With the introduction of the Touch Bar in 2016, the MacBook Pro also adopted Touch ID as a means of authentication.
Touch ID on the MacBook Pro is undoubtedly a win for privacy and security. It’s an easy and incredibly tough-to-crack way of locking down your Apple notebook.
But Touch ID on the Mac comes with its own set of quirks. One of those is a bug that can prevent you from adding new fingerprints. Here’s what you need to know about the problem and how to fix it.
- Updating to macOS Catalina and above appears to solve these fingerprint limit issues
- Temporarily create a new administrator account to see if the issue persists for new accounts
- Try using the Terminal command xartutil –erase-all to clear current fingerprints (do not try this command on Macs with the T2 chip–instead contact Apple Support)
Basically, when you go to input a fingerprint in your MacBook Pro with Touch Bar, macOS will give you the following dialogue box.
“Fingerprint limit reached. To add a new fingerprint, remove a fingerprint from any account on this Mac.”
This, of course, can be really weird if you’ve never inputted any fingerprints into your MacBook Pro. Or even if you’ve only implemented a couple.
Some users report that they get this message even if there are no fingerprints to delete on any account.
Furthermore, the issue persists after reboots and even the entire macOS system reinstalls. It’s a stubborn bug to fix.
Why Does This Happen?
It’s not clear why exactly this happens, but an Apple employee writing on Reddit indicated that it could be a firmware-level issue.
Basically, the problem might stem from the fact that Touch ID fingerprints on MacBook Pro models are stored in the Secure Enclave.
The Secure Enclave is controlled by a different piece of hardware than the rest of the macOS ecosystem: Apple’s T-series coprocessing chip.
In other words, there might be a bug preventing macOS from deleting fingerprints stored in the Secure Enclave.
Because the Secure Enclave is controlled by the T-series chip, there can also be a disconnect between what macOS on your SSD says and how many fingerprints are actually stored in the Secure Enclave.
Similarly, Apple says that using third-party utilities to erase the content on your Mac can also cause problems. Presumably, that’s because third-party apps are barred from accessing any sort of data in the Secure Enclave.
If you’ve received your MacBook Pro used, someone may have used a third-party app to erase macOS. Thus, leaving you with a fresh MacBook Pro that has lingering fingerprint data.
How to Delete Exiting Fingerprints in macOS
Luckily, no matter what the exact cause of the problem may be, there is a way to delete all of the fingerprint data stored in the Secure Enclave.
First, try deleting fingerprints the usual way
- Hover the pointer over a fingerprint. and wait for a delete button to appear
- Tap the delete button
- Enter your password to remove the fingerprint
- Try adding a fingerprint
Delete all fingerprints from your MacBook
This method works on many Macs BUT not on Macs with Apple’s T2 chip.
Check out whether your Mac has the T2 chip
- Press and hold the Option key while choosing Apple menu > System Information
- In the sidebar, select either Controller or iBridge
- If you see Apple T2 chip on the right, your Mac has the Apple T2 Security Chip–do not follow the instructions below–make an appointment at your nearest Apple Store or contact Apple Support instead and ask for them to run Apple Service Diagnostics on your MacBook
Unfortunately, on T2 Macs the Terminal command listed below xartutil –erase-all causes a lot of problems from erasing the encryption key and admin accounts to unmounting your boot drive and not allowing you to remount it.
For Macs that do not have the T2 chip, you’ll can reboot your Mac into Recovery mode and use the Terminal to type in a command. Here’s how.
- Back up your Mac before attempting this so safety’s sake
- Restart or start your Mac.
- While your Mac restarts, hold down Command + R until you see the Apple logo appear.
- When it does, release the keys. Your Mac will now enter Recovery mode — you should see a macOS Utilities pane.
- Click on Utilities in the top menu bar.
- Select Terminal.
- Once it opens, type the following command into the terminal: xartutil –erase-all
- Check that you add a space after xartutil and then add –erase-all
- Press Enter / Return.
- Type yes into the terminal.
Once all of that is done, you should be good. Just click the Apple icon in the top menu bar and select Restart.
From here, just go back to the Touch ID pane in System Preferences and try adding new fingerprints.
What if This Doesn’t Work?
This should work in the vast majority of cases. But it’s worth noting that some users have had the fingerprint bug persist even after the Terminal command.
If that’s the case, we recommend that you take your MacBook Pro into Apple or an Authorized Service Provider for diagnostics and possible repairs. There could be another issue at play with your logic board, Touch ID sensor, or other hardware.
Similarly, it’s pretty likely that Apple is aware of this bug and is working on a fix that might do away with the disconnect between macOS and the Secure Enclave.
Because of that, just make sure to keep your MacBook Pro up-to-date by installing the latest macOS software updates.
Mike is a freelance journalist from San Diego, California.
While he primarily covers Apple and consumer technology, he has past experience writing about public safety, local government, and education for a variety of publications.
He’s worn quite a few hats in the journalism field, including writer, editor, and news designer.