You’re looking through Activity Monitor to see what’s running on your Mac, when you notice something unfamilar: coreauthd. What is this process? First of all, it’s part of macOS, so don’t worry about it being nefarious. But here’s a quick look at what it does.
RELATED: What Is This Process and Why Is It Running on My Mac?
This article is part of our ongoing series explaining various processes found in Activity Monitor, like kernel_task, hidd, mdsworker, installd, WindowServer, blued, launchd, backup, opendirectoryd, powerd, and many others. Don’t know what those services are? Better start reading!
Today’s process, coreauthd, is a daemon—you can spot that because of the “d” at the end of the name. Daemons run in the background of macOS and do all kinds of things essential to your system. This specific daemon manages local authentication, including when you type your password or use Touch ID.
Here’s the coreauthd man page, which you can find by typing man coreauthd in the Terminal.
So what’s that in plain English? Basically, it means that coreauthd is what triggers those prompts asking for your password while you’re making changes only permitted by administrators.
If you have a MacBook Pro with Touch ID, coreauthd is also launches those prompts.
Finally, coreauthd manages how long your elevated permissions stay active. For example: enter your password in System Preferences to make administrator level changes, and you’ll have admin access to settings there until you close the System Preferences window. If you close it, you’ll need to enter your password yet again to make administrator level changes. There are lots of little rules like this that manage how long admin functions last, and coreauthd is managing them.
This is not the most complicated process, but it is essential for using your Mac. You shouldn’t see coreauthd using up a lot of CPU or memory, and if you suspect it’s crashed you can try killing it using Activity Monitor. Your Mac will launch it again instantly.