You’re out and about in this… zombie apocalypse, just trying to live your life, you go to unlock your iPhone, but because you’re wearing a mask, Face ID just drops you straight into Passcode, and you’re left frustrated, annoyed, trying to poke out those digits… like an animal. While the world burns.
And no, Apple can’t run to your house and weld Touch ID back on. And that doesn’t even work if you’re wearing gloves anyway. And maybe the next iPhone will address all this, maybe not, but you need some help with this iPhone and you need it now. Now. Now.
Apple has a plan. Is it a good plan? That’s what we’re here to figure out. But it starts with the Apple Watch and iOS 14.5, currently in beta. If you have it — or when you get it — jump into Settings > Face ID & Passcode. Authenticate, go down to Unlock with Apple Watch, and switch it on.
Now, what happens behind the scenes… is a lot. Because, your iPhone has been able to unlock your Apple Watch since the original Apple Watch launched way back in 2015. So, letting your Apple Watch also unlock your iPhone is… complicated. Like a door with keys on both sides. And Apple wants to avoid any possible security issues, exploits or, you know, universe ending space time paradoxes.
That’s why it’s being handled in a very specific, hyper narrow, highly focused context. And that’s unlocking your iPhone and only unlocking your iPhone. Not Apple Pay, because you can already do that directly with your Apple Watch. And not iTunes or App Store purchases, or iCloud Keychain, at least not for now. Just iPhone unlock. Only iPhone unlock. Here’s how it works.
You start off by using Face ID exactly as you normally would. Just… look at your iPhone. But, if you’re wearing a mask and Face ID can’t “see” your nose and mouth — in other words, can’t scan enough of your facial geometry to reliably identify you — instead of immediately failing and demanding you enter your Passcode, the way it did before, it’ll now kick over to your Apple Watch to confirm your identity.
For that to work, obviously, you need an Apple Watch. And a recent one. Series 3 or later, because it also needs to be able to run the latest version of watchOS in order for all this to work. And if that bothers you, if that’s a deal breaker for you, let me know in the comments.
That Apple Watch needs to be paired with the iPhone you’re using and on your wrist with Wrist Detection enabled — which it is the default… but just in case you’ve turned it off at some point. That’s the system that uses the heart rate sensors to keep your Apple Watch unlocked while you’re wearing it but also to lock it immediately when it comes off.
That’s to stop someone else from trying to use your Apple Watch to unlock your phone, but more on that in a minute.
So, you have to be wearing your Apple Watch and it has to have been unlocked, either via your iPhone or because you entered the Watch passcode earlier. Because, if your Watch doesn’t know you’re you, it can’t vouch that you’re you to your iPhone.
Similarly, you have to have used Face ID or your Passcode to successfully unlock your iPhone at least once, recently, as well. That makes sure Face ID is active and ready to rock.
And while this all may sound super-involved, it’s really just to make sure everything is all nice and securely authenticated before enabling this added, extra level of convenience. And, really, all of us are doing all of this every day pretty much all the time now anyway, automatically. I’m just going over all the little details because it’s what I do, and if you’re here for it, do me a solid and hit that subscribe button and bell and help this community grow.
Now, when you want to unlock, your Apple Watch and iPhone have to be in close proximity — Ideally, you’re the one wearing your Watch and trying to unlock your iPhone. But since it’s still in beta, we’ll have to wait and see what the exact range ends up being. Not that most of us are in the habit of leaving our iPhones lying around, unattended, where they might get pilfered anyway.
I’ll get to situations like if you’re sleeping in a second, but… if you’re worried about someone else picking up your iPhone and trying to unlock it using your Apple Watch, the way older, cruder Bluetooth Trusted Object systems worked, well, they’d first have to be wearing a mask to avoid Face ID just falling back to Passcode immediately.
Even then, to prevent pranks or shenanigans, whenever your iPhone unlocks via the Apple Watch, you get a Taptic notification right on your wrist, and a button that immediately lets you re-lock your iPhone if wasn’t you and someone else was trying to get in without your permission. Also, if your iPhone is moved out of Bluetooth range of your Apple Watch within one minute of your iPhone being unlocked by your Apple Watch, your iPhone will re-lock automatically. Just in case.
And if you are worried about a snoopy roommate trying to use your Apple Watch to unlock your iPhone while you’re sleeping, well, the whole unlock with Apple Watch system is automatically disabled if your Apple Watch is in Bedtime mode. And even if it’s not, if your Watch hasn’t detected any movement in the last little while and isn’t reasonably sure you’re awake… or conscious, it’s going to decline to authenticate as well. Again, just in case.
Like I said, this isn’t some crude bluetooth trusted object system. Convenience is absolutely still being balanced against security. There’s just a ton of work going on behind the scenes to make sure that, when you’re out and about with your mask on, and need to use your iPhone, you can just lift it up, look at it — and even with your mask still on — your Apple Watch will authenticate you and unlock your iPhone so you can use it just exactly when you need to.
Now, I do hope that Apple tightens up the range before release. It’s currently about 2 meters and that feels just too broad for me in the context of using my watch to unlock my phone, which should both be in my possession at the time, meaning only a meter or so at most. I’m assuming Apple is using time of flight, like they do for the Apple Watch to Mac unlock, to prevent relay and replay attacks, so it’s possible they can find a sweet spot where your iPhone will never be out of watch range but also unlikely to be out of reach where someone else can nab it.
Ultimately, though, those of you who’ve been here with me for a while know where I’m going to go with this — we need to move from single, reactive authentication to multiple, active authentication. In other words, instead of having to Touch ID, Face ID, or Passcode into our devices every time, like an animal, the devices should be constantly checking every touch of our finger, glance of our face, snippet of our voice, along with gait analysis and trusted objects like an Apple Watch, combined with time, place, and behavior data, and just maintain a trust threshold. If they’re certain we… are us, they should just be unlocked and ready to use. And when they’re not, that when they should challenge for a full scan of our finger or face or passcode.
Rumors of Touch ID returning alongside Face ID in the iPhone 13, and things like Apple Watch unlock make it feel like we’re getting there… just not anywhere near quickly enough.