Apple

Is anyone using https://macid.co at home? Love it.

Joel Peterson

From: <fed-talk-bounces+joel=email@hidden> on behalf of Ron Colvin <email@hidden>
Reply-To: "email@hidden" <email@hidden>
Date: Friday, September 30, 2016 at 11:31 AM
To: "Walls, Bryan K. (MSFC-EO50)" <email@hidden>
Cc: "email@hidden" <email@hidden>
Subject: Re: [Fed-Talk] Two-Factor Authentication (2FA) & Apple Watch on a STIG'd iMac

The Macworld article below states that you must have a passcode set on the Apple watch in order to unlock the 10.12 screen. Has anyone tested that, or can point to official Apple documentation? It certainly limits the risk if it only works for a user that has to have the watch still on from last unlock of the watch.

On 9/27/16 5:35 PM, Walls, Bryan K. (MSFC-EO50) wrote:

I’d actually like it if I could just get my Macs to lock when the watch goes out of range. That shouldn’t be undue burden for a personal token...
Walls, Bryan K. (MSFC-EO50)

email@hidden
On Sep 27, 2016, at 4:14 PM, Ron Colvin <email@hidden> wrote:
On a policy note I'm not sure it should be allowed unless there is someway to register the watch as a token for each user that has one in an organizational directory. A personally owned and managed device is allowed to unlock the screen of an organizationally managed one? Now if you can get a PIV derived cert on the watch you'd have something. :-)

I do however have nothing to do with DOD policy so you're safe from me. There is a planned control for the CIS Benchmark that outlines what organizations should consider in this use case.

On 9/27/16 3:46 PM, Peterson Ed wrote:
Has anyone tried to make the auto-unlock/login work on a STIG’d Mac? I went through the process a few times always stopping at a message that stated I needed to complete the iCloud setup. After searching a few websites on 2FA, I found out to make the Apple Watch available to unlock you computer you needed WiFi enabled as well as bluetooth.

http://www.macworld.com/article/3123791/os-x/unlocking-a-mac-with-an-apple-watch-requires-two-factor-not-two-step-icloud-protectionwhat.html

It makes sense bluetooth should be there, but it’s beyond me why this entire process requires WiFi when a STIG’d system almost always disables WiFi at the lower level.

I have all the ingredients to make it work if it didn’t require WiFi. Does anyone know why WiFi needs to be in the mix?

V/R,

Ed

Ed Peterson

MUOS ISEA, NMF SME Hawaii

SPAWAR Systems Center Pacific

Code 55240

53560 Hull St, San Diego, CA 92152-5001

Office/Mobile: (619) 438-0049

NIPR: email@hidden

SIPR NMCI: email@hidden
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
 
This email sent to email@hidden
-- 
 
 
********************************************************
Ron Colvin CISSP, CAP, CEH
Certified Security Analyst
NASA ETADS ASCS staff
<email@hidden>
Direct phone 301-286-2451
NASA Jabber (email@hidden) AIM rcolvin13
NASA LCS (email@hidden)
********************************************************
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

--

********************************************************

Ron Colvin CISSP, CAP, CEH

Certified Security Analyst

NASA ETADS ASCS staff

<email@hidden>

Direct phone 301-286-2451

NASA Jabber (email@hidden) AIM rcolvin13

NASA LCS (email@hidden)

********************************************************