The Android Password Policy is designed to enforce strong authentication standards on managed Android devices. By applying this policy, organizations can ensure that users create robust passwords that meet specific complexity and security requirements, significantly reducing the risk of unauthorized access.
What Does the Android Password Policy Do?
This policy defines the rules and complexity requirements for device passwords. It ensures that all users set passwords that comply with your organization’s security standards. The policy covers aspects such as password length, character requirements, expiration, and more.
Key Features and Settings
Below are the main parameters you can configure with the Android Password Policy:
Setting | Description | Example Value |
Maximum Failed Passwords for Wipe | Number of failed attempts before device wipe is triggered. | 10 |
Password Expiration Timeout | How long a password is valid before the user must change it. | 2592000s (30 days) |
Password History Length | Number of previous passwords remembered to prevent reuse. | 3 |
Password Minimum Length | Minimum number of characters required. | 8 |
Password Minimum Letters | Minimum number of letter characters required. | 2 |
Password Minimum Lower Case | Minimum number of lowercase letters required. | 1 |
Password Minimum Non-Letter | Minimum number of non-letter characters required. | 1 |
Password Minimum Numeric | Minimum number of numeric digits required. | 1 |
Password Minimum Symbols | Minimum number of symbol (special) characters required. | 1 |
Password Minimum Upper Case | Minimum number of uppercase letters required. | 1 |
Password Quality | The required password complexity (e.g., COMPLEX). | COMPLEX |
Password Scope | The scope of the password policy (e.g., device-wide). | SCOPE_DEVICE |
Example Policy Configuration
Here is a sample policy input for Android Password Policy:
{
"policyName": "ANDROID_PASSWORD_POLICY",
"policyType": "ANDROID_PASSWORD_POLICY",
"description": "This policy manages Android password complexity, expiration, and security settings.",
"policy": {
"passwordRequirements": {
"maximumFailedPasswordsForWipe": 10,
"passwordExpirationTimeout": "2592000s",
"passwordHistoryLength": 3,
"passwordMinimumLength": 8,
"passwordMinimumLetters": 2,
"passwordMinimumLowerCase": 1,
"passwordMinimumNonLetter": 1,
"passwordMinimumNumeric": 1,
"passwordMinimumSymbols": 1,
"passwordMinimumUpperCase": 1,
"passwordQuality": "COMPLEX",
"passwordScope": "SCOPE_DEVICE"
}
}
}In this example:
The password must be at least 8 characters long and include a mix of uppercase, lowercase, numeric, and symbol characters.
Passwords expire every 30 days.
Users cannot reuse their last 3 passwords.
After 10 failed password attempts, the device will be wiped for security.
How It Works
When the Android Password Policy is applied:
Users are prompted to set a password that meets all the configured requirements.
If a password does not meet the criteria, the user will be required to update it.
The policy helps protect sensitive data by enforcing strong password practices and automating device wipe after repeated failed attempts.
Additional Notes
The password quality setting (e.g.,
COMPLEX) ensures that all numeric and character requirements are enforced.The policy can be tailored to your organization’s specific security needs by adjusting the parameters above.