Device Password Policy for Android Devices

A strong password protects the devices against unauthorized or unattended access and acts as a first line of defense in case of device theft. Scalefusion lets the administrators enforce the password policies remotely, thereby making sure that the users are forced to apply a password.

In this document, we will see how to create and apply a password policy for Android Devices.

Creating a Password Policy

1. Sign In to Scalefusion Dashboard and navigate to Device Profiles & Policies > Passcode Policy. To enforce a password policy for Android devices, click on the Android tab. 
2. To start configuring the password policy, enable Require Password
3. Once the Require Password is enabled, you can configure the Password Type policy. The options available are,
   1. Basic Settings
      1. Select Password Complexity: Select the password complexity between Basic, Low, Medium, High. The password complexity is applicable on Android OS 12 or above. 
      2. Select Password type: Choose between Numeric, Alphabetic, Alpha-numeric, Unspecified, Something, or Weak Biometric password.
      3. Minimum Password length: Provide a minimum length of the password. Password length is populated on the basis of password complexity and password type you have selected.
         
         Important Note:
         Password Type and Minimum password length can be applied on devices below Android OS 12. However, they are populated based on the complexity type you select. Here is a summary:
         
         

         Select Password Complexity	Description	Password Type	Minimum Password Length
         Basic		Unspecified	NA
         Low	The Password set can be repeating sequence [3333] or ordered sequence [1234, 4321, 2468]	Numeric Something Weak Biometric	4 (when Password Type is numeric)
         Medium	The Password set cannot be in repeating sequence [3333] or ordered sequence [1234, 4321, 2468]	Numeric Alphabetic Alphanumeric	If Select Password type is Numeric, then 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 If Select Password type is Alphabetic or Alpha Numeric, then 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16
         High	The Password set cannot be in repeating sequence [3333] or ordered sequence [1234, 4321, 2468]	Numeric Alphabetic Alphanumeric	If Select Password type is Numeric, then 8, 9, 10, 11, 12, 13, 14, 15, 16    If Select Password type is Alphabetic or Alpha Numeric, then 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16

         
         

   2. Legacy Settings
      
      Legacy Settings are applicable on devices below Android OS 12
      1. Enforce Complex Password: Enable this option if you want to enforce a complex password. Simply enabling this enforces the user not to have an ascending or a descending order of numbers or characters like, for ex: 1111 OR abcd1
         1. If the password type is selected as Alphanumeric and a complex password is enforced, then additional complexity parameters can be specified as given below:

            Setting	Description
            Minimum number of symbols	Enforces a minimum number of symbols in the password.
            Minimum number of lower-case characters	Enforces a minimum number of lowercase characters in the password.
            Minimum number of alphabets	Enforces a minimum number of alphabets in the password.
            Minimum number of upper-case characters	Enforces a minimum number of upper-case characters in the password.
            Minimum number of digits	Enforces a minimum number of digits in the password.

   3. Password Management Settings
      
      Password Management Settings are applicable on all Android devices
      The options are,
      1. Password Expiry Period: Select how often the user is forced to change the password.
      2. Maximum Password History List: Select the number of historical passwords that the user cannot use while setting a new password.
      3. Maximum Failed Attempts to Factory Reset: Select after how many failed attempts the device should be factory reset.
      4. Set Idle Time for Auto lock: Choose an idle time after which the device should auto-lock.
4. Click Save Policy to save the password policy.

Applying a Password Policy

1. To enforce the password policy on the devices, click Apply to Device

   

2. In the Apply Passcode Policy dialog box, select Device Profiles or Devices to apply the password.
3. Click SUBMIT.
4. Once the password policy is applied, the devices will be shown a prompt to apply a password as per the new policy.
   1. For corporate devices, a dialog is displayed to the user until they set a compliant password.
   2. For personal devices, the work applications are disabled, and users are prompted to enter a password. The work applications are re-enabled once the user sets a compliant password.

Removing a Password Policy

1. To remove a password policy, click on the bin icon
   
2. In the Remove Passcode Policy dialog, select the device profiles or the devices from which you want to remove the policy.
3. Once the Policy is removed, the Scalefusion client on the device will make a best-case attempt to remove the password and also will make sure not to enforce a password on the device.
   Resetting the password does not work on Android 7.0 devices.
   If you want to reset the password on one device, then navigate to the Devices section, click on the Device and from the Settings option, select the Reset Password option. Note that the client will make a best-case attempt, and the password may not be reset.

If you still face any issues, please contact support@scalefusion.com or send your feedback on this article itself.

Frequently Asked Questions

Question: We have set a password policy, but the policy is not enforced.

Answer: If the user already has set a stronger password than the enforced one, then they will not be prompted to change the password.

Question: Why are the users asked to confirm the password again after setting it?

Answer: Starting Android 8.0 devices, for Scalefusion to reset passwords, it needs to activate a token that gives the client the capability to reset the password. If this token is not activated, then the password cannot be reset by Scalefusion, and the only way to activate it is by confirming it once again.

Question: Why does the Reset Password/Remove Password Policy option remove the password from the device?

Answer: This might be due to various reasons. It might be the case that the device is 8.0 and above and the reset password token was not activated, OR there is another Device Admin (like an email application) that has enforced a stronger password.