Configuring a strong unlock password for an Android device
To keep an Android device secure, you need to configure the use of a password for which the user is prompted when the device comes out of sleep mode.
You can impose restrictions on the user's activity on the device if the unlock password is weak (for example, lock the device). You can impose restrictions using the Compliance Control component. To do this, in the scan rule settings, you must select the Unlock password is not compliant with security requirements criterion.
In the console tree, in the Managed devices folder, select the administration group to which the Android devices belong.
In the workspace of the group, select the Policies tab.
Open the policy properties window by double-clicking any column.
In the policy Properties window, select the Device Management section.
If you want the app to check whether an unlock password has been set, select the Require to set screen unlock password check box in the Screen lock section.
If the application detects that no system password has been set on the device, it prompts the user to set it. The password is set according to the parameters defined by the administrator.
The minimum number of characters in the user password. Possible values: 4 to 16 characters.
The user's password is 4 characters long by default.
On devices running Android 10.0 or later, Kaspersky Endpoint Security resolves the password strength requirements into one of the system values: medium or high.
The values for devices running Android 10.0 or later are determined by the following rules:
If the password length required is 1 to 4 symbols, then the app prompts the user to set a medium-strength password. It must be either numeric (PIN) with no repeating or ordered (e.g. 1234) sequences, or alphabetic/ alphanumeric. The PIN or password must be at least 4 characters long.
If the password length required is 5 or more symbols, then the app prompts the user to set a high-strength password. It must be either numeric (PIN) with no repeating or ordered sequences, or alphabetic/ alphanumeric (password). The PIN must be at least 8 digits long; the password must be at least 6 characters long.
Specifies minimum unlock password requirements. These requirements apply only to new user passwords. The following values are available:
Numeric
The user can set a password that includes numbers or set any stronger password (for instance, alphabetic or alphanumeric).
This option is selected by default.
Alphabetic
The user can set a password that includes letters (or other non-number symbols) or set any stronger password (for instance, alphanumeric).
Alphanumeric
The user can set a password that includes both numbers and letters (or other non-number symbols) or set any stronger complex password.
Any
The user can set any password.
Complex
The user must set a complex password according to the specified password properties:
Minimum number of letters
Minimum number of digits
Minimum number of special symbols
Minimum number of uppercase letters
Minimum number of lowercase letters
Minimum number of non-letter characters
Complex numeric
The user can set a password that includes numbers with no repetitions (e.g. 4444) and no ordered sequences (e.g. 1234, 4321, 2468) or set any stronger complex password.
Weak biometric
The user can use biometric unlock methods or set a stronger complex password.
This option applies only to devices running Android 12 or later in device owner mode.
Specifies the period for unlocking the device without a password. During this period, the user can use biometric methods to unlock the screen. After this period, the user can unlock the screen only with a password.
The default value is 0. This means that the user won't be forced to unlock the device with a password after a certain period.
This option applies only to devices running Android 8 or later in device owner mode.
If the check box is selected, the use of biometric unlock methods on the mobile device is allowed.
If the check box is cleared, Kaspersky Endpoint Security for Android blocks the use of biometric methods to unlock the screen. The user can unlock the screen only with a password.
This check box is selected by default.
This setting applies only to devices running Android 9 or later.
The use of fingerprints to unlock the screen. This check box does not restrict the use of a fingerprint scanner when signing in to apps or confirming purchases.
On devices running Android 10.0 or later, the use of fingerprints to unlock the screen can be managed for work profiles only.
If the check box is selected, the use of fingerprints on the mobile device is allowed. If the unlock password does not comply with corporate security requirements, the user cannot use a fingerprint scanner to unlock the screen.
If the check box is cleared, Kaspersky Endpoint Security for Android blocks the use of fingerprints to unlock the screen. The user can unlock the screen only with a password. In the Android settings, the option to use fingerprints will be unavailable (Android Settings > Security > Screen lock > Fingerprints).
This check box is available only if the Allow biometric unlock methods (Android 9+) check box is selected.
This option lets you set the password on the user device.
On devices running Android 11 or later, this option applies only if the device is in device owner mode.
Once you save the policy, this option applies to the device by sending a command with the specified password. The input is cleared and the specified password is not saved in Administration Console.
If the device is not protected with the password or is running Android 10 or earlier, Kaspersky Endpoint Security for Android sets the password immediately.
If the device is running Android 11 or later, Kaspersky Endpoint Security for Android prompts the user to apply the new password.
If you leave this option empty, no changes are applied to the device.
Click the Apply button to save the changes you have made.
Mobile device settings are configured after the next device synchronization with the Kaspersky Security Center.