Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Fingerprint sensor and corporate passcode requirements

T

technopimp

macrumors 6502a
Original poster
Aug 12, 2009
645
220
The company I work for allows iDevices to be connected to our corporate Exchange environment, but to do so the passcode lock is enforced. Additionally, there is also a mandatory 60-day expiration on the passcode. I was curious how that was going to work with the new fingerprint scanner on the 5S. If I understand correctly, it can work in place of the passcode. But I wasn't sure how that would work in an Exchange environment, especially when it forces changes every 60 days. I obviously can't change my fingerprint. Does this even work? I asked our Exchange people and they didn't know, saying it likely depends on how Apple implemented it.

I'm thinking about getting a 5S, but if I can't use the fingerprint authentication in place of the passcode I'm not nearly as enticed by it. Thanks!
 
The pass code lock still exists on the phone. It's not really a replacement because based on what I'm reading, if you swipe the phone or if it can't read your print, the same old pass code screen still appears.
 
The phone will still need to have a passcode and that passcode will comply with your ActiveSync policy settings.

A soon to be released update to Exchange ActiveSync policies will allow for admins to enabledor disable biometric access which I believe would prevent fingerprint unlocking if set to disabled.
 
steveza said:
The phone will still need to have a passcode and that passcode will comply with your ActiveSync policy settings.

A soon to be released update to Exchange ActiveSync policies will allow for admins to enabledor disable biometric access which I believe would prevent fingerprint unlocking if set to disabled.
Click to expand...

Thanks...that's disappointing. Hopefully the update is released soon. Guess I don't have to worry about getting a 5S on launch day at least. :)
 
technopimp said:
Thanks...that's disappointing. Hopefully the update is released soon. Guess I don't have to worry about getting a 5S on launch day at least. :)
Click to expand...
I think you may have misunderstood what I was saying. The current version of Exchange ActiveSync policies should work fine with the 5s so you can go ahead and get one ... although I'm sure loads of people will be testing it from Friday so you could wait for the complaints on here if it doesn't work.

There will be a new version of ActiveSync policies which give admins the possibility to prevent biometric unlocking but I don't think that will be the default setting.
 
technopimp said:
The company I work for allows iDevices to be connected to our corporate Exchange environment, but to do so the passcode lock is enforced. Additionally, there is also a mandatory 60-day expiration on the passcode. I was curious how that was going to work with the new fingerprint scanner on the 5S. If I understand correctly, it can work in place of the passcode. But I wasn't sure how that would work in an Exchange environment, especially when it forces changes every 60 days. I obviously can't change my fingerprint. Does this even work? I asked our Exchange people and they didn't know, saying it likely depends on how Apple implemented it.

I'm thinking about getting a 5S, but if I can't use the fingerprint authentication in place of the passcode I'm not nearly as enticed by it. Thanks!
Click to expand...

Someone needs to grab your CIO and bonk them over the head.

Haven't people realized by now that forcing frequent password changes REDUCES security, rather than increases it? Users are more likely to write the password down or use an easy to remember (weak) password. It also increases support costs as users will forget their passwords more often and constantly be calling into the help desk to get it reset.

Ugh. I hate these policies. I know it's not your fault, just had to rant because whenever I see it I feel like punching people.
 
steveza said:
I think you may have misunderstood what I was saying. The current version of Exchange ActiveSync policies should work fine with the 5s so you can go ahead and get one ... although I'm sure loads of people will be testing it from Friday so you could wait for the complaints on here if it doesn't work.

There will be a new version of ActiveSync policies which give admins the possibility to prevent biometric unlocking but I don't think that will be the default setting.
Click to expand...

I guess maybe I still do-I thought you were implying that if it requires a passcode, it still will, and I won't be able to use the fingerprint scan in lieu of the passcode. If I set it up to authenticate with my fingerprint and I STILL had to ALSO enter a passcode, that would be even worse!

Someone needs to grab your CIO and bonk them over the head.

Haven't people realized by now that forcing frequent password changes REDUCES security, rather than increases it? Users are more likely to write the password down or use an easy to remember (weak) password. It also increases support costs as users will forget their passwords more often and constantly be calling into the help desk to get it reset.

Ugh. I hate these policies. I know it's not your fault, just had to rant because whenever I see it I feel like punching people.
Click to expand...
Fair enough, however I Have no control over our Exchange environment, and you'll also find very few corporations who require infrequent changes.
 
technopimp said:
I guess maybe I still do-I thought you were implying that if it requires a passcode, it still will, and I won't be able to use the fingerprint scan in lieu of the passcode. If I set it up to authenticate with my fingerprint and I STILL had to ALSO enter a passcode, that would be even worse!
Click to expand...
You will have a passcode enabled which will need to be entered when you boot the phone or if you haven't fingerprint unlocked it for 48 hours. You would be OK with just a fingerprint otherwise.
 
steveza said:
You will have a passcode enabled which will need to be entered when you boot the phone or if you haven't fingerprint unlocked it for 48 hours. You would be OK with just a fingerprint otherwise.
Click to expand...

Gotcha, thanks for the clarification.
 
steveza said:
I think you may have misunderstood what I was saying. The current version of Exchange ActiveSync policies should work fine with the 5s so you can go ahead and get one ... although I'm sure loads of people will be testing it from Friday so you could wait for the complaints on here if it doesn't work.
Click to expand...

So... anyone try this yet?
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back