MacID and Apple Watch Update

I know, its been awhile. Teaching in addition to my day job seems to have robbed me of blogging bandwidth.

First, I want to brag on a pretty nifty use case for the Apple Watch (and iPhone, obviously) MacID. This is an extension of TouchID for authenticating with OS X based systems.

There have been some other tools in this space, but by far this is the most elegant. You can unlock your OS X based system (Yosemite and higher, I believe) either from your iPhone or Apple Watch. Additionally, privilege elevation is handled nicely by the app. That alone is a nice addition vs. normal unlock apps.

My only real complaint about the app is consistent with other unlock apps: bluetooth flakiness. Sometimes the app just decides it isn’t connected to the Mac and requires that I reopen the app on my iphone to get them on speaking terms again. Otherwise, its a great product.

Second, an update on my Apple Watch experience. Overall, I still love it. Its a great extension of my iPhone and works very nicely as a fitness wearable. I have been using Apple Pay on the watch pretty regularly and that has been a really enjoyable experience.

One notable application that I want to call out is MyBivy (short for bivouac, you’ll get why in a moment). This clever kid at HackDC unveiled a wearable app that could potentially help people with PTSD and/or night terrors using haptic feedback in response to certain conditions that the watch could track, like elevated heart rate and sudden movements. To be clear, right now its only available on Pebble, but they are looking to port it to Apple Watch as well. I just think its a brilliant concept and hope it has the success that is so needed for people suffering from PTSD and night terrors. They have a kickstarter project if you’re interested in contributing.

The Watch OS2 release was mostly a success, with one glaring issue. After upgrading, my calendar events wouldn’t show up on the watch. I opened a ticket with Apple and it was resolved within a few days. I suspect it had something to do with the fact that my iPhone is managed by MobileIron, but I don’t know that for certain. I’ve communicated with a few people on twitter about it and some were resolved and some are still outstanding. The calendar is one of my favorite features because it keeps my phone in my pocket and keeps me on track during busier days.

Finally, a minor note on battery life. Most days, the watch performs like a champ, with me dropping it in the charger at 50-60% battery remaining. However, and this only started post OS2, I have had a fair number of days in the past month where the battery life just heads south quickly. Today I was at 1% before 4pm. My unconfirmed suspicion is there is likely a rogue process chewing it up, but I don’t use a ton of apps on the device, so its hard to pin down. Needless to say, I’m buying a charger to keep in my bag for the odd time that this happens. To be clear, in general the watch performs well on battery life. I think I may start tracking this, though, just to see if I can identify a pattern. Perhaps I should build a battery tracking app, hah.

I’ve been jotting a few thoughts down regarding the identity implications of the EU Safe Harbor decision, but not sure if I feel qualified to comment overall. We’ll see if research can help me out on that. Cheers.

Nymi Band – Loads of Potential

When this video first launched, the identity geek in me had a nerdgasm. The idea of continuous, contextual, biometric authentication in a low profile wearable has undeniable appeal. in a world in which users routinely have to navigate countless sets of credentials as part of their daily lives, could this really be ‘one band to rule them all’? Ok, after the eyeroll for the pun, the potential is extreme for this device to be a game changer.

Realizing the potential is always the struggle, and Nymi has experienced that like most startups. They’ve pivoted from consumer to enterprise use cases recently, and I think that will serve them well.

Anyway, the emphasis of this post is on my experience with the developer version of the band to date.  Thus far, it has been positive, but not without some bumps. Being that the band still isn’t RTM for public consumption, that’s almost expected.


I didn’t take photos or do a silly youtube of this, but Nymi clearly took notes from Apple on the unboxing experience and meticulous design. You can see the package near the end of the video above. The package was elegant and very well presented. I think that experience is a little underrated when we’re talking new technology. They did a very nice job here, even for a dev kit experience.

The Windows Experience

I hate to start with the bad, but this is how it was experienced when I first received the band late last year. Part of the dev kit comes with a usb bluetooth adapter. This is understandable, because not all devices support Bluetooth 4/BLE, windows especially. So now the band and related software is at the mercy of the Windows API’s.

The first test was on my corp laptop, a Lenovo T400 Thinkpad running Windows 7. The software installation required a separate install for the bluetooth hardware, but that’s expected. The companion software (required to enroll/identify you, bio-metrically) installed successfully and I was able to enroll my band pretty easily. The key here is to just ‘be still’ and let it read your ECG for about 90 seconds. I did get a few false rejections initially, but the software easily allows you to ‘condition’ your profile by doing more reads. Eventually, the FRR (false rejection rate) diminished considerably. This did raise a question: will consumers be this patient?

The 2nd piece is the unlock software. In effect, this is what you install to get the OS to recognize the device as a means of authentication. The windows implementation (compared to OS X, more on that in a moment) is a little clumsier, because the ‘login’ is presented as a secondary user from your primary login. I don’t really blame Nymi for this, because I believe some of this is a limitation of Windows Authentication API unless you implement this as part of the GINA (Graphical Identification and Authentication library). Especially for enterprise use cases, this might raise a CIO’s blood pressure (pardon the pun). If your PC stays persistently on, the unlock works pretty consistently (64-bit windows only, for now).

The challenge comes in for windows systems coming out of sleep. Sleep is always Windows nemesis, at least for my experience. And when you’re relying on a bluetooth service and adapter to authenticate you to come out of sleep mode well, it doesn’t always behave. The experience here thus far has been pretty inconsistent. My devices sleep unless they are in use, so this is a hurdle. In my conversations with Nymi support staff, they are aware of the issue and are actively working to tune that process. With Windows being the dominant desktop platform, I have little doubt they will smooth those issues out.

Still, waking up and unlocking my windows PC and Macbook without typing in a password is a pretty nice experience. Here’s my process:

  1. Fasten NymiBand
  2. Open iPhone 6 with TouchId
  3. Open Nymi Companion on iPhone
  4. Activate band (already enrolled) either via HeartID or TouchId (more on this in a moment)
  5. Login to MacBook by raising lid and pressing enter (<10 seconds)
  6. Login to Windows PC by bringing out of sleep (keyboard) and select Nymi user profile (30-60 secs)

Pretty cool, huh?

iOS Companion

Previously, I had to use a PC to activate my band. That won’t be the average user’s experience. So adding the iOS companion was a huge leap forward. The iOS companion works flawlessly and really was the first user experience that, in my opinion, showed Nymi starting to realize their vision for the ideal user experience. Registration & enrollment were flawless. I could either register my heart rhythm for the enrollment or allow the band to be a proxy for TouchId, yet another well executed biometric implementation. I’ve played with both, but currently use TouchId for activation in the morning.

OS X Experience

This started out rocky due to some installation issues, but eventually both the companion (pre iOS) and the unlock installed well. Now the experience goes up a level. Not only does unlock work seamlessly coming out of sleep, the re-lock feature (if enabled) can detect when your band is out of proximity of your MacBook and automatically lock your device. I found this to be a really nice feature at work. This was another case where the developers really began to show up how the vision could be realized.

Wearable Aesthetics

In this area, I struggle a bit. When I first received the band, I already wore a Fitbit Surge on my non-dominant wrist. Two bands on one wrist is a little too goth for my liking, so I went with my dominant wrist. That was ok, but definitely took some getting used to with respect to keyboards. Now I own an Apple Watch and the dynamic is the same.  I have to wonder, however, if this aspect of wearables will be a barrier to adoption for some. I honestly don’t know the answer to this.

Summary & Leftover Questions

Overall, I’d call the beta experience a success, especially once the iOS companion was released. its easy to see some of the promise in this technology helping reduce our reliance on something as insecure and unreliable as passwords.

Extending this beyond the desktop, and realizing some of the novel use cases in the video are where questions emerge. Could I pair my NymiBand with my 2015 Prius to unlock it? I have a feeling this will be easy given the advances Toyota has already implemented in keyless entry. My 2007 Tundra…not so much but I’m being unfair on that one.

The key challenge I see for the band will be enrollment on the target system, especially for those looking for configuration vs. security experiences. For me, given that I own the PC, MacBook, iPhone, and the Prius, enrollment is easy. What about public systems like the hotel, payment systems, retail chains, airport security, etc? Also, where does privacy play? The upside of the NymiBand is that you could theoretically ‘disappear’ by disconnecting the band. This is unlike Tom Cruise’s character when he walks into the next generation Gap with someone else’s eyes in Minority Report. These are open questions and not meant to infer an indictment of the technology or their approach. There is a ton of potential here, and I look forward to seeing how Nymi’s delivery and, perhaps more importantly, their partnerships help realize the vision of this platform as a next generation in digital identity.