Posted on 04-14-2015 09:05 AM
We are using the
pwpolicy binary to set the password complexity requirements of managed Macs. Unfortunately, there's a big loophole in this policy in Yosemite. Using an iCloud password instead of a standard local account password exempts you from
There's little we can do about preventing people from using iCloud password, but we can report on which people are using iCloud password to log in using this extension attribute:
- Starts with "True" if iCloud password is in use.
- Starts with "False" if iCloud password is not in use, or OS is 10.9 or earlier.
- Starts with "Unknown" if we can't tell (e.g. nobody is logged in).