Show HN: PanicLock – Close your MacBook lid disable TouchID –> password unlock

Great idea and implementation! If you are hesitant to install this for any reason, you can accomplish the same thing with this one liner:

  sudo bioutil -ws -u 0; sleep 1; sudo bioutil -ws -u 1

If this were a concern for me the better choice is shutting down the laptop to encrypt the drive and disable biometrics. This does nothing since the drive is still unencrypted.

Neat idea.

I remember way back in the day, there was some question as to the legality of compelled unlocking of devices; IIRC, it’s been deemed legal to compel a fingerprint, but illegal (under the first amendment?) to compel entry of a password—IIRC, as long as that password hasn’t been written down anywhere.

I gather this is written to that end primarily? Or is there some other goal as well?

How beneficial is this versus just being theater? The example used in this is the government accessing the reporters laptop via biometrics.

But in this case, and especially under this admin legal or not this app won't stop them, unless I'm misunderstanding the macOS security model. Even with FDE enabled, sending it to the lock screen with biometrics disabled will not do anything to stop them from being able to access the contents of the hard drive via forensic methods with relative ease.

I think that at best this will only stop the casual person (i.e. a family member or roommate/random snooper)? In which case there would be no point to switch away from biometrics.

You're far better off just keeping more private information on the iPhone and isolating that data from a Mac, since that has far more resistance to intrusion in AFU mode than a Mac.

This is great. I see many times "security advice" against biometrics replacing password unlock, but most of the time I am more worried about getting recorded by somebody/something while typing a password in the open than anything else. This makes it better for those other cases.

This would be perfect if it could monitor the force with which the lid is closed (macs have accelerometers after all, either this info or an acceptable proxy could be derived?).

Gently close? no action.

Stronger, faster action? Disable touch ID

Slam shut in full panic? yeah disable all biometrics, lose all state, even wipe the ram and the filevault key if it's an option

The iOS equivalent is to hold the side + volume button until the power slider shows up. Cancel out of it and the next unlock will require your passcode. Pressing the side button 5x triggers Emergency SOS which does the same thing. Been there forever but barely anyone knows about it.

Nice to see something like this on the Mac side.

> in sensitive situations, law enforcement and border agents in many countries can compel a biometric unlock in ways they cannot with a password.

If the threat model includes state-level actors, then disabling biometrics won't prevent data from being retrieved from physical memory. It would probably be wiser to enable disk encryption and have a panic button that powers down/hibernates the computer so that no unencrypted data remains on RAM.

The website says shutdown "takes time" and "kills your session" but a hibernation button would take effect just as fast and would preserve the session.

I'm surprised Apple doesn't offer an option. On the iPhone you could do this by pressing the power button several times. Not sure if this still works because the iPhone 6 was my last one though.

This is awesome, thank you. Was just thinking about this problem the other day. Glad someone whipped something up.

The 2026 version of "Boss Key".

What's the rationale? It should be described in the README.md IMO

Honestly I’m surprised this wasn’t already a feature in macOS. Thank you for coding it and publishing as open-source!

This should be an OS X feature, it's just that good.

Great work, congrats!

PSA to iOS users: if you tap the lock button 5x it forces password-only unlocking. Useful at protests or any precarious situations with law enforcement.

There should just be a way to setup an alternate dummy account based on the finger you use. This gives the illusion of compliance but your real data is safe.

If someone can force you to use touch id they can probably also force you to enter your password.

(If you’re about to comment about fingerprints on transparency film and balloons filled with warm water then yes good point)

[flagged]