Skocz do:nawigacja, szukaj
Wiki

Android configuration passcode

Z Securepoint Wiki





























In dieser Seite werden die Variablen für unterschiedliche Sprachen definiert.
Diese Seite wird auf folgenden Seiten eingebunden


























































Android profile configuration in the Passcode menu item

Last adaptation to the version: 2.9(09.2025)

New:
  • Order of attributes and descriptions adjusted

notemptyThis article refers to a Beta version

-
Access: portal.securepoint.cloud  Mobile Security Android Profile  Tab Passcode


Passcode

Passcode
Caption Value Description
Password policies
Password policies  Add policy Password policies can be used for work profiles and fully managed devices.
Scope The scope to which the password requirement applies. This setting defines whether the password requirements apply to the entire device or only to specific profiles (e.g. work profile). This helps to apply the security guidelines in a differentiated manner, depending on the needs of the organisation or the user.
Device The policy applies only to fully managed devices
Work Profile The policy only applies to work profiles
Both The policy applies to fully managed devices as well as devices with a work profile.
Passcode quality Complex
  • This option defines the passcode requirements
  • A distinction is made between quality-based and complexity-based password policies
  • Complexity-based password policies apply starting from Android 12 and can only be configured in combination with a quality-based password policy
    If a complexity-based passcode quality is selected first, a second password policy with a quality-based passcode quality of Simple is automatically created.
  • Examples of passcode quality combinations (both allowed and disallowed) for device and work profiles are listed here. notemptyThe profile cannot be saved or is invalid if
    → complexity-based password policy does not have a quality-based password policy
    → a complexity- and quality-based password policy in the Work Profile scope also has a quality-based password policy in the Device scope.
Alphabetic The password must consist only of alphabetical characters (or symbols).
Alphanumeric The password must consist of both digits and alphabetical characters (or symbols).
Biometric The device must be secured with at least low security biometric detection technology. This includes technologies that can recognize the identity of a person corresponding to a three-digit PIN (misidentification is less than 1 in 1,000).
Simple A password is required, but there are no restrictions on what the password must contain.
Complex The password must contain at least a letter, a number and a special symbol. Other password restrictions, such as passwordMinimumLetters, are enforced.
Not specified There are no password requirements.
Numeric The password may only consist of digits.
Numeric (complex) The password may only consist of digits that do not contain repetitive (4444) or ordered (1234, 4321, 2468) sequences.
Low complexity Allows simple patterns or PINs with repeated or sequential digits (e.g., 4444, 1234).
Medium complexity Requires PINs without simple patterns, or alphabetic/alphanumeric passwords with at least 4 characters.
High complexity Requires secure PINs (minimum 8 characters) or alphabetic/alphanumeric passwords with at least 6 characters.
notemptyNew as of: 2.9
Expiration timeout 0 The duration in days until the password must be changed. This setting forces the user to change the password regularly to increase security and reduce the risk of a compromised password being used over a longer period of time.
Minimum length 0 The minimum allowed password length. A value of 0 means there is no restriction.
Only enforced when Passcode quality is Numeric, Numeric (Complex), Alphabetic, Alphanumeric, or Complex.
Minimum letters 0 Minimum number of letters in the password
Forced only if the Password quality is Complex.
Minimum lowercase letters 0 Minimum number of lowercase letters required in the password
Forced only if the Password quality is Complex.
Minimum uppercase letters 0 Minimum number of capital letters in the password
Forced only if the Password quality is Complex.
Minimum non letter characters 0 Minimum number of non-letters (numeric digits or symbols) required in the password.
Forced only if the Password quality is Complex.
Minimum numeric characters 0 Minimum number of digits in the password
Forced only if the Password quality is Complex.
Minimum symbols 0 Minimum number of symbols in the password
Forced only if the Password quality is Complex.
Password history length 0 The length of the password history. After setting this field, the user won't be able to enter a new password that is the same as any password in the history. A value of 0 means there is no restriction.
Maximum failed attempts 10 The number of permitted input attempts before all data on the device is deleted. A value of 0 means that there is no restriction. This security measure protects sensitive data.
notemptyIf this number is reached, the device is automatically reset to factory settings.
Password unlock required The amount of time after a device or work profile is unlocked using a strong form of authentication (password, PIN, pattern) that can be unlocked using another authentication method (e.g., fingerprint, trusted agent, face). After the specified period, only strong authentication forms can be used to unlock the device or work profile.
Not specified Not specified. By default, the device-timeout is used.
Device-timeout The timeout is set to the default setting of the device.
Daily The timeout is 24 hours.
Passcode combinations
notemptyNew as of: 2.9 Generally, almost any combination of quality-based and complexity-based passcode qualities can be used (depending on the scope), as long as a quality-based passcode is also present for complexity-based passcodes.


However, it must be distinguished whether the Android device is fully managed or a personal device with a work profile.
The following table provides an overview of example combinations of password policies.

Device scope Work profile scope Example passcode quality configuration
Passcode quality: Complexity & Quality Passcode quality: Complexity & Quality Device: High complexity & Simple
Work profile: Low complexity & Complex
Passcode quality: Complexity & Quality Passcode quality: Quality Device: High complexity & Simple
Work profile: Alphabetic
Passcode quality: Complexity & Quality Passcode quality: Not present Device: High complexity & Simple
Passcode quality: Quality Passcode quality: Quality Device: Numeric
Work profile: Alphabetic
Passcode quality: Quality Passcode quality: Not present Device: Numeric
Passcode quality: Not present Passcode quality: Complexity & Quality Work profile: High complexity
Passcode quality: Not present Passcode quality: Quality Work profile: Alphabetic
Passcode quality: Not present Passcode quality: Not present Not present
The following combinations are not allowed
Device scope Work profile scope Possible solution
Passcode quality: Complexity Passcode quality: Complexity A password policy with Quality-Based passcode quality must be created for each scope
Passcode quality: Complexity Passcode quality: Not present A password policy with "Quality-Based" passcode quality must be created
Passcode quality: Not present Passcode quality: Complexity A password policy with "Quality-Based" passcode quality must be created
Passcode quality: Quality Passcode quality: Complexity & Quality Work profile password policies must not be combined exclusively with quality-based password policies for device profiles.


A password policy with Complexity-Based passcode quality must be created for the device profile

Passcode quality: Quality Passcode quality: Complexity A password policy with Complexity-Based passcode quality must be created for the device profile, and one with Quality-Based passcode quality must be created for the work profile
Źródło: „https://wiki.securepoint.de/index.php?title=MS/deployment/profile/android/passcode&oldid=98558