Contents
The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.
Configuring device unlock password strength
To protect access to a user's mobile device, you should set a device unlock password.
This section contains information about how to configure password protection on Android and iOS devices.
The help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.
Configuring a strong unlock password for an Android device
To keep an Android device secure, you need to configure the use of a password for which the user is prompted when the device comes out of sleep mode.
You can impose restrictions on the user's activity on the device if the unlock password is weak (for example, lock the device). You can impose restrictions using the Compliance Control component. To do this, in the scan rule settings, you must select the Unlock password is not compliant with security requirements criterion.
On certain Samsung devices running Android 7.0 or later, when the user attempts to configure unsupported methods for unlocking the device (for example, a graphical password), the device may be locked if the following conditions are met: Kaspersky Endpoint Security for Android removal protection is enabled and screen unlock password strength requirements are set. To unlock the device, you must send a special command to the device.
To configure the use of an unlock password:
- In the console tree, in the Managed devices folder, select the administration group to which the Android devices belong.
- In the workspace of the group, select the Policies tab.
- Open the policy properties window by double-clicking any column.
Complete the following steps within 15 minutes. Otherwise, you may face an error when saving changes to the policy.
- In the policy Properties window, select the Device Management section.
- If you want the app to check whether an unlock password has been set, select the Require to set screen unlock password check box in the Screen lock section.
If the application detects that no system password has been set on the device, it prompts the user to set it. The password is set according to the parameters defined by the administrator.
- Specify the following options, if required:
- Minimum number of characters
- Minimum password complexity requirements (Android 12 or earlier in device owner mode)
- Maximum password age, in days
- Number of days to notify that a password change is required (for device owner mode)
- Number of recent passwords that can't be used as a new password (all Android versions; Android 10 or later in device owner mode)
- Period of inactivity before the device screen locks, in seconds
- Period after unlocking by biometric methods before entering a password, in minutes (Android 8.0 or later in device owner mode)
- Allow biometric unlock methods (Android 9 or later; Android 10 in device owner mode)
- Allow use of fingerprints (all Android versions; Android 10 in device owner mode)
- Allow face scanning (Android 9 or later; Android 10 in device owner mode)
- Allow iris scanning (Android 9 or later; Android 10 in device owner mode)
- Allow the device to start up before prompting the password
- Unlock password
- Click the Apply button to save the changes you have made.
Mobile device settings are changed after the next device synchronization with Kaspersky Security Center.
On some HUAWEI devices, an issue message about too simple screen unlocking method appears.
To set a correct PIN code on a HUAWEI device, the user must do the following:
- In the issue message, tap the Edit button.
- Enter the current PIN code.
- In the Set new password window, tap the Change unlock method button.
- Select the Custom PIN unlock method.
- Set the new PIN code.
The PIN code must be compliant with policy requirements.
A correct PIN code is now set on the device.
Page topThe help for this version of the solution is no longer updated, so it may contain outdated information. For up-to-date information about the solution refer to the Kaspersky Secure Mobility Management 4.1 Help.
Configuring a strong unlock password for iOS MDM devices
To protect iOS MDM device data, configure the unlock password strength settings.
By default, the user can use a simple password. A simple password is a password that contains successive or repetitive characters, such as "abcd" or "2222". The user is not required to enter an alphanumeric password that includes special symbols. By default, the password validity period and the number of password entry attempts are not limited.
To configure the strength settings for an iOS MDM device unlock password:
- In the console tree, in the Managed devices folder, select the administration group to which the iOS MDM devices belong.
- In the workspace of the group, select the Policies tab.
- Open the policy properties window by double-clicking any column.
Complete the following steps within 15 minutes. Otherwise, you may face an error when saving changes to the policy.
- In the policy Properties window, select the Password section.
- In the Password settings section, select the Apply settings on device check box.
- Configure unlock password strength settings:
- To allow the user to use a simple password, select the Allow simple password check box.
- To require use of both letters and numbers in the password, select the Prompt for alphanumeric value check box.
- To require use of a password, select the Force use of password check box. If the check box is cleared, the mobile device can be used without a password.
- In the Minimum password length list, select the minimum password length in characters.
- In the Minimum number of special characters list, select the minimum number of special characters in the password (such as "$", "&", "!").
- In the Maximum password lifetime field, specify the period of time in days during which the password will stay current. When this period expires, Kaspersky Device Management for iOS prompts the user to change the password.
- In the Enable Auto-Lock in list, select the amount of time after which iOS MDM device Auto-Lock should be enabled.
- In the Password history field, specify the number of used passwords (including the current password) that Kaspersky Device Management for iOS will compare with the new password when the user changes the old password. If passwords match, the new password is rejected.
- In the Maximum time for unlock without password list, select the amount of time during which the user can unlock the iOS MDM device without entering the password.
- In the Maximum number of access attempts, select the number of access attempts that the user can make to enter the iOS MDM device unlock password.
- Click the Apply button to save the changes you have made.
As a result, once the policy is applied, Kaspersky Device Management for iOS checks the strength of the password set on the user's mobile device. If the strength of the device unlock password does not conform to the policy, the user is prompted to change the password.
Page top