• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: [Fed-Talk] [Non-DoD Source] Re: Two-Factor Authentication (2FA) & Apple Watch on a STIG'd iMac
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fed-Talk] [Non-DoD Source] Re: Two-Factor Authentication (2FA) & Apple Watch on a STIG'd iMac

  • Subject: Re: [Fed-Talk] [Non-DoD Source] Re: Two-Factor Authentication (2FA) & Apple Watch on a STIG'd iMac
  • From: Peterson Ed <email@hidden>
  • Date: Wed, 28 Sep 2016 08:23:48 -0700
  • Dkim-filter: OpenDKIM Filter v2.10.3 cns2sd.spawar.navy.mil u8SFOSKN006615
Even though the Apple Watch is not accessing any files on the STIG’d Mac and BT is used for Keyboard and mouse only, I do believe you have a point from a sceptic point of view.

Having the Mac lock and unlock based upon the unlocked and paired Apple Watch’s proximity to the Mac is really what I’m looking for. Apple made the watch a perfect proximity device suited for this capability. And once the watch is not on the owner’s arm, it locks itself preventing any passerby from unlocking the Mac via that same watch.


On Sep 27, 2016, at 2:14 PM, Ron Colvin <email@hidden> wrote:

On a policy note I'm not sure it should be allowed unless there is someway to register the watch as a token for each user that has one in an organizational directory. A personally owned and managed device is allowed to unlock the screen of an organizationally managed one? Now if you can get a PIV derived cert on the watch you'd have something. :-)

I do however have nothing to do with DOD policy so you're safe from me. There is a planned control for the CIS Benchmark that outlines what organizations should consider in this use case.

On 9/27/16 3:46 PM, Peterson Ed wrote:
Has anyone tried to make the auto-unlock/login work on a STIG’d Mac?  I went through the process a few times always stopping at a message that stated I needed to complete the iCloud setup. After searching a few websites on 2FA, I found out to make the Apple Watch available to unlock you computer you needed WiFi enabled as well as bluetooth.

http://www.macworld.com/article/3123791/os-x/unlocking-a-mac-with-an-apple-watch-requires-two-factor-not-two-step-icloud-protectionwhat.html

It makes sense bluetooth should be there, but it’s beyond me why this entire process requires WiFi when a STIG’d system almost always disables WiFi at the lower level. 

I have all the ingredients to make it work if it didn’t require WiFi.  Does anyone know why WiFi needs to be in the mix?

V/R,
Ed

Ed Peterson
MUOS ISEA, NMF SME Hawaii
SPAWAR Systems Center Pacific
Code 55240
53560 Hull St, San Diego, CA 92152-5001
Office/Mobile: (619) 438-0049
NIPR: email@hidden
SIPR NMCI: email@hidden


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

--


********************************************************
Ron Colvin CISSP, CAP, CEH
Certified Security Analyst
NASA ETADS ASCS staff
<email@hidden>
Direct phone 301-286-2451
NASA Jabber (email@hidden) AIM rcolvin13
NASA LCS (email@hidden)
********************************************************
Do not post admin requests to the list. They will be ignored. Fed-talk mailing list (email@hidden) Help/Unsubscribe/Update your Subscription: This email sent to email@hidden
References: 
 >[Fed-Talk] Two-Factor Authentication (2FA) & Apple Watch on a STIG'd iMac (From: Peterson Ed <email@hidden>)

  • Prev by Date: Re: [Fed-Talk] Two-Factor Authentication (2FA) & Apple Watch on a STIG'd iMac
  • Next by Date: Re: [Fed-Talk] [Non-DoD Source] Re: Two-Factor Authentication (2FA) & Apple Watch on a STIG'd iMac
  • Previous by thread: Re: [Fed-Talk] Two-Factor Authentication (2FA) & Apple Watch on a STIG'd iMac
  • Next by thread: Re: [Fed-Talk] [Non-DoD Source] Re: Two-Factor Authentication (2FA) & Apple Watch on a STIG'd iMac
  • Index(es):
    • Date
    • Thread