Manage security settings using TinyMDM

How to manage device security challenge settings (safe passwords)?

Passcodes ensure the protection of the files and information on a device. Their restriction should force users to choose a strong passcode and change it regularly, improving the security. Using TinyMDM, you can force users to choose a certain type of password and change it regularly, improving the safety of your fleet. If necessary, you can also modify or delete a password remotely from TinyMDM.

Setting up passwords:

Log into your console and go on to the Policies tab. Select the policy you want to modify or create a new one, and then under Device security policy, define specific settings for your passwords:

✔ password quality
✔ password minimum size
✔ password timeout
✔ the number of time before an old password can be reused to access the device or the work profile
✔ the maximum number of incorrect password entries before a factory reset

Still under this tab, you can disable the user’s ability to unlock the screen by fingerprint or face recognition authentification.

set a password security policy

Info: The first password is only for fully managed devices and enable to unlock the screen. The Work Profile only password is dedicated to devices that have a work profile and is used to securely access it, not to unlock the device itself.

Password quality

Any password, pattern or PIN

End user will be able to choose between a password, a pattern or a PIN code, compliant with the minimum size required

Only password or PIN

End user will have to choose between a password and a PIN code, compliant with the minimum size required

Only password or complex PIN

End user will have to choose between a password and a complex PIN code (no repeating or consecutive numbers), compliant with the minimum size required

Only password

End user will have to choose a password compliant with the minimum size required

Only complex password

End user will have to choose a password combining letters and numeric characters, compliant with the minimum size required

Only secure password

End user will have to choose a password combining letters, numeric and special characters, compliant with the minimum size required.

Password minimum size

No minimum size required

End user will be able to choose the password lenght (not recommended)

Minimum size:

End user will have to setup a password with a minimum lenght: 6, 8, 10, 12, 14 or 16 characters, depending on the password quality.

Password timeout

Unlimited

End user won’t have to change their password in the future (except if the password quality or lenght is updated and their password is no longer compliant with the policy)

Limited

End user will have to renew their password after: 7 days, 1 month, 3 months, 6 months or 1 year.

Number of times before reuse is possible

Number

To ensure higher security, you can set the number of times before an old password can be reused on the same device (between 1 and 50 times).

Maximum number of incorrect password entries

Illimited

The user will be able to try an unlimited number of times a wrong password and it will not impact his device

Maximum size:

The user will have 5, 10 or 15 attempts to enter the password. If he enters too many incorrect passwords, the device will be reset to the factory settings.

Changing or deleting a password:

If you set up a password policy from the policy, then you will be able to change or remove the password if necessary (in case of loss of password or device for example). To do this:

  • Go in the Devices tab and click on the menu on the device’s card
  • Then, click on Change password and enter a temporary one to unlock the device
  • Or click on Delete password if you don’t want to have one anymore. A confirmation pop-up should be ticked to confirm your deletion request. The user will then receive a pop-up on their device to change their password according to the configuration requested in the policy.
how to change or remove a password from a mdm