Among all the new features of macOS Sierra that launched , it’s “Allow your Apple Watch to unlock your Mac” I wanted to try first.
At first, it seemed really easy: just check the box labeled “Allow your Apple Watch to unlock your Mac” in System Preferences → Security and Privacy → General on your Mac. It turns out there are a few more loops to jump through if you have “Two Step Verification” turned on on your Apple ID. Checking the box failed with a message saying that this feature couldn’t be enabled while “Two Step Verification” (2SV) was on.
I never realised Apple had two different processes with similar usability and slightly different names to strengthen security.
So I headed off to turn “Two Step Verification” off for my Apple ID. Turning this feature off prompts you to choose a new set of security questions (eventhough you might have done that previously before enabling Two Step Verification). Once that completed, it fires off emails to all your verified accounts warning that the security has changed.
When I returned to System Preferences → Security and Privacy → General on your Mac to enable the new feature, I discovered that the checkbox was gone… as if my devices didn’t recognise each other anymore.
That is when I discovered that there was a “Two Factor Authtenication” (2FA)process available, which I enabled on my Mac through the security section of my Apple ID account. But the checkbox still didn’t appear.
Rebooting all devices (Mac, iPhone, Watch) didn’t help either.
It turned out you need to go in your iCloud settings to revalidate your Apple ID on all your devices. This means entering your Apple ID password in the iCloud setting (and in the Watch app on the iPhone), confirm it with a 2FA code, and revalidate it with your device password. Once all this completed, the checkbox reappeared in my Security settings on my Mac and I could unlock my Mac just by sitting in front of it.
I’m still a little perplexed by the complexity of the task at hand. Was I an edge case having 2SV enabled? Was 2SV launched before 2FA? I guess the latter superseeds the former , but it feels very unApple to offer two distinct processes so similar.
More information on Apple Two-Factor Authentication vs. Two-Step Verification