With the introduction of the Touch Bar in 2016, the MacBook Pro also adopted Touch ID as a means of authentication.
Touch ID on the MacBook Pro is undoubtedly a win for privacy and security. It’s an easy and incredibly tough-to-crack way of locking down your Apple notebook.
But Touch ID on the Mac comes with its own set of quirks. One of those is a bug that can prevent you from adding new fingerprints. Here’s what you need to know about the problem and how to fix it.
Basically, when you go to input a fingerprint in your MacBook Pro with Touch Bar, macOS will give you the following dialogue box.
“Fingerprint limit reached. To add a new fingerprint, remove a fingerprint from any account on this Mac.”
This, of course, can be really weird if you’ve never inputted any fingerprints into your MacBook Pro. Or even if you’ve only implemented a couple.
Some users report that they get this message even if there are no fingerprints to delete on any account.
Furthermore, the issue persists after reboots and even entire macOS system reinstalls. It’s a stubborn bug to fix.
Why Does This Happen?
It’s not clear why exactly this happens, but an Apple employee writing on Reddit indicated that it could be a firmware-level issue.
Basically, the problem might stem from the fact that Touch ID fingerprints on MacBook Pro models are stored in the Secure Enclave.
The Secure Enclave is controlled by a different piece of hardware than the rest of the macOS ecosystem: Apple’s T-series coprocessing chip.
In other words, there might be a bug preventing macOS from deleting fingerprints stored in the Secure Enclave.
Because the Secure Enclave is controlled by the T-series chip, there can also be a disconnect between what macOS on your SSD says and how many fingerprints are actually stored in the Secure Enclave.
Similarly, Apple says that using third-party utilities to erase the content on your Mac can also cause problems. Presumably, that’s because third-party apps are barred from accessing any sort of data in the Secure Enclave.
If you’ve received your MacBook Pro used, someone may have used a third-party app to erase macOS. Thus, leaving you with a fresh MacBook Pro that has lingering fingerprint data.
How to Delete Exiting Fingerprints in macOS
Luckily, no matter what the exact cause of the problem may be, there is a way to delete all of the fingerprint data stored in the Secure Enclave.
Basically, you’ll need to reboot your Mac into Recovery mode and use the Terminal to type in a command. Here’s how.
- Restart or start your Mac.
- While your Mac restarts, hold down Command + R until you see the Apple logo appear.
- When it does, release the keys. Your Mac will now enter Recovery mode — you should see a macOS Utilities pane.
- Click on Utilities in the top menu bar.
- Select Terminal.
- Once it opens, type the following command into the terminal: xartutil –erase-all
- Press Enter / Return.
- Type yes into the terminal.
Once all of that is done, you should be good. Just click the Apple icon in the top menu bar and select Restart.
From here, just go back to the Touch ID pane in System Preferences and try adding new fingerprints.
What if This Doesn’t Work?
This should work in the vast majority of cases. But it’s worth noting that some users have had the fingerprint bug persist even after the Terminal command.
If that’s the case, it’s recommended that you take your MacBook Pro into Apple or an Authorized Service Provider for diagnostics and possible repairs. There could be another issue at play.
Similarly, it’s pretty likely that Apple is aware of this bug and is working on a fix that a might do away with the disconnect between macOS and the Secure Enclave.
Because of that, just make sure to keep your MacBook Pro up-to-date by installing the latest macOS software updates.