With the introduction of the Touch Bar in 2016, the MacBook Pro also adopted Touch ID as a means of authentication.
Touch ID on the MacBook Pro is undoubtedly a win for privacy and security. It’s an easy and incredibly tough-to-crack way of locking down your Apple notebook.
But Touch ID on the Mac comes with its own set of quirks. One of those is a bug that can prevent you from adding new fingerprints. Here’s what you need to know about the problem and how to fix it.
Updating to macOS Catalina and above appears to solve these fingerprint limit issues
Temporarily create a new administrator account to see if the issue persists for new accounts
Try using the Terminal command xartutil –erase-all to clear current fingerprints (do not try this command on Macs with the T2 chip–instead contact Apple Support)
The Problem
Basically, when you go to input a fingerprint in your MacBook Pro with Touch Bar, macOS will give you the following dialogue box.
“Fingerprint limit reached. To add a new fingerprint, remove a fingerprint from any account on this Mac.”
This, of course, can be really weird if you’ve never inputted any fingerprints into your MacBook Pro. Or even if you’ve only implemented a couple.
Some users report that they get this message even if there are no fingerprints to delete on any account.
Furthermore, the issue persists after reboots and even the entire macOS system reinstalls. It’s a stubborn bug to fix.
Why Does This Happen?
It’s not clear why exactly this happens, but an Apple employee writing on Reddit indicated that it could be a firmware-level issue.
Basically, the problem might stem from the fact that Touch ID fingerprints on MacBook Pro models are stored in the Secure Enclave.
The Secure Enclave is controlled by a different piece of hardware than the rest of the macOS ecosystem: Apple’s T-series coprocessing chip.
In other words, there might be a bug preventing macOS from deleting fingerprints stored in the Secure Enclave.
Because the Secure Enclave is controlled by the T-series chip, there can also be a disconnect between what macOS on your SSD says and how many fingerprints are actually stored in the Secure Enclave.
Similarly, Apple says that using third-party utilities to erase the content on your Mac can also cause problems. Presumably, that’s because third-party apps are barred from accessing any sort of data in the Secure Enclave.
If you’ve received your MacBook Pro used, someone may have used a third-party app to erase macOS. Thus, leaving you with a fresh MacBook Pro that has lingering fingerprint data.
How to Delete Exiting Fingerprints in macOS
Luckily, no matter what the exact cause of the problem may be, there is a way to delete all of the fingerprint data stored in the Secure Enclave.
First, try deleting fingerprints the usual way
Hover the pointer over a fingerprint. and wait for a delete button to appear
Tap the delete button
Enter your password to remove the fingerprint
Restart
Try adding a fingerprint
Delete all fingerprints from your MacBook
This method works on many Macs BUT not on Macs with Apple’s T2 chip.
Check out whether your Mac has the T2 chip
Press and hold the Option key while choosing Apple menu > System Information
In the sidebar, select either Controller or iBridge
If you see Apple T2 chip on the right, your Mac has the Apple T2 Security Chip–do not follow the instructions below–make an appointment at your nearest Apple Store or contact Apple Support instead and ask for them to run Apple Service Diagnostics on your MacBook
Unfortunately, on T2 Macs the Terminal command listed below xartutil –erase-all causes a lot of problems from erasing the encryption key and admin accounts to unmounting your boot drive and not allowing you to remount it.
For Macs that do not have the T2 chip, you’ll can reboot your Mac into Recovery mode and use the Terminal to type in a command. Here’s how.
Back up your Mac before attempting this so safety’s sake
Restart or start your Mac.
While your Mac restarts, hold down Command + R until you see the Apple logo appear.
When it does, release the keys. Your Mac will now enter Recovery mode — you should see a macOS Utilities pane.
Click on Utilities in the top menu bar.
Select Terminal.
Once it opens, type the following command into the terminal: xartutil –erase-all
Check that you add a space after xartutil and then add –erase-all
Press Enter / Return.
Type yes into the terminal.
Once all of that is done, you should be good. Just click the Apple icon in the top menu bar and select Restart.
From here, just go back to the Touch ID pane in System Preferences and try adding new fingerprints.
What if This Doesn’t Work?
This should work in the vast majority of cases. But it’s worth noting that some users have had the fingerprint bug persist even after the Terminal command.
If that’s the case, we recommend that you take your MacBook Pro into Apple or an Authorized Service Provider for diagnostics and possible repairs. There could be another issue at play with your logic board, Touch ID sensor, or other hardware.
Similarly, it’s pretty likely that Apple is aware of this bug and is working on a fix that might do away with the disconnect between macOS and the Secure Enclave.
Because of that, just make sure to keep your MacBook Pro up-to-date by installing the latest macOS software updates.
Mike is a freelance journalist from San Diego, California.
While he primarily covers Apple and consumer technology, he has past experience writing about public safety, local government, and education for a variety of publications.
He’s worn quite a few hats in the journalism field, including writer, editor, and news designer.
I am still facing the issue after doing the above steps..
when I press yes after entering the code xartutil –erase-all, nothing happens, I just press shut down and the problem still continues.
I am frustrated please help!!
friend, I ran the procedure and now I can’t get into the MAC anymore. I type in the password and it doesn’t come in, I don’t know if the ssd is T2. It’s an Air. Is it possible to revert in any way? I need to recover the data inside it and then format and use it from scratch. help me.
Yep, same thing happened to me. On a 2018 MacBook Pro with Touch Bar this will actually brick your Mac.
Basically, the T2 chip on this specific MacBook contains both the Touch ID information as well as encrypted harddrive keys. In summary, clearing it using the xartutil –erase-all command will essentially delete the password you use to gain entry to your Mac and there’s no way to get around it. I had to restore my Macbook from a time machine backup.
Quite unfortunate and I wish this was more documented, because I’m still having the same issue and can’t run that command to fix it. Will have to take it into an apple store for potential repair.
Jon, you nailed word for word what I went through.
In fact, reformatting the drive was a pain as well since the clean install of Catalina kept failing. Eventually got that figured out only to still end up with the same problem.
Exactly the same here… tried the terminal command a bit too fast and bricked my MacBook.
For me the whole touch-ID problem began after a keyboard replacement from Apple. Bringing it back to the store tomorrow.
I am still facing the issue after doing the above steps..
when I press yes after entering the code xartutil –erase-all, nothing happens, I just press shut down and the problem still continues.
I am frustrated please help!!
Thanks for the tip, this worked well on my T1 MBP. Worth reading the entire article before proceeding.
friend, I ran the procedure and now I can’t get into the MAC anymore. I type in the password and it doesn’t come in, I don’t know if the ssd is T2. It’s an Air. Is it possible to revert in any way? I need to recover the data inside it and then format and use it from scratch. help me.
the article gives two different spellings for the required command.
In the text it says
xartutil -erase-all
in the image of the terminal it says
xartutil –erase-all
Could this explain the inconsistent results?
Hi Alex,
The correct command is: xartutil –erase-all
add a space after xartutil
then add –erase-all
The MacBook in the picture is a pretty old version (it still has the slot for the Kensington lock, on the right side) without any Touch ID…
I tried the above, after restart the user account is not accepting my password! After multiple tries it doesn’t prompt login with apple ID also! HELP
Hi Manish,
Do you have another user account on the Mac to test it?
Yep, same thing happened to me. On a 2018 MacBook Pro with Touch Bar this will actually brick your Mac.
Basically, the T2 chip on this specific MacBook contains both the Touch ID information as well as encrypted harddrive keys. In summary, clearing it using the xartutil –erase-all command will essentially delete the password you use to gain entry to your Mac and there’s no way to get around it. I had to restore my Macbook from a time machine backup.
Quite unfortunate and I wish this was more documented, because I’m still having the same issue and can’t run that command to fix it. Will have to take it into an apple store for potential repair.
You managed to find a solution?
Jon, you nailed word for word what I went through.
In fact, reformatting the drive was a pain as well since the clean install of Catalina kept failing. Eventually got that figured out only to still end up with the same problem.
Exactly the same here… tried the terminal command a bit too fast and bricked my MacBook.
For me the whole touch-ID problem began after a keyboard replacement from Apple. Bringing it back to the store tomorrow.