top | item 33817865

(no title)

While it could be said that the user shouldn't be mixing a "home" keychain (iCloud) account on a "work" machine, perhaps their work have a BYOD policy, and/or perhaps a policy of using Keychain for work-related password storage, and since iOS doesn't allow the use of multiple user accounts even on their so-called "Pro" devices (hello, Apple? It's 2022!) maybe they don't really have a choice.

But I think that whole argument is beside the point, because the real issues as pointed out are:

- one network used on one device shouldn't necessarily mean that it's suitable for *all* the user's devices [1]

- but more importantly: syncing of Wifi network should only be a convenience; actually connecting to a synced-in Wifi network should only happen by explicit user action, and the 'auto-join' feature should never, ever sync across devices (it should only ever be a device-specific setting), defaulted to off when synced in via iCloud Keychain sync. [2]

That second point is what I also believe to be a security risk.

Yeah, sure, it's a "feature", but with what I feel is a massive security risk.

[1] https://twitter.com/MCSeb/status/1590722905876619265

[2] https://twitter.com/MCSeb/status/1590723613824806912 (though I think OP misunderstood the System Preferences settings on 'auto join')

discuss

badwolf|3 years ago

They seem to want to keep work segmented from personal. Why not just use a separate Mac user account that isn't connected to his personal icloud account?

johnny_b_g|3 years ago

Again, the whole work vs. personal networks isn't what's really relevant here - it's the auto-joining of synced in Wifi network(s) from other devices that's the real issue (see my other post(s) here for an example).