Yubico Forum

Hi,

I'm new to yubikeys and have been playing with various features, as well as adding it to whatever online accounts support it (Precious few, so far. Hopefully Fido U2F support will be supported by more browsers/online services soon. The fewer 6-digit passcodes I have to enter the better.). I was able to get the yubico pam auth working flawlessly for login and screensaver unlock on my personal machine, a 2011 macbook air running the latest version of Sierra.

In attempting to mirror that configuration on my work machine, an early 2015 macbook air, I've run into a stumbling block.

My older machine doesn't support unlocking with the Apple Watch, so it isn't enabled. That feature is enabled on my work machine, so I figured adding the yubikey would add an additional layer of security, without compromising the incredible convenience of not having to type a password to unlock my machine. It seems however to have no effect. If I enable the screensaver lock w/ yubico pam auth in challenge-response mode, the absence or presence of my yubikey is simply ignored when the Apple watch is present and the machine unlocks either way. If I remove the watch, it works as expected and both the yubikey and my login password are required.

Is there a way to configure it to require the yubikey when unlocking with the Apple Watch? Neither Google or a search of the forums here turned up anything...

--Trevor

I had the same question. It would be ideal if my apple watch could unlock my mac but only if my yubikey was present.

I'm suprised no one else has responded to your question yet... Surely there must be some overlap in the people who would want to use a yubikey for log in and also have an apple watch.