Category filter

Password policy for Android devices

A password policy enforces mandated password rules for the users to set passwords on their devices. Hexnode’s UEM solution offers a wide range of parameters to configure a password policy for Android devices. Thus, by enforcing a strong password policy, administrators can ensure that their users abide by the enforced password rules and generate stronger passwords on their devices. Organizations can make sure that any devices that fail to meet the applied password policy requirements will be marked as non-compliant on the UEM console.

Notes:

  • For devices enrolled in the Android Enterprise program as Profile Owner, a secondary password requirement (Work Profile Password) can also be set up to access the corporate applications within the work profile.

Configure password policy for Android devices via UEM

To set up a password policy,

  1. Log in to your Hexnode portal.
  2. Go to Policies.
  3. Select an existing policy or create a new one by clicking New Policy.
  4. From Android > Password > select Device Password and click Configure.
Note:


On devices running Android 10 and above, only the options ‘Failed attempts’ and ‘Auto-lock after-’ will work on non-Android Enterprise devices.

You’ll have the following options to be configured.

Android device password policy

Policy Description
Minimum password complexity Select the minimum password complexity level for devices running Android 12 and above.
It can take Low, Medium, or High levels.
  • Low: The user can choose to set one of the following:
    • Pattern: A simple pattern-based lock connecting a minimum of 4 dots.
    • PIN: A PIN with a minimum length of ‘4’. The PIN can include a repetition of any number(s) like ‘3333’ or consecutive numbers like ‘2345’.
    • Password: A simple password with a minimum length of ‘4’. It can contain alphabets, numbers and special characters. The maximum password length is ’16’.
  • Medium: The user can choose to set one of the following:
    • PIN: A PIN with a minimum length of ‘4’, provided it does not include:
      • more than 3 repetitions of the same number.
      • a combination of 3 consecutive numbers.
    • Password: A password with a minimum length of provided it does not include:
      • more than 3 repetitions of the same alphabet, number or a special character.
      • a combination of 3 consecutive alphabets, or numbers.
  • High: The user can choose to set one of the following:
    • PIN: A PIN with a minimum length of ‘8’, provided that it does not include:
      • more than 3 repetitions of the same number.
      • a combination of 3 consecutive numbers.
    • Password: A password with a minimum length of ‘8’, provided that it does not include:
      • more than 3 repetitions of the same alphabet, number or a special character.
      • a combination of 3 consecutive alphabets, or numbers.
Customize password complexity Select the minimum password complexity level for devices running Android 7.0 through Android 11.0.
  • Password Complexity: Select the type of characters that the user needs to use in a password. The options available are: Simple Value, Numbers, Alphabets, Alphanumeric and Complex Value.
  • Minimum Passcode Length (not applicable if Simple Value password is selected): The minimum length of the password that the user must set. You can choose a length from 4 to 16.
  • Minimum Letter Length (applicable only if a password with Complex Value is required to be entered by the user): The minimum number of letters that should be included in a password. You can choose a length of 1, 2, 3, 4 or 5.
  • Minimum Uppercase Letters (applicable only if a password with Complex Value is required to be entered by the user): The minimum number of uppercase letters that should be included in a password. You can choose a length of 1, 2, 3, 4 or 5.
  • Minimum Lowercase Letters (applicable only if a password with Complex Value is required to be entered by the user): The minimum number of lowercase letters that should be included in a password. You can choose a length of 1, 2, 3, 4 or 5.
  • Minimum non-Alphabetic Characters (applicable only if a password with Complex Value is required to be entered by the user): The minimum number of characters, other than alphabets, that should be included in a password. You can choose a length of 1, 2, 3, 4 or 5.
  • Minimum Numeric Letters (applicable only if a password with Complex Value is required to be entered by the user): The minimum number of numeric letters that should be included in a password. You can choose a length of 1, 2, 3, 4 or 5.
  • Minimum Symbols (applicable only if a password with Complex Value is required to be entered by the user): The minimum number of special characters that should be included in a password. You can choose a length of 1, 2, 3, 4 or 5.
Password age (in days) The number of days after which the password will expire. The available values are 10, 20, 50, 70, 120, 250, 360, 470, 600, 720. The users need to renew the password before the specified password age. Upon password expiry, the users would have to add a new password.
Auto-lock after Set the amount of idle time before the device is locked automatically. The available values are never, 1 minute, 2 minutes, 3 minutes, 4 minutes, 5 minutes, 10 minutes, 15 minutes. By default, the auto-lock option will be disabled.
Password History (1-50 passcodes) Blocks the users from re-using the password for the specific number of times. You can choose a value in the range 1 and 50. Password history is turned off by default. For instance, the password history is set as 5 and the current password is, say Abcd123!. If the user changes this password, they cannot use this password for the next 5 times.
Failed attempts Hexnode UEM will reset the device to factory settings if the user enters an incorrect password more than the specified number of attempts. The number of attempts can be 4, 5, 6, 7, 8, 9 or 10.

Associate policies with devices

If the policy has not yet been saved,

  1. Navigate to Policy Targets.
  2. Click on +Add Devices.
  3. Select the devices and click OK.
  4. Click on Save to apply the policies to devices.

Apart from devices, you can also associate the policies with device groups, users, user groups, or domains from Policy Targets.

If the policy has been saved, you can associate it with another method.

  1. From Policies, check the policies to be associated.
  2. Click on Manage > Associate Targets and select the device.
  3. Click on Associate to apply the policy to the devices.

What happens at the device end?

Once the password policy is associated with the device, Hexnode notifies the user if the device has no password or if the set device password is not compliant with the organization’s rules. Clicking on “CONTINUE” will take the user to the page to set up the device password. If the user chooses the option, “ASK LATER,” the prompt will disappear momentarily and reappear after some time.

Prompt message on Android devices after applying password policy.

  • Managing Android Devices