Configuring a strong unlock password for an Android device

Expand all | Collapse all

To keep an Android device secure, you need to configure the use of a password for which the user is prompted when the device comes out of sleep mode.

You can impose restrictions on the user's activity on the device if the unlock password is weak (for example, lock the device). You can impose restrictions using the Compliance Control component. To do this, in the scan rule settings, you must select the Unlock password is not compliant with security requirements criterion.

On certain Samsung devices running Android 7.0 or later, when the user attempts to configure unsupported methods for unlocking the device (for example, a graphical password), the device may be locked if the following conditions are met: Kaspersky Endpoint Security for Android removal protection is enabled and screen unlock password strength requirements are set. To unlock the device, you must send a special command to the device.

To configure the use of an unlock password:

  1. In the console tree, in the Managed devices folder, select the administration group to which the Android devices belong.
  2. In the workspace of the group, select the Policies tab.
  3. Open the policy properties window by double-clicking any column.

    Complete the following steps within 15 minutes. Otherwise, you may face an error when saving changes to the policy.

  4. In the policy Properties window, select the Device Management section.
  5. If you want the app to check whether an unlock password has been set, select the Require to set screen unlock password check box in the Screen lock section.

    If the application detects that no system password has been set on the device, it prompts the user to set it. The password is set according to the parameters defined by the administrator.

  6. Specify the following options, if required:
    • Minimum number of characters
    • Minimum password complexity requirements (Android 12 or earlier in device owner mode)
    • Maximum password age, in days
    • Number of days to notify that a password change is required (for device owner mode)
    • Number of recent passwords that can't be used as a new password (all Android versions; Android 10 or later in device owner mode)
    • Period of inactivity before the device screen locks, in seconds
    • Period after unlocking by biometric methods before entering a password, in minutes (Android 8.0 or later in device owner mode)
    • Allow biometric unlock methods (Android 9 or later; Android 10 in device owner mode)
    • Allow use of fingerprints (all Android versions; Android 10 in device owner mode)
    • Allow face scanning (Android 9 or later; Android 10 in device owner mode)
    • Allow iris scanning (Android 9 or later; Android 10 in device owner mode)
    • Allow the device to start up before prompting the password
    • Unlock password
  7. Click the Apply button to save the changes you have made.

Mobile device settings are changed after the next device synchronization with Kaspersky Security Center.

On some HUAWEI devices, an issue message about too simple screen unlocking method appears.

To set a correct PIN code on a HUAWEI device, the user must do the following:

  1. In the issue message, tap the Edit button.
  2. Enter the current PIN code.
  3. In the Set new password window, tap the Change unlock method button.
  4. Select the Custom PIN unlock method.
  5. Set the new PIN code.

    The PIN code must be compliant with policy requirements.

A correct PIN code is now set on the device.

Page top