Apple Enterprise FUD article
Ping!
If you want on or off the Mac Ping List, Freepmail me.
Apple passwords can be up to 256 characters and use any of the 223 characters accessible from the keyboard. The only limitation Apple imposes is that no password can have more than two consecutive identical characters.
The claim in the headline that "Most Apple devices lack proper security for the enterprise" is totally specious FUD as the devices DO have the proper security, it's just not being used, which makes the headline, and only the headline, suitable for this current FUD SEASON. . . it applies to all Bring Your Own Device which the company's IT department does not properly check out before allowing it to connect to the network.
If you want on or off the Mac Ping List, Freepmail me.
The article is kind of meaningless without comparing it to non-Apple devices in the same workplaces. Android devices are not exactly known for being locked down. I have been in organizations where Linux/Unix root passwords were both common knowledge and easy to guess. None of tehse have to do with the device.
For the enterprise, it would be nice if Apple could have separate identities, logins if you will, for work and personal on iOS. That problem is far from unique to Apple. Windows 10 on Surface may not have that problem, but it brings its own mature and broad set of malware as well.
CIO Magazine should do better in properly vetting its articles. This appears to be more of an advertisement wrapped up as editorial content.
Are they failing to require it, or failing to enforce it? It's one thing to publish a policy statement specifying a password complexity requirement. Being able to enforce it is something else altogether.
so, then use Windows Phone? Or Android?
Both of the alternate platforms are riddled with holes, compared to iOS.
This article is useless.
What!! “abc123” isn’t a good password??
Geeze, now you tell me. I guess I shouldn’t have used it when I signed up at Ashley Madison. Oops, I didn’t say that.
A crummy ad masquerading as a news article; like so much of today's "news".
biometrics propaganda... you would not believe how desperately the government and many creepily intrusive large companies (e.g. Google, FB) want your biometric data
NEVER DO BIOMETRICS if you can help it. For God’s sake, don’t offer your fingerprints to a company that can resell them on the open market.
Haven’t heard fear, uncertainty and doubt since Dell.
I concur with your statement. A typical strong password has a minimum seven characters and is alphanumeric. Special characters in SSO environments can be problematic with in house apps.
I prefer phrases with strong requirements.
Apple’s “lack” of enterprise security is anything but
This rather terrible CIO story’s headline is “Most Apple devices lack proper security for the enterprise” and its even more “damning” sub-headline is:
Apple’s Macs, iPhones and iPads are common in the modern workplace, but relatively few of these devices comply with standard security requirements, according to a new survey.
But the article itself paints a different picture:
More than half, or 51 percent, of all the users’ Apple devices were secured by single-word passwords or numerical PINs, and 58 percent of those devices had no software or policies to enforce the use of stronger passwords. The survey also found that 56 percent of Apple device users shared their passwords with others, and only 17 percent had company-supplied password managers.
In addition, only 28 percent of respondents’ Apple devices had company-provided device management solutions, and 35 percent of the people work for companies that enforce data encryption on Apple devices. Almost 60 percent of the Macs represented in the survey were used to access confidential company information, and 65 percent of those systems were used to access sensitive or regulated customer information, according to the survey.
So, it’s not that Apple devices don’t comply with the security features, it’s that those companies’ IT department don’t enforce the offered security properly or at all. Which is a bit like calling a car unsafe because you choose not to use the brakes.
Apple used to get a lot of flack for not being business-oriented, but it’s pretty hard to argue that they’re not a major player in enterprise these days, especially given the deal Apple struck with IBM last year.
So it’s always wise to ask yourself: where, exactly, do these stories come from?
Nearly half of all U.S. employees use at least one Apple device at work, but most of those gadgets lack common security protocols required by many enterprises, according to a new survey commissioned by Centrify, a company that sells enterprise security and management software for Apple products. [emphasis added]
Shocker.
It is nice when other pundits come to the same conclusions you do. . .
For that last one it says "Do not use this setting unless you use a program that requires it." In contrast Unix and MacOS store passwords in the most secure way possible: a salted one-way hash. As someone pointed out on stackexchange it would take 2000 years to crack an eight character password. All the other policies are feel-good window dressing with almost no practical security value. Real security comes from a simple and public implementation of secure storage (salted multiple-iteration hashes) and comparison (timeout and try-limited). There's no reason to enforce a length or complexity requirement other than very trivial ones (e.g. a small length requirement and blacklist).