Device Password Policy for Android Devices

A strong password protects the devices against unauthorized or unattended access and acts as a first line of defence in case of device theft. MobiLock lets the administrators enforce the password policies remotely thereby making sure that the users are forced to apply a password.

In this document we will see how to create and apply a password policy for Android Devices.

Creating a Password Policy

  1. Sign In to MobiLock Dashboard and navigate to Enterprise > Passcode Policy. To enforce a password policy for Android devices, click on Android & iOS tab. 
  2. To start configuring the password policy, enable Require Passcode
  3. Once the Require Passcode is enabled, you can configure the Password Type policy. The options available are,
    1. Select Passcode type: Choose between numeric or alpha-numeric passcode.
    2. Minimum Passcode length: Provide a minimum length of the password. Note that although 4 is an allowed option, on some devices the minimum accepted value is 6 and in these cases it will default to 6.
    3. Enforce Complex Passcode: Enable this option if you want to enforce a complex passcode. Simply enabling this enforces the user not to have a ascending or a descending order of numbers or characters like for ex: 1111 OR abcd1
    4. If the password type is selected as Alphanumeric and complex password is enforced, then additional complexity parameters can be specified as given below,

      Setting

      Description

      Minimum number of symbols

      Enforces a minimum number of symbols in the password.

      Minimum number of lower-case characters

      Enforces a minimum number of lower case characters in the password.

      Minimum number of alphabets

      Enforces a minimum number of alphabets in the password.

      Minimum number of upper-case characters

      Enforces a minimum number of upper-case characters in the password.

      Minimum number of digits

      Enforces a minimum number of digits in the password.

  4. The next step is to configure Password Management settings. The options are,
    1. Password Expiry Period: Select how often the user is forced to change the password.
    2. Maximum Password History List: Select the number of historical passwords that the user cannot use while setting a new password.
    3. Maximum Failed Attempts to Factory Reset: Select after how many failed attempts the device should be factory reset.
    4. Set Idle Time for Auto lock: Choose an idle time after which the device should auto-lock.
  5. Click SAVE to save the password policy.

Applying a Password Policy

  1. To enforce the password policy on the devices, click APPLY and in the Apply Passcode Policy dialog box select Device Profiles or Devices to apply the passcode.
  2. Click SUBMIT.
  3. Once the password policy is applied, the devices will be shown a prompt to apply a password as per the new policy.
    1. For corporate devices, a dialog is displayed to the user until they set a compliant password.
    2. For personal devices, the work applications are disabled and user are prompted to enter a password. The work applications are re-enabled once the user sets a compliant password.
Additionally on Android 8.0 devices and higher, the users/devices will be asked to confirm the newly set password again. This is so as to give MobiLock the capability to reset the password.

Removing a Password Policy   

  1. To remove a password policy, click on the REMOVE button and in the Remove Passcode Policy dialog, select the device profiles or the devices where you would want to remove the policy.
  2. Once the Policy is removed, MobiLock client on the device will make a best-case attempt to remove the password and also will make sure not to enforce a password on device.
Resetting the password does not work on Android 7.0 devices.
If you want to just reset the password on one device, then navigate to Devices section, click on the Device and from the Settings option select Reset Password option. Note that client will make a best case attempt and the password may not be reset.

Frequently Asked Questions

Question: We have set a password policy but the policy is not enforced?

Answer: If the user already has set a stronger password than the enforced one, then they will not be prompted to change the password.

Question: Why are the user's asked to confirm the password again after setting it?

Answer: Starting Android 8.0 devices, for MobiLock to reset passwords, it needs to activate a token that gives the client the capability to reset the password. If this token is not activated then the password cannot be reset by MobiLock and the only way to activate it is by confirming it once again.

Question: Why does the Reset Password/Remove Password Policy option, remove the password from device?

Answer: This might be due to various reasons. It might be the case that of the device is 8.0 and above and the reset password token was not activated OR there is another Device Admin (like an email application) which has enforced a stronger password.


How did we do?