeles Rams, New England Patriots, Las Vegas Raiders and more.
Yahoo Sports
How to watch the 2024 WNBA preseason tonight: Caitlin Clark’s next Indiana Fever game time, channel and more
The WNBA preseason tips off this Friday. Here's how you can catch Caitlin Clark's first game.
Yahoo Sports
Lakers fire head coach Darvin Ham after just 2 seasons, latest playoff series loss to Nuggets
Despite a trip to the Western Conference finals in his first season with the team, the Lakers are now ready to look for a replacement for Darvin Ham.
Yahoo Finance
CVS stock plunges after earnings numbers one analyst 'did not even believe'
CVS warns it could cede Medicare Advantage market share as reimbursement rates pressure the company.
Yahoo Life Shopping
Does castor oil really help with hair growth? We asked the experts, and their answer may surprise you
It's inexpensive, but is it effective? Dermatologists' verdict is in — and it's unanimous.
TechCrunch
Acura’s new all-electric SUV proves the most expensive model isn’t always the best
The first electric vehicle I ever drove was a Tesla Roadster in 2011. It was with great anticipation that I slid behind the wheel of the 2025 Acura ZDX Type S. Sure, it's a midsize SUV, but it wears the Type S moniker, a name reserved only for the most fun-to-drive in the Acura stable. On launch, the ZDX will be available in A-Spec and Type S trims -- both of which come equipped with a 102 kWh battery.
Yahoo Sports
Diana Taurasi’s trash-talking, in-your-face ways may be a bit of a shock to new WNBA fans
Caitlin Clark fans beware: You never know what the 20-year veteran might say … or do.
Yahoo Sports
Tight end rankings for 2024 fantasy football 2024
The Yahoo Fantasy football analysts reveal their first tight end rankings for the 2024 NFL season.
Yahoo Sports
Wide receiver rankings for fantasy football 2024
The Yahoo Fantasy football analysts reveal their first wide receiver rankings for the 2024 NFL season.
Yahoo Sports
NBA playoffs: Bucks G Patrick Beverley chucks ball at multiple Pacers fans amid elimination
PatBev made the Bucks' playoff exit even uglier.
Yahoo Sports
NBA playoffs: Kyrie Irving takes over to lead Mavericks past Clippers into 2nd-round matchup vs. Thunder
A tepid Clippers offense had no answer for Irving and Luka Dončić in an elimination game.
Yahoo News
2nd Boeing whistleblower found dead. Here's a timeline of the company's mounting problems.
This is the second Boeing whistleblower to die in the last two months.

News

Life

Entertainment

Finance

Sports

New on Yahoo

MacID iOS app: Securely access OS X with multi-factor authentication

The good

Needs work

Awesome feature(s)

Also see

Recommended Stories

Caitlin Clark catches fire from 3 in WNBA preseason; Arike Ogunbowale's late heroics send Wings past Fever

NFL Power Rankings, draft edition: Did Patriots fix their offensive issues?

2024 NFL Draft grades: Denver Broncos earn one of our lowest grades mostly due to one pick

NBA playoffs: Predictions for each second-round series and Game 7 of Cavaliers-Magic

Formula 1: Miami Grand Prix sends cease and desist letter to prevent Donald Trump fundraiser during race

Warren Buffett pays tribute to Charlie Munger on a 'tough day' for shareholders

New details emerge in alleged gambling ring behind Shohei Ohtani-Ippei Mizuhara scandal

The best RBs for 2024 fantasy football according to our analysts

NFL Draft grades for all 32 teams | Zero Blitz

How to watch the 2024 WNBA preseason tonight: Caitlin Clark’s next Indiana Fever game time, channel and more

Lakers fire head coach Darvin Ham after just 2 seasons, latest playoff series loss to Nuggets

CVS stock plunges after earnings numbers one analyst 'did not even believe'

Does castor oil really help with hair growth? We asked the experts, and their answer may surprise you

Acura’s new all-electric SUV proves the most expensive model isn’t always the best

Diana Taurasi’s trash-talking, in-your-face ways may be a bit of a shock to new WNBA fans

Tight end rankings for 2024 fantasy football 2024

Wide receiver rankings for fantasy football 2024

NBA playoffs: Bucks G Patrick Beverley chucks ball at multiple Pacers fans amid elimination

NBA playoffs: Kyrie Irving takes over to lead Mavericks past Clippers into 2nd-round matchup vs. Thunder

2nd Boeing whistleblower found dead. Here's a timeline of the company's mounting problems.