Knock to Unlock replaces passwords. A good way to secure your Mac?

A new iOS and Mac app aims to replace the password you (hopefully) have springing up whenever you leave your computer unattended for a while.

Check out the promotional video for "Knock to Unlock", featuring a bearded hipster, to see it in action.

At first you think it's a magic trick, until you realise that the hoopy frood is knocking twice on an iPhone in his trouser pocket, which is telling the smartphone to send a message to the locked MacBook to unlock itself.

It's not an entirely novel idea. After all, there have been products in the past which have locked or unlocked your desktop computer depending on your proximity, again typically determining if your Bluetooth-enabled iPhone is close. But what makes this one different is the "knock-knock" to unlock.

Here is the promotional blurb for Knock to Unlock:

Faster and safer than typing a password, for iOS and Mac.

You keep your iPhone with you all the time. Now you can use it as a password. You never have to open the app — just knock on your phone twice, even when it's in your pocket, and you're in.

Using Knock won't drain your iPhone's battery, even if you use it all day every day. Knock securely communicates with your Mac using Bluetooth Low Energy, a new technology that draws very little power.

In its FAQ, Knock to Unlock attempts to answer the big elephant in the room - is this secure?

Is Knock secure?

Yes, absolutely. Knock doesn't replace your password, and Knock doesn't modify or replace any of your Mac's built in security features. Knock automatically enters your password via a secure, encrypted connection when you knock on your iPhone.

Well, I haven't tested Knock to Unlock so I don't know how secure it's communication with your desktop or laptop computer might be - but I have a more fundamental concern:

HipsterWhy does anyone need this?

Sure - it's perhaps a neat party trick to impress your friends and colleagues. But what was so difficult about typing a password in the first place? If you don't need it, why introduce another potential point of weakness?

If you lock your MacBook, and leave your phone at your desk while you go to the loo (please don't tell me you're playing Candy Crush in the rest room), then anyone could pick up your iPhone, knock twice, and have instant access to your computer.

Introducing your phone as an additional way to gain access to your computer feels unnecessary to me, and - sorry to be a party pooper - another potential security weakness. Remember - who you want to prevent accessing your computer may not just be a hacker. It could be a business colleague, your kids, your spouse even... All of whom might find it easy to gain temporary access to your mobile phone.

I'm also not a huge fan of having Bluetooth permanently enabled on both devices.

Of course, whether you use Knock to Unlock or not, you should probably never walk away and leave your computer unattended in a public place. Ensure that you have a strong password in place, and use full disk encryption so if you do ever have your computer stolen the thieves will have a hard time attempting to extract any sensitive data off it.

What do you think? Take the poll below and have your say.

Tags: , , , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , , , ,

No comments yet.

Leave a Reply