Mobile passcode policy

Overview

Passcodes act as a first line of defense for devices in enterprises; they ensure the security and confidentiality of data contained within devices by restricting unauthorized access beyond the lock screen. For organizations, it is highly recommended to adhere to a complex passcode policy since simple and common passcodes enable intruders to gain access to sensitive enterprise data effortlessly. Simpler the passcode, higher is the possibility of a brute force attack. However, strong and fail-safe passcodes incorporate several parameters, including length, casing, special characters, and much more.

Passcodes have transformed from simple digits to patterns, complex alphanumeric values; biometric passcodes like fingerprint, face, and Iris scanners. Configuring these depends on the security guidelines set by your organization.

Taking various industry verticals into consideration, Mobile Device Manager Plus offers a comprehensive set of MDM passcode policy covering multiple real-time use cases.

What we'll cover:

How does Mobile Device Manager Plus help in passcode management?

With Mobile Device Manager Plus, you can create and configure passcode policies that comply with the security standards set by your organization; specific to the operating system which your device is running. This includes Android, iOS, Windows, as well as iPadOS devices. However, the parameters differ for devices based on the operating system they are running. MDM facilitates this with its unified console approach; a single console to configure MDM passcode policy irrespective of the device type.

Mobile Device Manager Plus' supported passcode policy parameters

Here are a few passcode parameters supported by MDM for enhanced passcode management in organizations

Android devices

  • Smart Lock on Android devices ensures users can bypass the passcode prompt on the lock screen by enabling certain trust agents such as On-body detection, Trusted places/devices/voice. MDM lets you restrict users from configuring Smart Lock in order to prevent unauthorised access to sensitive business data and enhance data security. You can configure this in your policy, based on your organization's guidelines for passcode management.
  • You can configure a passcode policy for the device as a whole - in case of corporate owned devices, or just the corporate container - in case of personal devices in BYOD environments.
  • It is common that notifications can be seen on the device's lock screen, even without providing the passcode. To ensure the security and confidentiality of sensitive business data, MDM lets you set your notification preferences; to show all notification content, to hide sensitive content, or to completely hide notifications on the lock screen. This ensures notifications can be viewed only beyond the lock screen.
  • MDM lets you configure a default passcode on managed devices, right from the console. This is beneficial in organisations where shared devices are used by employees. In addition to this, you can configure your passcode requirements, or choose to not have one at all, if you organization's passcode management guidelines demand so.

iOS/iPadOS devices

  • For point-of-sale devices (POS), and single purpose iOS/iPadOS devices provisioned in Kiosk, it gets complicated when users have to enter the passcode every time in order to use them. This is where MDM helps with the capability of disabling Auto-lock, while ensuring the passcode policy is applicable when the devices are manually locked.
  • In case of unattended iOS/iPadOS devices, you can also choose to clear existing passcodes, thereby ensuring passcode settings are inaccessible by the users henceforth.
  • Additionally, you can restrict users from changing the passcode which is already set on their devices.
  • Suppose an unauthorized user is trying to brute force a locked iOS/iPadOS device, you can configure the number of incorrect attempts, beyond which the device will be completely wiped.

Windows devices

  • MDM lets you configure both the passcode and the PIN, and subsequently define the complexity. 
  • For organizations with stringent security guidelines, Insecure PINs which include Simple PINs and Picture unlock can be restricted as well.
  • If your organization requires users to change their passcodes frequently for added security, you can configure the Maximum passcode age by specifying the number of days for it to expire. 
  • Similarly, if you find users changing passcodes too frequently in order to override the number of passcodes stored in history (ensures users can set the same passcodes time and again), you can configure the Minimum passcode age as well.

To learn more about MDM passcode policy and the parameters which MDM supports, refer the following documents.