Canaries in the IT department

by Volker Weber

ZZ14BD5D33

I used to check MDM policies for very simple signs of things going wrong. Chief among those policies was the camera policy. If you switched that off for "security reasons" just because you could, you were downgrading your user experience without providing security. Well, things have moved on since then, but I have new canaries in the coal mine. For BlackBerry that is Picture Password, for iOS it's TouchID. If you disabled those, please reconsider. Your users hate you. Which means you will lose, eventually.

Comments

Hear, hear. If you disable things like Touch ID, you are much likely worsening security a lot, depending on your threats.
If you think, security can be imposed, print this out and stick it to your screen: http://dilbert.com/strip/2007-11-16

Hubert Stettner, 2016-11-16

PS: Why would anybody disable picture password? I can somehow see why somebody would think he needs to disable biometrics in certain (very narrow) scenarios, but picture password? It is better than 'traditional' password entering, as it is a lot more shoulder surfing proof.

Hubert Stettner, 2016-11-16

In my company, TouchID is mandatory. That makes much more sense (I don't know if this can be enforced via MDM, but at least the end user has to sign a paper that he must do so...)

Thomas Muders, 2016-11-16

Hubert, I call distributed intelligence. One brain sets security policies, the other brain imposes them on users. If your login policies requires eight characters with at least one upper case, one number and one special character, you cannot allow any shortcuts, can you?

Thomas, smart company!

Volker Weber, 2016-11-16

Volker, considering the consequences from having to change the password every 60 days according to policy when using biometrics their intentions may have been very intentionally ;-))

Matthias Peplow, 2016-11-19

Why would someone disable TouchID. Is there any reason?

Malte Widenka, 2016-11-19

Well, they do. ;-)

Volker Weber, 2016-11-19

The reason I've heard people suggest disabling TouchID isn't because it isn't secure, but rather because the impact of combining it with other security policies affected operational support. So, say you require some form of complex passcode to unlock the phone (even just 6 numeric digits) AND you require that passcode to be changed every 30 days (ugh). When TouchID was first released, it was pretty easy to go several weeks without having to enter your passcode at all. Users forgot their passcodes. Help Desks went crazy. I'm out of the Ops universe these days, so I don't know if the more frequent passcode prompts Apple inserted in subsequent OS updates made that issue go away. Personally, I'd blame the passcode change policy rather than TouchID for that issue, but ...

Rob McDonagh, 2016-11-20

Rob, exactly. And yes, it is better today. Also, when having a password policy and sensible MDM, ops could always send an unlock, easily. Well.

Hubert Stettner, 2016-11-20

Recent comments

Volker Weber on watchOS 7 verursacht Probleme mit der Akkulaufzeit at 22:19
Jochen Kattoll on watchOS 7 verursacht Probleme mit der Akkulaufzeit at 22:08
Volker Weber on watchOS 7 verursacht Probleme mit der Akkulaufzeit at 21:26
Federico Hernandez on watchOS 7 verursacht Probleme mit der Akkulaufzeit at 21:03
Volker Weber on watchOS 7 verursacht Probleme mit der Akkulaufzeit at 20:48
Mariano Kamp on watchOS 7 verursacht Probleme mit der Akkulaufzeit at 20:46
Marc Henkel on watchOS 7 verursacht Probleme mit der Akkulaufzeit at 20:37
Jean Pierre Wenzel on watchOS 7 verursacht Probleme mit der Akkulaufzeit at 20:28
Jean Pierre Wenzel on watchOS 7 verursacht Probleme mit der Akkulaufzeit at 17:53
Mariano Kamp on watchOS 7 verursacht Probleme mit der Akkulaufzeit at 11:49
Jochen Schug on watchOS 7 verursacht Probleme mit der Akkulaufzeit at 09:18
Ingo Harpel on watchOS 7 verursacht Probleme mit der Akkulaufzeit at 09:14
Mariano Kamp on watchOS 7 verursacht Probleme mit der Akkulaufzeit at 08:02
René Fischer on Home screen reorganized for iOS 14 at 00:15
Mariano Kamp on watchOS 7 verursacht Probleme mit der Akkulaufzeit at 23:04
Uwe Papenfuss on watchOS 7 verursacht Probleme mit der Akkulaufzeit at 22:43
Frank Quednau on Home screen reorganized for iOS 14 at 21:44
Benjamin Schinhammer on watchOS 7 verursacht Probleme mit der Akkulaufzeit at 19:32
Matthias Welling on My favorite Watch face with watchOS 7 at 18:23
Uwe Papenfuss on watchOS 7 verursacht Probleme mit der Akkulaufzeit at 18:22
Jochen Schug on watchOS 7 verursacht Probleme mit der Akkulaufzeit at 18:12
Kambiz Larizadeh on watchOS 7 verursacht Probleme mit der Akkulaufzeit at 18:03
Hans Giesers on watchOS 7 verursacht Probleme mit der Akkulaufzeit at 17:58
Frank Quednau on watchOS 7 verursacht Probleme mit der Akkulaufzeit at 17:53
Cyril Gabathuler on watchOS 7 verursacht Probleme mit der Akkulaufzeit at 17:29

Ceci n'est pas un blog

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.

vowe

Contact
Publications
Stuff that works
Amazon Wish List
Frequently Asked Questions

rss feed  twitter  amazon

Local time is 22:47

visitors.gif

Paypal vowe