It doesn't actually unlock your machine. If you lock your computer it will not work. What it does is put up a page that looks nearly identical to the login page with small changes. It's a cool app (I tried it) but I'm disappointed that I can't find a way to toggle the lock via Alfred/Keyboard shortcut.
I can get in the habit of hitting a key combination/alfred command when I get up but having to click the icon in the menu bar will get annoying.
Indeed. I'm thinking this is less and less secure with every word I hear about it. Here I was imagining it used overlay effects from a system process and some kind of Kerberos certificates or other mechanism to convince the computer to login for real. A fake password screen... sigh. Sounds like the next virus.
I completely agree, I'm actually really annoyed because I paid $4 for something that I wouldn't have paid $0.99 for if I knew this is what they were doing. Now $4 isn't going to break the bank but still I thinks it's misleading not to point that out.
I locked with Ctrl-Shift-Power and was able to unlock with my phone. Does Knock use this shortcut to lock with its own lockscreen, or is it using the real lockscreen? I'm not sure.
I just tried this and yes I see the Knock login screen. There is a possibility that I am wrong but I have seen apps that do this sort of thing before and they can't lock using the system lock because there is no way for an app to unlock the system lock. I would guess that Knock just hooks that hotkey combo and shows their screen (Which again, is just a fullscreen app at it's core). I have never locked using that hotkey combo before so I'm not sure. I always use Alfred to lock.
That sounds right. OSX definitely encrypts your keys in memory while sleeping, to further prevent DMA attacks. So this would be tough to do without a kernel extension.
Another major caveat: locking your screen this way is a security risk if you are running FileVault. When OSX puts the computer to sleep and FileVault is enabled, DMA is automatically disabled until the screen is unlocked. If you use this app to lock your screen you will be removing the DMA prevention.
I would also be willing to bet there are other security concerns, as the iphone has taught us - lock screens can be hard :) be careful guys!
I'm not sure I understand what you are saying or maybe you didn't understand me. I am saying the it doesn't use the built-in locking mechanism but instead it's own "screen lock" that looks similar.
Out of curiosity, how can you tell it's not the built-in locking mechanism? The lock screen looks the same, except for the glow around the avatar to me. It even shows the alerts in the top right corner. The screen locks in the same fashion as normal (using the hotkeys, waiting for it to time out, etc), too.
What am I missing that makes you think it's not the built-in locking mechanism?
I'm not 100% sure but all signs point to this being the case. I have used multiple Bluetooth unlock proximity apps in the past and they all do the same thing. They throw up their own lockscreens in place of the real one. I am fairly certain that, as mentioned in this same comment "family", that this lockscreen is less secure than the system lockscreen. There was speculation that this might not engage all the security mechanisms like disk encryption. If I were one of the developers of this app I would be first in line to tell my visitors/customers that my product didn't compromise at all on security. Unfortunately, I don't recall any such claim on their site (if I'm wrong please let me know, I'm on my phone).
Hmm, that is interesting. I still would like an addressing some of the other very valid concerns here that certain safeguards might not be engaged but if this is true then this is really cool. From elsewhere in this thread there are people saying it doesn't work with certain full-disk encryption setups but that's to be expected I guess. I have it installed, if not always running, and it is a cool app and from what they have said they have planned I will be following it. Thanks for the update!
Oh, also, I see now that I have a very unclear typo. I am able to unlock my computer using Knock after using the system hot key commands to lock the screen.
I noticed it hijacks the wake up when I put my computer to sleep, which is available with a key command (either command-option-power or command-option-eject depending on your keyboard) and using the energy saver system preference panel you can configure it to automatically lock after x amount of time.
If you turn on drive encryption and then add a "bios" password in the firmware to prevent recovery, that's about as protected as things get on Mac.
Which means until your hard drive is decrypted it's still protected and this app won't work.
In my case, this app won't work even when the computer goes to sleep. Why? I've set mine to re-encrypt on sleep, so it prompts me for the password -- to unencrypt -- every time.
I'm not adding this until Apple can use this as a second factor for the encryption -- or as a way to select a profile and load user data from the phone.
