Macs in the enterprise are prone to careless administrative account maintenance and passwords are being shared further than they should be, according to Centrify.
According to the company, it is common for organisations to put administrative passwords on Macs and use the same password across all of them. For users who need to install apps, suddenly that password is shared and anyone can gain access.
According to the company, providing local administration rights means that anyone - whether current users, ex-employees, or attackers - have privileged status on Macs.
"This increases your attack surface and makes endpoints an effective target for malware and rogue applications," the company says in a statement.
As a result, the company has tightened up its admin security in the latest update to its Centrify Identity Platform.
The company is targeting administrators who wish to manage local password management for Macs, as well as application management and software distribution. To do this, the company has utilised turnkey integration using the Munki open source solution.
According Centrify's senior director of APAC sales, the latest updates control shared account password management from servers, network devices, Windows and Linux endpoints to Mac.
"At the same time, they simplify Mac application management with Munki support that enables users to install applications without knowing the admin password,” he adds.
Centrify says the local administrator password management works by generating a unique administrator password for each Mac, whether remote machines or those on the corporate network. The admin password is able to be subject to rotation.