I agree using your watch is cool. However I think you lose out on the security aspect, an important element that a fingerprint provides all on the same device.
The watch unlocking mechanism only works if it’s in an unlocked state, i.e. you haven’t taken it off your wrist since the last time you entered your PIN. Somebody would have to double-press the side button on your watch while you were wearing it.
The watch is already used on other parts of the MacOS (anything in System Preferences), I don't think that sudo is much different than allowing kernel extension to run, for example.
Can you clarify what you mean by this? I love the idea of unlocking and running admin stuff with my watch but kinda gave up on the idea because I assumed there would be security implications. After thinking about it a little more, though, I haven't really been able to come up with anything that didn't already require physical access to my machine and some way to authenticate (password or fingerprint). Since you have to authenticate your device to authenticate the watch and it un-authenticates any time it's removed, it seems like you don't lose anything security-wise.
I think it’s not that bad, security wise. Your watch unlocks as soon as it leaves your wrist, and the unlock handshake uses the BT hardware to figure out how close your watch is.
I think this isn’t a great UX for other reasons I posted on this discussion. But the security is acceptable to me.
