This is great. I see many times "security advice" against biometrics replacing password unlock, but most of the time I am more worried about getting recorded by somebody/something while typing a password in the open than anything else. This makes it better for those other cases.
Great idea and implementation! If you are hesitant to install this for any reason, you can accomplish the same thing with this one liner:<p><pre><code> sudo bioutil -ws -u 0; sleep 1; sudo bioutil -ws -u 1
</code></pre>
Edit: here's a shortcut to run the above and then lock your screen. You can give it a global keyboard shortcut in the Shortcuts app.
<a href="https://www.icloud.com/shortcuts/9362945d839140dbbf987e5bce9e1aad" rel="nofollow">https://www.icloud.com/shortcuts/9362945d839140dbbf987e5bce9...</a>
Neat idea.<p>I remember way back in the day, there was some question as to the legality of compelled unlocking of devices; IIRC, it’s been deemed legal to compel a fingerprint, but illegal (under the first amendment?) to compel entry of a password—IIRC, as long as that password hasn’t been written down anywhere.<p>I gather this is written to that end primarily? Or is there some other goal as well?
I wrote this after the case of a Washington Post reporter, Hannah Natanson, was compelled to unlock her computer with her fingerprint. This resulted in access to her Desktop Signal on her computer, revealing sources and their conversations.<p><a href="https://www.yahoo.com/news/articles/washington-post-raid-proves-face-153402560.html" rel="nofollow">https://www.yahoo.com/news/articles/washington-post-raid-pro...</a><p>Edit: I've a lot more details about the legality and precedence on the apps landing page <a href="https://paniclock.github.io/" rel="nofollow">https://paniclock.github.io/</a>
The website has some more info on the biometric vs. password debate and legal situation:<p><a href="https://paniclock.github.io/" rel="nofollow">https://paniclock.github.io/</a>
What's the rationale? It should be described in the README.md IMO
That's good feedback. I just added it to the readme:<p>> "PanicLock fills a gap macOS leaves open: there is no built-in way to instantly disable Touch ID if it matters. Biometrics are convenient day-to-day, but US courts have ruled that law enforcement can compel a fingerprint or face unlock without violating the Fifth Amendment, a protection passwords still carry. PanicLock gives you a one-click or hotkey panic button from the menu bar that immediately disables Touch ID and locks your screen, restoring password-only protection without killing your session or shutting down."<p>I've more details on the apps landing page - paniclock.github.io
A person might use it to stop someone getting into your computer through certain types of physical coercion, forcing your finger to the reader, or (much less likely but I’m sure security services know how) a copy of your fingerprint.<p>But it isn’t a why, it is a what. That what is a tool that lets you quickly disable Touch ID for whatever reason you want to.
Honestly I’m surprised this wasn’t already a feature in macOS. Thank you for coding it and publishing as open-source!
The 2026 version of "Boss Key".
PSA to iOS users: if you tap the lock button 5x it forces password-only unlocking. Useful at protests or any precarious situations with law enforcement.
This still leaves your device in an AFU (after first unlock) state, with user data decrypted, and should not be treated as secure.<p>The only thing you can do (to protect your data from forensics, etc) is to return it to BFU by shutting it off.
Bringing up the shutdown screen (hold lock and either volume button) will also do it.
On GrapheneOS (and maybe android generic?) this calls the emergency number, I just found out (with a 5 second timer to cancel this luckily)