security
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
|
security [2018/07/11 20:20] devreach |
security [2018/07/11 20:33] devreach |
||
|---|---|---|---|
| Line 2: | Line 2: | ||
| This screen allows the sysytem user to configure and restrict passwords on the device. | This screen allows the sysytem user to configure and restrict passwords on the device. | ||
| + | |||
| + | |||
| + | |||
| + | {{:passsec1.png|}} | ||
| + | {{:passsec2.png|}} | ||
| + | {{:passsec3.png|}} | ||
| + | |||
| + | |||
| + | |||
| | | ||
| __**Inc Ext Storage When Wiping After Password Fail**__ | __**Inc Ext Storage When Wiping After Password Fail**__ | ||
| Line 19: | Line 28: | ||
| - | __**Maximum numeric sequence length**__ | + | __**Maximum numeric sequence length**__ |
| - | An system user can use this functionality to set the maximum numeric sequence | + | |
| - | length allowed in the device password. This functionality specifies that the | + | An system user can use this functionality to set the maximum numeric sequence length allowed in the device password. This functionality specifies that the device password must not contain a numeric sequences greater than the given length. For example, if the maximum numeric sequence length is set to 5, the numeric sequence "12345" is allowed but "123456" is prohibited. A value of '0' specifies that no numeric sequence restrictions are applied. |
| - | device password must not contain a numeric sequences greater than the given | + | |
| - | length. For example, if the maximum numeric sequence length is set to 5, the | + | |
| - | numeric sequence "12345" is allowed but "123456" is prohibited. A value of '0' | + | |
| - | specifies that no numeric sequence restrictions are applied. | + | __**Max num of failed password attempts before device disabled**__ |
| - | __**Max num of failed password attempts before device disabled**__ | + | |
| - | An system user can use this functionality to set the maximum number of failed | + | An system user can use this functionality to set the maximum number of failed password attempts after which the device is disabled. When the device is disabled, the user cannot enter a password. The only way to re-enable the device is for the system user to set the value to "0" again. |
| - | password attempts after which the device is disabled. When the device is | + | |
| - | disabled, the user cannot enter a password. The only way to re-enable the device | + | |
| - | is for the system user to set the value to "0" again. | + | |
| - | __**Min password complex characters**__ | + | __**Min password complex characters**__ |
| - | Functionality to set the password character length required when setting a new | + | |
| - | password. Complex characters are digits or symbols that contribute to making | + | Functionality to set the password character length required when setting a new password. Complex characters are digits or symbols that contribute to making stricter passwords. If MinPasswordComplexChars = 1, then at least one digit is required. If MinPasswordComplexChars > 1, then at least one digit and at least one symbol are required. |
| - | stricter passwords. If MinPasswordComplexChars = 1, then at least one digit is | + | |
| - | required. If MinPasswordComplexChars > 1, then at least one digit and at least | + | |
| - | one symbol are required. | + | |
| - | __**Min password character change num**__ | + | __**Min password character change num**__ |
| - | An system user can use this functionality to specify that a new password must | + | |
| - | have a minimum number of changed characters. The difference between both | + | An system user can use this functionality to specify that a new password must have a minimum number of changed characters. The difference between both passwords (old and new) shall be calculated. Characters can be numeric, alphabetic, or symbolic. Passwords like "test" and "best" differ from each other by 1 unit. "test" and "toad" differ from each other by 3 units. "test" and "est" differ from each other by 1 unit. A value of '0' specifies that no restrictions are applied. |
| - | passwords (old and new) shall be calculated. Characters can be numeric, | + | |
| - | alphabetic, or symbolic. Passwords like "test" and "best" differ from each other | + | |
| - | by 1 unit. "test" and "toad" differ from each other by 3 units. "test" and "est" | + | |
| - | differ from each other by 1 unit. A value of '0' specifies that no restrictions | + | __**Password change timeout (Minutes after User Prompted)**__ |
| - | are applied. | + | |
| - | __**Password change timeout (Minutes after User Prompted)**__ | + | This functionality sets the timeout in minutes after which the password must be changed after the administrator uses enforcePwdChange() and the user cancels the first password change enforcement. If a password is already set in the device and the administrator calls enforcePwdChange(), the user can cancel the password change dialog; the password change is definitely enforced again after the timeout set (default value is 0 - no option to cancel). If no password is set in the device and the administrator calls enforcePwdChange(), the user cannot cancel it, so, in this case, the password change timeout is ignored. |
| - | This functionality sets the timeout in minutes after which the password must be | + | |
| - | changed after the administrator uses enforcePwdChange() and the user cancels the | + | |
| - | first password change enforcement. If a password is already set in the device | + | |
| - | and the administrator calls enforcePwdChange(), the user can cancel the password | + | __**Number of Days Password expires after**__ |
| - | change dialog; the password change is definitely enforced again after the | + | |
| - | timeout set (default value is 0 - no option to cancel). If no password is set in | + | This functionality sets the maximum password age in days after which the password has to be changed. Value 0 will reset this policy and no expiry will be applied. |
| - | the device and the administrator calls enforcePwdChange(), the user cannot | + | |
| - | cancel it, so, in this case, the password change timeout is ignored. | + | |
| - | __**Number of Days Password expires after**__ | + | |
| - | This functionality sets the maximum password age in days after which the | + | __**Num of recent passwords not used when setting new password**__ |
| - | password has to be changed. Value 0 will reset this policy and no expiry will be | + | |
| - | applied. | + | This functionality sets the maximum password history (the number of previous passwords that cannot be used when setting a new password). Value 0 will reset this policy and no history will be checked. |
| - | __**Num of recent passwords not used when setting new password**__ | + | |
| - | This functionality sets the maximum password history (the number of previous | + | |
| - | passwords that cannot be used when setting a new password). Value 0 will reset | + | |
| - | this policy and no history will be checked. | + | __**Lock screen/password delay (In Secs)**__ |
| - | __**Lock screen/password delay (In Secs)**__ | + | |
| - | This functionality sets idle time after which key guard lock (lock screen) is | + | This functionality sets idle time after which key guard lock (lock screen) is enabled. An system user can use this functionality to set the duration of idle time before the key guard lock (lock screen) is enabled. Device settings provide to the mobile user a way to set time values to lock the device automatically or instantly by pressing power key. Considering the conflict between the latter and this functionality, the strictest value (shorter time) is the one that will be applied, no matter if it was defined by the system user or by mobile user via device settings. When the functionality of 'lock instantly with power key' is enabled and the power key is pressed, the screen will be locked instantly regardless of the time set by either the system user or the mobile user. If the password is set, the mobile user is prompted for the password while unlocking the device. If the system user does not care about the idle time, USE DEVICE SYSTEM SETTINGS TIME can be clicked. If LOCK AFTER SCREEN TIMEOUT is clicked then device is locked immediately after screen time out. |
| - | enabled. An system user can use this functionality to set the duration of idle | + | |
| - | time before the key guard lock (lock screen) is enabled. Device settings provide | + | |
| - | to the mobile user a way to set time values to lock the device automatically or | + | |
| - | instantly by pressing power key. Considering the conflict between the latter and | + | __**Enable password visibility**__ |
| - | this functionality, the strictest value (shorter time) is the one that will be | + | |
| - | applied, no matter if it was defined by the system user or by mobile user via | + | An system user can enable or disable making the password visibile without the mobile user interaction. The mobile user and third-party applications cannot enable the visibility setting once it is disabled. |
| - | device settings. When the functionality of 'lock instantly with power key' is | + | |
| - | enabled and the power key is pressed, the screen will be locked instantly | + | |
| - | regardless of the time set by either the system user or the mobile user. If the | + | |
| - | password is set, the mobile user is prompted for the password while unlocking | + | __**Set Required password pattern**__ |
| - | the device. If the system user does not care about the idle time, USE DEVICE | + | |
| - | SYSTEM SETTINGS TIME can be clicked. If LOCK AFTER SCREEN TIMEOUT is clicked | + | The sysem user that last set the password pattern becomes the password pattern owner, meaning that only the owner's patterns are used to match new passwords. An system user can force the mobile user to enter a password based on a regular expression. For example, if the regular expression is [a-zA-Z]{4}[0-9]{4}, the system user forces the mobile user to enter an 8-character password with first 4 characters alphabetic and next 4 characters numeric. The system user must be careful when setting this pattern. Android requires a minimum password length of 4 characters and a maximum length of 16 characters. The pattern set must always allow passwords following these constraints. |
| - | then device is locked immediately after screen time out. | + | |
| - | __**Enable password visibility**__ | + | |
| - | An system user can enable or disable making the password visibile without the | + | |
| - | mobile user interaction. The mobile user and third-party applications cannot | + | __**Lock screen pattern visibility**__ |
| - | enable the visibility setting once it is disabled. | + | |
| - | __**Set Required password pattern**__ | + | Functionality to enable or disable screen lock pattern visibility. |
| - | The sysem user that last set the password pattern becomes the password pattern | + | |
| - | owner, meaning that only the owner's patterns are used to match new passwords. | + | |
| - | An system user can force the mobile user to enter a password based on a regular | + | |
| - | expression. For example, if the regular expression is [a-zA-Z]{4}[0-9]{4}, the | + | __**Reboot device**__ |
| - | system user forces the mobile user to enter an 8-character password with first 4 | + | |
| - | characters alphabetic and next 4 characters numeric. The system user must be | + | Functionality to reboot the device immediately. |
| - | careful when setting this pattern. Android requires a minimum password length of | + | |
| - | 4 characters and a maximum length of 16 characters. The pattern set must always | + | |
| - | allow passwords following these constraints. | + | |
| - | __**Lock screen pattern visibility**__ | + | |
| - | Functionality to enable or disable screen lock pattern visibility. | + | |
| - | __**Reboot device**__ | + | |
| - | Functionality to reboot the device immediately. | + | |
security.txt · Last modified: 2019/05/29 15:00 by devreach
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
