Knock to Unlock replaces passwords. A good way to secure your Mac?

Graham Cluley

A new iOS and Mac app aims to replace the password you (hopefully) have springing up whenever you leave your computer unattended for a while.

Check out the promotional video for “Knock to Unlock”, featuring a bearded hipster, to see it in action.

At first you think it’s a magic trick, until you realise that the hoopy frood is knocking twice on an iPhone in his trouser pocket, which is telling the smartphone to send a message to the locked MacBook to unlock itself.

It’s not an entirely novel idea. After all, there have been products in the past which have locked or unlocked your desktop computer depending on your proximity, again typically determining if your Bluetooth-enabled iPhone is close. But what makes this one different is the “knock-knock” to unlock.

Here is the promotional blurb for Knock to Unlock:

Faster and safer than typing a password, for iOS and Mac.

You keep your iPhone with you all the time. Now you can use it as a password. You never have to open the app — just knock on your phone twice, even when it’s in your pocket, and you’re in.

Using Knock won’t drain your iPhone’s battery, even if you use it all day every day. Knock securely communicates with your Mac using Bluetooth Low Energy, a new technology that draws very little power.

In its FAQ, Knock to Unlock attempts to answer the big elephant in the room – is this secure?

Is Knock secure?

Yes, absolutely. Knock doesn’t replace your password, and Knock doesn’t modify or replace any of your Mac’s built in security features. Knock automatically enters your password via a secure, encrypted connection when you knock on your iPhone.

Well, I haven’t tested Knock to Unlock so I don’t know how secure it’s communication with your desktop or laptop computer might be – but I have a more fundamental concern:

HipsterWhy does anyone need this?

Sure – it’s perhaps a neat party trick to impress your friends and colleagues. But what was so difficult about typing a password in the first place? If you don’t need it, why introduce another potential point of weakness?

If you lock your MacBook, and leave your phone at your desk while you go to the loo (please don’t tell me you’re playing Candy Crush in the rest room), then anyone could pick up your iPhone, knock twice, and have instant access to your computer.

Introducing your phone as an additional way to gain access to your computer feels unnecessary to me, and – sorry to be a party pooper – another potential security weakness. Remember – who you want to prevent accessing your computer may not just be a hacker. It could be a business colleague, your kids, your spouse even… All of whom might find it easy to gain temporary access to your mobile phone.

I’m also not a huge fan of having Bluetooth permanently enabled on both devices.

Of course, whether you use Knock to Unlock or not, you should probably never walk away and leave your computer unattended in a public place. Ensure that you have a strong password in place, and use full disk encryption so if you do ever have your computer stolen the thieves will have a hard time attempting to extract any sensitive data off it.

What do you think? Take the poll below and have your say.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET EMAIL UPDATES