Manage password policies with TinyMDM

Passwords ensure the protection of data that are visible on a device, so strenghtening them is essential. With TinyMDM, you can force passwords to be set on devices, and even remotely change or remove passwords if necessary.

To setup a password on the devices, you need to log in to your TinyMDM account:

  • Open the Policies tab. Create a new policy (via the Create a policy button) or modify an existing policy (via the Edit button).
  • Once the policy is open, go to the Device Policy sub-tab, where you’ll find two separate rows:
  • The first concerns all options for unlocking the device screen.
  • The second covers all options for unlocking the work (or professional) profile. This only applies to devices in BYOD or WPCO mode.

In Fully Managed or Kiosk mode, you can set various options that will apply directly to the screen unlock password. Here are the different options available:

  • Modify the password type
  • Modify the password minimum size
  • Enable or disable fingerprint and facial recognition authentication
  • Choose the password timeout
  • Define the number of time before an old password can be reused to access the device or the work profile
  • Define the maximum number of incorrect password entries before a factory reset

In BYOD or WPCO mode, it is possible to set a password to unlock the device screen, but it is also possible to set one to open the Work Profile (or Professional Profile).

a. Options for unlocking the device screen
  • Modify the password type
  • Modify the password minimum size
  • Enable or disable fingerprint and facial recognition authentication
  • Choose the password timeout
  • Define the number of time before an old password can be reused to access the device or the work profile
  • Define the maximum number of incorrect password entries before a factory reset
b. Options for unlocking the Work Profile (or Professional Profile)
  • Modify the password type
  • Modify the password minimum size
  • Enable or disable fingerprint and facial recognition authentication
  • Choose the password timeout
  • Define the number of time before an old password can be reused to access the device or the work profile
  • Define the maximum number of incorrect password entries before a factory reset

In Fully Managed or Kiosk mode, it is possible to change a password remotely if required. To do this, a password policy must first be set up in the policy (by following the steps above), and then at the appropriate time:

  • Go to the Devices tab and click on the menu available on the device card.
  • Then click on Change password and enter a temporary password to unlock the device.

In WPCO mode, it is possible to remotely change the password used to unlock the professional profile. To do this, a password policy must first be set up in the policy, and then at the appropriate time:

  • Go to the Devices tab and click on the menu available on the device card.
  • Then click on Change password and enter a password to unlock the professional profile.

The unlock password will not change, but the password for accessing the Professional Profile will.

In BYOD mode, since this directly affects the device settings, it is not possible to remotely change the password entered.

In Fully Managed or Kiosk Mode, it is possible to remotely delete a password if required. To do this, a password policy must first be set up in the policy (following the steps above), and then at the appropriate time:

  • Go to the Devices tab and click on the menu available on the device card.
  • Then click on Delete password. A confirmation pop-up appears, click on Ok to confirm your request. If the password policy is still in effect on the device, the user will receive a pop-up message asking them to change their password in accordance with the password policy.

In WPCO mode, it is possible to remotely remove the unlock password from the professional profile. To do this, a password policy must first be set up in the security policy, and then at the appropriate time:

  • Go to the Devices tab and click on the menu available on the device card
  • Then click on Delete password. A confirmation pop-up appears, click on Ok to confirm your request. If the password policy is still in effect on the user’s device, the user will receive a pop-up asking him to change his password in accordance with the password policy.

In BYOD mode, since this directly affects the device settings, it is not possible to remotely delete the password entered.

Any password, pattern or PIN

End user will be able to choose between a password, a pattern or a PIN code, compliant with the minimum size required

Only password or PIN

End user will have to choose between a password and a PIN code, compliant with the minimum size required

Only password or complex PIN

End user will have to choose between a password and a complex PIN code (no repeating or consecutive numbers), compliant with the minimum size required

Only password

End user will have to choose a password compliant with the minimum size required

Only complex password

End user will have to choose a password combining letters and numeric characters, compliant with the minimum size required

Only secure password

End user will have to choose a password combining letters, numeric and special characters, compliant with the minimum size required.

No minimum size required

End user will be able to choose the password length (not recommended)

Minimum size

End user will have to setup a password with a minimum length: 6, 8, 10, 12, 14 or 16 characters, depending on the password quality.

Unlimited

End user won’t have to change their password in the future (except if the password quality or length is updated and their password is no longer compliant with the policy)

Limited

End user will have to renew their password after: 7 days, 1 month, 3 months, 6 months or 1 year.

Number

To ensure higher security, you can set the number of times before an old password can be reused on the same device (between 1 and 50 times).

Unlimited

The end-user will be able to try an unlimited number of times a wrong password and it will not impact their device.

Maximum size

The user will have 5, 10 or 15 attempts to enter the password. If he enters too many incorrect passwords, the device will be reset to the factory settings.