Password
In this section you can choose to activate the screen locking with password feature available in the mobile devices OS.
If this feature has been enabled, an on-screen notification prompts the user to define a lock screen password. The user must enter a password that complies with the password criteria defined in the policy.
Once the password has been set by the user, all notifications regarding this issue are cleared. A message prompting to enter the password is displayed at each attempt to unlock the screen.
Note
If the user does not set a password when prompted, the device can be used without a lock screen password up to 24 hours after the first notification. During this time, a message asking the user to enter a lock screen password is prompted every 15 minutes on the screen.
Warning
If the user does not set a password within 24 hours after the first notification, the mobile device becomes non-compliant and the selected action for non-compliant devices will be applied.
To configure the lock screen password settings:
Select the Screen locking with password check box.
Click the password security level that best suits your needs (Aggressive, Normal or Permissive). Use the description on the right side of the scale to guide your choice.
For advanced configuration, select the Custom protection level and then click the Settings link.
Note
To view the password configuration requirements of a predefined security level, select that level and click the Settings link. If you modify any option, the password security level will automatically change to Custom.
Custom options
Type
You can require the password to be Simple or Complex. Password complexity criteria are defined within the mobile device OS.
On Android devices, complex passwords must contain at least one letter, one digit and one special character.
Note
Complex passwords are supported on Android 3.0 or later.
On iOS devices, complex passwords do not allow sequential or repeated characters (such as abcdef, 12345 or aaaaa, 11111).
Depending on the selected option, when the user sets the lock screen password, the operating system checks and prompts the user if the required criteria are not met.
Require alphanumeric value
Require the password to contain both letters and numbers.
Minimum length
Require the password to contain a minimum number of characters, which you specify in the corresponding field.
Minimum number of complex characters
Require the password to contain a minimum number of non-alphanumerical characters (such as @, # or $), which you specify in the corresponding field.
Expiration period (months)
Force the user to change the lock screen password at a specified interval (in months).
For example, if you enter 3, the user will be prompted to change the lock screen password every three months.
Note
On Android, this feature is supported in version 3.0 or later.
History restriction (previous passwords)
Select or enter a value in the corresponding field to specify the number of last passwords that cannot be reused.
For example, if you enter 4, the user cannot reuse a password that matches one of the last four used passwords.
Note
On Android, this feature is supported in version 3.0 or later.
Maximum number of failed attempts
Specify how many times the user is allowed to enter an incorrect password.
Note
On iOS devices, when this number is greater than 6: after six failed attempts, a time delay is imposed before the user can enter the password again.
The time delay increases with each failed attempt.
Warning
If the user exceeds the maximum number of failed attempts to unlock the screen, the device will be wiped (all data and settings will be erased).
Auto-lock after (min)
Set the period of inactivity (in minutes) after which the device is automatically locked.
Note
The iOS devices have a predefined list for auto-lock time and do not allow custom values. When assigning a policy with an incompatible auto-lock value, the device enforces the next more restrictive time period available in the list. For example, if the policy has auto-lock set at three minutes, the device will automatically lock after two minutes of inactivity.
When you modify the policy, if you choose a higher security level for the lock screen password, users will be prompted to change the password according to the new criteria.
If you clear the Screen locking with password option, users will regain full access to the lock screen settings on their mobile device.
The existing password remains active until the user decides to change or remove it.