security
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
security [2018/07/11 20:18] devreach |
security [2019/05/29 15:00] (current) devreach |
||
|---|---|---|---|
| Line 2: | Line 2: | ||
| This screen allows the sysytem user to configure and restrict passwords on the device. | This screen allows the sysytem user to configure and restrict passwords on the device. | ||
| + | |||
| + | |||
| + | |||
| + | {{:passsec1.png|}} | ||
| + | {{:passsec2.png|}} | ||
| + | {{:passsec3.png|}} | ||
| + | |||
| + | |||
| + | |||
| | | ||
| __**Inc Ext Storage When Wiping After Password Fail**__ | __**Inc Ext Storage When Wiping After Password Fail**__ | ||
| - | An system user can include or exclude external storage when the device is wiped due to exceeding the maximum number of failed password attempts without user interaction. | + | A system user can include or exclude external storage when the device is wiped due to exceeding the maximum number of failed password attempts without user interaction. |
| | | ||
| | | ||
| __**Forbidden Password Characters**__ | __**Forbidden Password Characters**__ | ||
| - | An system user can use this functionality to set characters or words that are forbidden in the device password. Forbidden words may include personal data (variations on the user's name, email address etc) or any other words. | + | A system user can use this functionality to set characters or words that are forbidden in the device password. Forbidden words may include personal data (variations on the user's name, email address etc) or any other words. |
| __**Max Occurrences Of Characters**__ | __**Max Occurrences Of Characters**__ | ||
| - | An system user can use this functionality to specify the maximum number of | + | |
| - | occurrences of a character in the device password. Characters can be numeric, | + | A system user can use this functionality to specify the maximum number of occurrences of a character in the device password. Characters can be numeric, alphabetic, or symbolic. For example, "aaabcde" has three occurrences of an 'a', "1b1c1de" has three occurrences of a '1', and "a@b@c@" has three occurrences of a '@'. A value of '0' specifies that no restrictions are applied. |
| - | alphabetic, or symbolic. For example, "aaabcde" has three occurrences of an 'a', | + | |
| - | "1b1c1de" has three occurrences of a '1', and "a@b@c@" has three occurrences of | + | |
| - | a '@'. A value of '0' specifies that no restrictions are applied. | + | __**Maximum numeric sequence length**__ |
| - | __**Maximum numeric sequence length**__ | + | |
| - | An system user can use this functionality to set the maximum numeric sequence | + | A system user can use this functionality to set the maximum numeric sequence length allowed in the device password. This functionality specifies that the device password must not contain a numeric sequences greater than the given length. For example, if the maximum numeric sequence length is set to 5, the numeric sequence "12345" is allowed but "123456" is prohibited. A value of '0' specifies that no numeric sequence restrictions are applied. |
| - | length allowed in the device password. This functionality specifies that the | + | |
| - | device password must not contain a numeric sequences greater than the given | + | |
| - | length. For example, if the maximum numeric sequence length is set to 5, the | + | |
| - | numeric sequence "12345" is allowed but "123456" is prohibited. A value of '0' | + | __**Max num of failed password attempts before device disabled**__ |
| - | specifies that no numeric sequence restrictions are applied. | + | |
| - | __**Max num of failed password attempts before device disabled**__ | + | A system user can use this functionality to set the maximum number of failed password attempts after which the device is disabled. When the device is disabled, the user cannot enter a password. The only way to re-enable the device is for the system user to set the value to "0" again. |
| - | An system user can use this functionality to set the maximum number of failed | + | |
| - | password attempts after which the device is disabled. When the device is | + | |
| - | disabled, the user cannot enter a password. The only way to re-enable the device | + | |
| - | is for the system user to set the value to "0" again. | + | __**Min password complex characters**__ |
| - | __**Min password complex characters**__ | + | |
| - | Functionality to set the password character length required when setting a new | + | Functionality to set the password character length required when setting a new password. Complex characters are digits or symbols that contribute to making stricter passwords. If MinPasswordComplexChars = 1, then at least one digit is required. If MinPasswordComplexChars > 1, then at least one digit and at least one symbol are required. |
| - | password. Complex characters are digits or symbols that contribute to making | + | |
| - | stricter passwords. If MinPasswordComplexChars = 1, then at least one digit is | + | |
| - | required. If MinPasswordComplexChars > 1, then at least one digit and at least | + | |
| - | one symbol are required. | + | __**Min password character change num**__ |
| - | __**Min password character change num**__ | + | |
| - | An system user can use this functionality to specify that a new password must | + | A system user can use this functionality to specify that a new password must have a minimum number of changed characters. The difference between both passwords (old and new) shall be calculated. Characters can be numeric, alphabetic, or symbolic. Passwords like "test" and "best" differ from each other by 1 unit. "test" and "toad" differ from each other by 3 units. "test" and "est" differ from each other by 1 unit. A value of '0' specifies that no restrictions are applied. |
| - | have a minimum number of changed characters. The difference between both | + | |
| - | passwords (old and new) shall be calculated. Characters can be numeric, | + | |
| - | alphabetic, or symbolic. Passwords like "test" and "best" differ from each other | + | |
| - | by 1 unit. "test" and "toad" differ from each other by 3 units. "test" and "est" | + | __**Password change timeout (Minutes after User Prompted)**__ |
| - | differ from each other by 1 unit. A value of '0' specifies that no restrictions | + | |
| - | are applied. | + | This functionality sets the timeout in minutes after which the password must be changed after the administrator uses enforcePwdChange() and the user cancels the first password change enforcement. If a password is already set in the device and the administrator calls enforcePwdChange(), the user can cancel the password change dialog; the password change is definitely enforced again after the timeout set (default value is 0 - no option to cancel). If no password is set in the device and the administrator calls enforcePwdChange(), the user cannot cancel it, so, in this case, the password change timeout is ignored. |
| - | __**Password change timeout (Minutes after User Prompted)**__ | + | |
| - | This functionality sets the timeout in minutes after which the password must be | + | |
| - | changed after the administrator uses enforcePwdChange() and the user cancels the | + | |
| - | first password change enforcement. If a password is already set in the device | + | __**Number of Days Password expires after**__ |
| - | and the administrator calls enforcePwdChange(), the user can cancel the password | + | |
| - | change dialog; the password change is definitely enforced again after the | + | This functionality sets the maximum password age in days after which the password has to be changed. Value 0 will reset this policy and no expiry will be applied. |
| - | timeout set (default value is 0 - no option to cancel). If no password is set in | + | |
| - | the device and the administrator calls enforcePwdChange(), the user cannot | + | |
| - | cancel it, so, in this case, the password change timeout is ignored. | + | |
| - | __**Number of Days Password expires after**__ | + | __**Num of recent passwords not used when setting new password**__ |
| - | This functionality sets the maximum password age in days after which the | + | |
| - | password has to be changed. Value 0 will reset this policy and no expiry will be | + | This functionality sets the maximum password history (the number of previous passwords that cannot be used when setting a new password). Value 0 will reset this policy and no history will be checked. |
| - | applied. | + | |
| - | __**Num of recent passwords not used when setting new password**__ | + | |
| - | This functionality sets the maximum password history (the number of previous | + | |
| - | passwords that cannot be used when setting a new password). Value 0 will reset | + | __**Lock screen/password delay (In Secs)**__ |
| - | this policy and no history will be checked. | + | |
| - | __**Lock screen/password delay (In Secs)**__ | + | This functionality sets idle time after which key guard lock (lock screen) is enabled. An system user can use this functionality to set the duration of idle time before the key guard lock (lock screen) is enabled. Device settings provide to the mobile user a way to set time values to lock the device automatically or instantly by pressing power key. Considering the conflict between the latter and this functionality, the strictest value (shorter time) is the one that will be applied, no matter if it was defined by the system user or by mobile user via device settings. When the functionality of 'lock instantly with power key' is enabled and the power key is pressed, the screen will be locked instantly regardless of the time set by either the system user or the mobile user. If the password is set, the mobile user is prompted for the password while unlocking the device. If the system user does not care about the idle time, USE DEVICE SYSTEM SETTINGS TIME can be clicked. If LOCK AFTER SCREEN TIMEOUT is clicked then device is locked immediately after screen time out. |
| - | This functionality sets idle time after which key guard lock (lock screen) is | + | |
| - | enabled. An system user can use this functionality to set the duration of idle | + | |
| - | time before the key guard lock (lock screen) is enabled. Device settings provide | + | |
| - | to the mobile user a way to set time values to lock the device automatically or | + | __**Enable password visibility**__ |
| - | instantly by pressing power key. Considering the conflict between the latter and | + | |
| - | this functionality, the strictest value (shorter time) is the one that will be | + | A system user can enable or disable making the password visibile without the mobile user interaction. The mobile user and third-party applications cannot enable the visibility setting once it is disabled. |
| - | applied, no matter if it was defined by the system user or by mobile user via | + | |
| - | device settings. When the functionality of 'lock instantly with power key' is | + | |
| - | enabled and the power key is pressed, the screen will be locked instantly | + | |
| - | regardless of the time set by either the system user or the mobile user. If the | + | __**Set Required password pattern**__ |
| - | password is set, the mobile user is prompted for the password while unlocking | + | |
| - | the device. If the system user does not care about the idle time, USE DEVICE | + | The sysem user that last set the password pattern becomes the password pattern owner, meaning that only the owner's patterns are used to match new passwords. An system user can force the mobile user to enter a password based on a regular expression. For example, if the regular expression is [a-zA-Z]{4}[0-9]{4}, the system user forces the mobile user to enter an 8-character password with first 4 characters alphabetic and next 4 characters numeric. The system user must be careful when setting this pattern. Android requires a minimum password length of 4 characters and a maximum length of 16 characters. The pattern set must always allow passwords following these constraints. |
| - | SYSTEM SETTINGS TIME can be clicked. If LOCK AFTER SCREEN TIMEOUT is clicked | + | |
| - | then device is locked immediately after screen time out. | + | |
| - | __**Enable password visibility**__ | + | |
| - | An system user can enable or disable making the password visibile without the | + | __**Lock screen pattern visibility**__ |
| - | mobile user interaction. The mobile user and third-party applications cannot | + | |
| - | enable the visibility setting once it is disabled. | + | Functionality to enable or disable screen lock pattern visibility. |
| - | __**Set Required password pattern**__ | + | |
| - | The sysem user that last set the password pattern becomes the password pattern | + | |
| - | owner, meaning that only the owner's patterns are used to match new passwords. | + | |
| - | An system user can force the mobile user to enter a password based on a regular | + | __**Reboot device**__ |
| - | expression. For example, if the regular expression is [a-zA-Z]{4}[0-9]{4}, the | + | |
| - | system user forces the mobile user to enter an 8-character password with first 4 | + | Functionality to reboot the device immediately. |
| - | characters alphabetic and next 4 characters numeric. The system user must be | + | |
| - | careful when setting this pattern. Android requires a minimum password length of | + | |
| - | 4 characters and a maximum length of 16 characters. The pattern set must always | + | |
| - | allow passwords following these constraints. | + | |
| - | __**Lock screen pattern visibility**__ | + | |
| - | Functionality to enable or disable screen lock pattern visibility. | + | |
| - | __**Reboot device**__ | + | |
| - | Functionality to reboot the device immediately. | + | |
security.1531336711.txt.gz · Last modified: 2018/07/11 20:18 (external edit)
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
