A recent Dimensional Research survey of almost 2,250 workers showed that 51% of their Apple BYOD devices were password protected with a single word. Ouch. As IT professionals, we know that systems protected by weak passwords are at significant risk. Dictionary attacks are common and breaking a simple password can happen quite quickly. And, if history is any guide, that one word password for their Mac, iPhone, or iPad is likely also the same one that is used to access other applications and even servers.
Simple Passwords, Multifaceted Problem
Identities are the number one target for hackers. They are the easiest way to gain access into a network and to steal confidential data. Easy passwords, common passwords, and the lack of multi-factor authentication are all problematic; the Dimensional Research survey data only confirms it. The problem for IT, though, is that often Apple devices are unmanaged. Most organizations are using legacy directory services systems like Microsoft Active Directory. While Macs can authenticate to AD, they cannot be controlled and managed. As a result, Macs often go unmanaged within the IT environment. That leads to poor passwords and ultimately devices that can more easily be compromised.
Moving Past Password Issues
There is a better approach, though. Even if you are using AD, leverage a Directory-as-a-Service platform that can manage Macs. DaaS can serve as your core, cloud-based directory service or can be an adjunct to your AD server. In either case, Directory-as-a-Service can enforce complex passwords, including determining minimum character length, the use of mixed characters, and even eliminating the use of previous passwords. IT admins can set these requirements for not only Macs, but also for Windows and Linux devices as well. Complex passwords can dramatically increase the level of effort required to compromise a device.
Directory-as-a-Service platforms are the centralized user management solutions that connect users to the IT resources they need, including systems, applications, and networks. By using a core, authoritative directory service that connects to all IT resources, IT admins can now drive increased password requirements, the rotation of passwords, the use of SSH keys, and even multi-factor authentication. If Dimensional Research’s data is any indicator of broader password use, our organizations are at risk. A system that forces more complex passwords can make a significant impact on your security.
To learn more about how DaaS can support your efforts to keep your infrastructure secure, drop us a note or feel free to sign-up for a free account. Your first 10 users are free forever.