How to manage passwords using TinyMDM?
Passwords ensure the protection of data that are visible on a device. By using TinyMDM, you can force users to choose a certain type of password and change it regularly, improving the safety of your fleet. If necessary, you can also modify or delete a password remotely from TinyMDM.
A. Setting up a password
To setup a password on the devices, you need to log in to your TinyMDM account:
- Go on the Policies tab
- Select the policy you want to modify (or create a new one)
- Under Device policy sub-tab, define specific settings for your passwords:
- password quality
- password minimum size
- password timeout
- the number of time before an old password can be reused to access the device or the work profile
- the maximum number of incorrect password entries before a factory reset
You can also disable the user’s ability to unlock the screen by fingerprint or face recognition authentification.
The first part of the sub tab applies to fully managed devices: it enables to unlock the screen of the device. The second part of the sub tab (Work Profile only) is dedicated to devices that are in work profile: it enables to unlock the work profile but not to unlock the device itself.
Password quality
Any password, pattern or PIN
End user will be able to choose between a password, a pattern or a PIN code, compliant with the minimum size required
Only password or PIN
End user will have to choose between a password and a PIN code, compliant with the minimum size required
Only password or complex PIN
End user will have to choose between a password and a complex PIN code (no repeating or consecutive numbers), compliant with the minimum size required
Only password
End user will have to choose a password compliant with the minimum size required
Only complex password
End user will have to choose a password combining letters and numeric characters, compliant with the minimum size required
Only secure password
End user will have to choose a password combining letters, numeric and special characters, compliant with the minimum size required.
Password minimum size
No minimum size required
End user will be able to choose the password length (not recommended)
Minimum size
End user will have to setup a password with a minimum length: 6, 8, 10, 12, 14 or 16 characters, depending on the password quality.
Password timeout
Unlimited
End user won’t have to change their password in the future (except if the password quality or length is updated and their password is no longer compliant with the policy)
Limited
End user will have to renew their password after: 7 days, 1 month, 3 months, 6 months or 1 year.
Number of times before reuse is possible
Number
To ensure higher security, you can set the number of times before an old password can be reused on the same device (between 1 and 50 times).
Maximum number of incorrect password entries
Unlimited
The end-user will be able to try an unlimited number of times a wrong password and it will not impact their device.
Maximum size
The user will have 5, 10 or 15 attempts to enter the password. If he enters too many incorrect passwords, the device will be reset to the factory settings.
B. Changing or deleting a password
If you set up a password policy from the policy, then you will be able to change or remove the password if necessary (in case of loss of password or device for example). To do this:
- Go in the Devices tab and click on the menu
of the device’s card - Then, click on Change password and enter a new one to unlock the device. This password remains valid as long as the user doesn’t change it from the settings.
- Or click on Delete password if you don’t want to have one anymore.
- A confirmation pop-up should be ticked to confirm your deletion request.
- Users will then receive a pop-up on their device to change their password according to the configuration requested in the policy.