security
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
security [2018/07/11 20:16] devreach |
security [2019/05/29 15:00] (current) devreach |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| __**Security Screen**__ | __**Security Screen**__ | ||
| - | This screen allows the sysytem user to configure and restrict passwords on the | + | This screen allows the sysytem user to configure and restrict passwords on the device. |
| - | device. | + | |
| + | |||
| + | |||
| + | {{:passsec1.png|}} | ||
| + | {{:passsec2.png|}} | ||
| + | {{:passsec3.png|}} | ||
| + | |||
| + | |||
| | | ||
| - | __**Inc Ext Storage When Wiping After Password Fail**__ | + | __**Inc Ext Storage When Wiping After Password Fail**__ |
| - | An sytem user can include or exclude external storage when the device is wiped | + | |
| - | due to exceeding the maximum number of failed password attempts without user | + | A system user can include or exclude external storage when the device is wiped due to exceeding the maximum number of failed password attempts without user interaction. |
| - | interaction. | + | |
| - | __**Forbidden Password Characters**__ | + | |
| - | An system user can use this functionality to set characters or words that are | + | __**Forbidden Password Characters**__ |
| - | forbidden in the device password. Forbidden words may include personal data | + | |
| - | (variations on the user's name, email address etc) or any other words. | + | A system user can use this functionality to set characters or words that are forbidden in the device password. Forbidden words may include personal data (variations on the user's name, email address etc) or any other words. |
| - | __**Max Occurrences Of Characters**__ | + | |
| - | An system user can use this functionality to specify the maximum number of | + | |
| - | occurrences of a character in the device password. Characters can be numeric, | + | |
| - | alphabetic, or symbolic. For example, "aaabcde" has three occurrences of an 'a', | + | __**Max Occurrences Of Characters**__ |
| - | "1b1c1de" has three occurrences of a '1', and "a@b@c@" has three occurrences of | + | |
| - | a '@'. A value of '0' specifies that no restrictions are applied. | + | A system user can use this functionality to specify the maximum number of occurrences of a character in the device password. Characters can be numeric, alphabetic, or symbolic. For example, "aaabcde" has three occurrences of an 'a', "1b1c1de" has three occurrences of a '1', and "a@b@c@" has three occurrences of a '@'. A value of '0' specifies that no restrictions are applied. |
| - | __**Maximum numeric sequence length**__ | + | |
| - | An system user can use this functionality to set the maximum numeric sequence | + | |
| - | length allowed in the device password. This functionality specifies that the | + | __**Maximum numeric sequence length**__ |
| - | device password must not contain a numeric sequences greater than the given | + | |
| - | length. For example, if the maximum numeric sequence length is set to 5, the | + | A system user can use this functionality to set the maximum numeric sequence length allowed in the device password. This functionality specifies that the device password must not contain a numeric sequences greater than the given length. For example, if the maximum numeric sequence length is set to 5, the numeric sequence "12345" is allowed but "123456" is prohibited. A value of '0' specifies that no numeric sequence restrictions are applied. |
| - | numeric sequence "12345" is allowed but "123456" is prohibited. A value of '0' | + | |
| - | specifies that no numeric sequence restrictions are applied. | + | |
| - | __**Max num of failed password attempts before device disabled**__ | + | |
| - | An system user can use this functionality to set the maximum number of failed | + | __**Max num of failed password attempts before device disabled**__ |
| - | password attempts after which the device is disabled. When the device is | + | |
| - | disabled, the user cannot enter a password. The only way to re-enable the device | + | A system user can use this functionality to set the maximum number of failed password attempts after which the device is disabled. When the device is disabled, the user cannot enter a password. The only way to re-enable the device is for the system user to set the value to "0" again. |
| - | is for the system user to set the value to "0" again. | + | |
| - | __**Min password complex characters**__ | + | |
| - | Functionality to set the password character length required when setting a new | + | |
| - | password. Complex characters are digits or symbols that contribute to making | + | __**Min password complex characters**__ |
| - | stricter passwords. If MinPasswordComplexChars = 1, then at least one digit is | + | |
| - | required. If MinPasswordComplexChars > 1, then at least one digit and at least | + | Functionality to set the password character length required when setting a new password. Complex characters are digits or symbols that contribute to making stricter passwords. If MinPasswordComplexChars = 1, then at least one digit is required. If MinPasswordComplexChars > 1, then at least one digit and at least one symbol are required. |
| - | one symbol are required. | + | |
| - | __**Min password character change num**__ | + | |
| - | An system user can use this functionality to specify that a new password must | + | |
| - | have a minimum number of changed characters. The difference between both | + | __**Min password character change num**__ |
| - | passwords (old and new) shall be calculated. Characters can be numeric, | + | |
| - | alphabetic, or symbolic. Passwords like "test" and "best" differ from each other | + | A system user can use this functionality to specify that a new password must have a minimum number of changed characters. The difference between both passwords (old and new) shall be calculated. Characters can be numeric, alphabetic, or symbolic. Passwords like "test" and "best" differ from each other by 1 unit. "test" and "toad" differ from each other by 3 units. "test" and "est" differ from each other by 1 unit. A value of '0' specifies that no restrictions are applied. |
| - | by 1 unit. "test" and "toad" differ from each other by 3 units. "test" and "est" | + | |
| - | differ from each other by 1 unit. A value of '0' specifies that no restrictions | + | |
| - | are applied. | + | |
| - | __**Password change timeout (Minutes after User Prompted)**__ | + | __**Password change timeout (Minutes after User Prompted)**__ |
| - | This functionality sets the timeout in minutes after which the password must be | + | |
| - | changed after the administrator uses enforcePwdChange() and the user cancels the | + | This functionality sets the timeout in minutes after which the password must be changed after the administrator uses enforcePwdChange() and the user cancels the first password change enforcement. If a password is already set in the device and the administrator calls enforcePwdChange(), the user can cancel the password change dialog; the password change is definitely enforced again after the timeout set (default value is 0 - no option to cancel). If no password is set in the device and the administrator calls enforcePwdChange(), the user cannot cancel it, so, in this case, the password change timeout is ignored. |
| - | first password change enforcement. If a password is already set in the device | + | |
| - | and the administrator calls enforcePwdChange(), the user can cancel the password | + | |
| - | change dialog; the password change is definitely enforced again after the | + | |
| - | timeout set (default value is 0 - no option to cancel). If no password is set in | + | __**Number of Days Password expires after**__ |
| - | the device and the administrator calls enforcePwdChange(), the user cannot | + | |
| - | cancel it, so, in this case, the password change timeout is ignored. | + | This functionality sets the maximum password age in days after which the password has to be changed. Value 0 will reset this policy and no expiry will be applied. |
| - | __**Number of Days Password expires after**__ | + | |
| - | This functionality sets the maximum password age in days after which the | + | |
| - | password has to be changed. Value 0 will reset this policy and no expiry will be | + | |
| - | applied. | + | __**Num of recent passwords not used when setting new password**__ |
| - | __**Num of recent passwords not used when setting new password**__ | + | |
| - | This functionality sets the maximum password history (the number of previous | + | This functionality sets the maximum password history (the number of previous passwords that cannot be used when setting a new password). Value 0 will reset this policy and no history will be checked. |
| - | passwords that cannot be used when setting a new password). Value 0 will reset | + | |
| - | this policy and no history will be checked. | + | |
| - | __**Lock screen/password delay (In Secs)**__ | + | |
| - | This functionality sets idle time after which key guard lock (lock screen) is | + | __**Lock screen/password delay (In Secs)**__ |
| - | enabled. An system user can use this functionality to set the duration of idle | + | |
| - | time before the key guard lock (lock screen) is enabled. Device settings provide | + | This functionality sets idle time after which key guard lock (lock screen) is enabled. An system user can use this functionality to set the duration of idle time before the key guard lock (lock screen) is enabled. Device settings provide to the mobile user a way to set time values to lock the device automatically or instantly by pressing power key. Considering the conflict between the latter and this functionality, the strictest value (shorter time) is the one that will be applied, no matter if it was defined by the system user or by mobile user via device settings. When the functionality of 'lock instantly with power key' is enabled and the power key is pressed, the screen will be locked instantly regardless of the time set by either the system user or the mobile user. If the password is set, the mobile user is prompted for the password while unlocking the device. If the system user does not care about the idle time, USE DEVICE SYSTEM SETTINGS TIME can be clicked. If LOCK AFTER SCREEN TIMEOUT is clicked then device is locked immediately after screen time out. |
| - | to the mobile user a way to set time values to lock the device automatically or | + | |
| - | instantly by pressing power key. Considering the conflict between the latter and | + | |
| - | this functionality, the strictest value (shorter time) is the one that will be | + | |
| - | applied, no matter if it was defined by the system user or by mobile user via | + | __**Enable password visibility**__ |
| - | device settings. When the functionality of 'lock instantly with power key' is | + | |
| - | enabled and the power key is pressed, the screen will be locked instantly | + | A system user can enable or disable making the password visibile without the mobile user interaction. The mobile user and third-party applications cannot enable the visibility setting once it is disabled. |
| - | regardless of the time set by either the system user or the mobile user. If the | + | |
| - | password is set, the mobile user is prompted for the password while unlocking | + | |
| - | the device. If the system user does not care about the idle time, USE DEVICE | + | |
| - | SYSTEM SETTINGS TIME can be clicked. If LOCK AFTER SCREEN TIMEOUT is clicked | + | __**Set Required password pattern**__ |
| - | then device is locked immediately after screen time out. | + | |
| - | __**Enable password visibility**__ | + | The sysem user that last set the password pattern becomes the password pattern owner, meaning that only the owner's patterns are used to match new passwords. An system user can force the mobile user to enter a password based on a regular expression. For example, if the regular expression is [a-zA-Z]{4}[0-9]{4}, the system user forces the mobile user to enter an 8-character password with first 4 characters alphabetic and next 4 characters numeric. The system user must be careful when setting this pattern. Android requires a minimum password length of 4 characters and a maximum length of 16 characters. The pattern set must always allow passwords following these constraints. |
| - | An system user can enable or disable making the password visibile without the | + | |
| - | mobile user interaction. The mobile user and third-party applications cannot | + | |
| - | enable the visibility setting once it is disabled. | + | |
| - | __**Set Required password pattern**__ | + | __**Lock screen pattern visibility**__ |
| - | The sysem user that last set the password pattern becomes the password pattern | + | |
| - | owner, meaning that only the owner's patterns are used to match new passwords. | + | Functionality to enable or disable screen lock pattern visibility. |
| - | An system user can force the mobile user to enter a password based on a regular | + | |
| - | expression. For example, if the regular expression is [a-zA-Z]{4}[0-9]{4}, the | + | |
| - | system user forces the mobile user to enter an 8-character password with first 4 | + | |
| - | characters alphabetic and next 4 characters numeric. The system user must be | + | __**Reboot device**__ |
| - | careful when setting this pattern. Android requires a minimum password length of | + | |
| - | 4 characters and a maximum length of 16 characters. The pattern set must always | + | Functionality to reboot the device immediately. |
| - | allow passwords following these constraints. | + | |
| - | __**Lock screen pattern visibility**__ | + | |
| - | Functionality to enable or disable screen lock pattern visibility. | + | |
| - | __**Reboot device**__ | + | |
| - | Functionality to reboot the device immediately. | + | |
security.1531336591.txt.gz · Last modified: 2018/07/11 20:16 (external edit)
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
