Hi everyone,
We’ve enforced a passcode policy on our macOS devices with a minimum password length of 12 characters. But I’m seeing a few devices with 8-character passwords still marked as compliant in the portal. Does anyone know how this is possible? Is the system checking all user accounts or only specific ones?
25 Views
Hey @emersyn ,
We had the same issue last quarter. After a bit of digging, we learned that’s how apple’s feature works.
Jumping in here, @pauel ‘s right. We have raised a support ticket case open for something similar. The way it was explained to us, unless you enable the “Change password at next login” setting in the Hexnode policy. macOS won’t trigger a password reset or re-auth check, so it just assumes the device is compliant.
Basically, without that setting, there’s no event that forces the password to be checked against your policy.
That’s super helpful. So, the system doesn’t really check the password unless a change happens; it makes sense now. Just curious, if I enable that option, does it force the change immediately, or does it wait for the user’s next login?
@emersyn It’ll prompt the user at their next login. So, if someone’s already logged in and hasn’t restarted or signed out, the change won’t happen until the next session. But once it does, the system can validate that the new password follows the policy and mark the device as complaint or non-complaint if it’s not following.
I appreciate the help!
Don't have an account? Sign up
