Apple Optic ID: Use Your Eyes to Unlock the Vision Pro

The new system uses a person's unique iris to unlock the mixed reality headset.

Bree Fowler Senior Writer
Bree Fowler writes about cybersecurity and digital privacy. Before joining CNET she reported for The Associated Press and Consumer Reports. A Michigan native, she's a long-suffering Detroit sports fan, world traveler, wannabe runner and champion baker of over-the-top birthday cakes and all-things sourdough.
Expertise cybersecurity, digital privacy, IoT, consumer tech, smartphones, wearables
Bree Fowler
2 min read
An image of an eye with a reflection of a VR headset screen in it.

Everyone's iris is unique, even when it comes to identical twins.


It makes sense that logging into a cutting-edge mixed reality headset would involve your eyeballs.

Designed to be largely hands-free without a traditional keyboard, touchscreen or mouse, Apple's long-awaited Vision Pro headset is secured with a new authentication system called Optic ID, which uses iris scans to authenticate users.

Speaking at Apple's WWDC 2023 keynote event on Monday, company officials said that this kind of data is always unique, even when you're talking about identical twins. Just like with Apple's other biometric identification methods, like the Face ID used on the most recent iPhones, and the Touch ID that preceded it, Optic ID data is encrypted, stored in the device's secure enclave and never leaves it. 

In addition to unlocking the headset, the authentication system will also be used with other sensitive and finance-related features like Apple Pay, app store purchases and password autofill, Apple said.

During its Monday presentation, Apple revealed few details as to how the system will specifically work, making it tough for outside observers to evaluate exactly how secure it could be. An Apple spokesperson didn't immediately return an email seeking additional information.

The use of iris scans as a form of authentication isn't a new thing. For example, they're used in airports around the country as part of the Clear system. But attempts to integrate iris scanners into consumer technology haven't always been successful. In 2017, the iris scanner included in Samsung's Galaxy S8 phone was hacked by cybersecurity researchers, who managed to fool it with a photo of a legitimate user's eye and a contact lens. 

Also at the Monday event, Apple said that the mixed reality headset's other security and privacy features include a design that keeps what a user is looking at private, noting that what a person chooses to look at has the potential to give away what they're thinking about.

Apple said the data is isolated in a separate background process, so apps and websites can't see what a user is looking at. It's only when a user taps their fingers or enters a response on another Apple device that the data gets communicated and processed at the system level.

The Vision Pro is set to go on sale next year for $3,499.