A recent update to Apple’s Platform Security Guide describes the company’s Secure Intent technology, which lets you securely confirm an action without entering a password or passcode. It works through some sort of hardware trigger—a Touch ID sensor, the side button on a Face ID-enabled iPhone or iPad, or an Apple Watch’s side button—connected to a Secure Enclave. It’s designed so that even if you have software running with root privileges or at the kernel level, the intent cannot be spoofed. Think about using Touch ID to sign in to your MacBook Pro, double-pressing the side button on an Apple Watch to unlock System Preferences, or double-pressing the side button to confirm a purchase on an iPhone 12.
John Gruber of Daring Fireball analyzed Apple’s document to draw some conclusions. For instance, Secure Intent explains why Macs have stuck with Touch ID instead of making the seemingly obvious move to Face ID, since you would still need some sort of button connected to a Secure Enclave to support Secure Intent. Gruber suspects that the future of Apple’s biometric authentication will be multi-sensor, combining both Face ID and Touch ID.