Administrative Passwords Policy

jlombardo
Contributor

Hello,

We currently have all Mac users as admins, but that will be changing in the future.  We use local accounts for our administration and user accounts.  I wanted to reach out to the community to see if they have any tips in terms of how they manage administrative account passwords. 

Cycling admin passwords

FV permissions with IT admin account

I have noticed that we run into some issues with the password policy that it will sometimes cause the IT admin password to be invalid also.  This is a huge concern as most of my company works remotely.  Has anyone else experienced this?

1 REPLY 1

talkingmoose
Moderator
Moderator

Very specifically for the FileVault account: Don’t enable FileVault for shared IT admin accounts that are the same across devices. The purpose of encrypting a disk is to protect the data at rest. If the credentials of that shared IT admin account are exposed, all your Macs are exposed.

As the administrator, you have the Recovery Key in your possession. Use that if you have physical access to the Mac. If you only have remote access, then enabling FileVault for the admin account serves no purpose.