Category Filter

Password policy for iOS

Passcode enables the users to protect the device from unauthorized access and hence assure device and data security. Hexnode allows the admin to configure passcode rules to be maintained by the end-users. These rules define the password complexity and strength which in turn enhances the device security. When a passcode policy is pushed to an iOS device, the admin is bound to set up a device passcode specific to the set passcode rules. There can be different scenarios in setting up a passcode policy:

  1. If the device already has a passcode and it complies with the set passcode rules: In such a case, no change is required, and the device can be accessed with the same passcode.
  2. If the device has a passcode but it does not comply with the set passcode rules: In such a case, a pop-up would be raised asking the user to reset the passcode based on the set passcode rules. In order to set a new passcode, the user would be required to enter the old passcode and then reset the device passcode in accordance with the passcode rules pushed to the devices.

    Set passcode does not comply with the requirements
  3. If the device does not have a passcode: A pop-up would be raised asking the user to set a device passcode based on the passcode rules pushed to the device via policy.

    Set passcode pop up

Configure passcode rules via policy

To set up passcode rules on iOS via policy,

  1. Login to your Hexnode MDM portal.
  2. Navigate to Policies > New Policy. Assign a suitable name and description (optional) for the policy. You can also choose to continue with an existing policy.
  3. Go to iOS > Passcode. Click Configure.


Hexnode iOS passcode policy
Settings Description
Allow simple value The users are allowed to set a simple passcode (without uppercase letters, numbers and special characters, or just numbers) on their device, something like 123456 or abcd.
Require alphanumeric value Users are required to enter alphanumeric (alphabets, numbers, optional special characters) value as their device passcode.
Minimum passcode length Set the minimum number of characters that the passcode should have from the drop-down list. The value can range from 1 to 16. If 10 is set, a passcode with 8, 9 or any lower number of characters is not allowed.
Minimum complex characters Set the minimum number of complex or special characters that can be included in the passcode. The limit ranges from 1 to 4.
Maximum passcode age in days (1 – 730 days) Set a value from 1 to 730 (in days), after which the passcode becomes invalid and needs to be updated. Once the passcode expires, the device remains locked unless a new passcode is set and applied.
Auto lock You can either choose never to disable auto lock or set a value from 1 to 15 (in minutes) after which the device will be locked automatically.
Passcode history You can have the device store the last 1 to 50 passcodes so that these passcodes are not allowed to be set again for the specified number of times. Suppose you set the value as 5. A user has the passcode abcd1234. The user cannot use abcd1234 as the passcode for the next five times if he changes the current passcode.
Grace period for device lock The period up to which a user can unlock the device without using passcodes. Values are None, Immediately, 1 minute, 5 minutes, 15 minutes, 1 hour and 4 hours. If the value is set 5 minutes, then users can unlock their device within 5 minutes without using a passcode.
Failed attempts Set a value from 4 to 10. If the user enters a wrong passcode for the specified number of times, the device data will be wiped automatically.

Associating Password Policy to Devices/Groups

If the policy has not been saved,

  1. Navigate to Policy Targets > Devices > + Add Devices.
  2. Choose the target devices and click OK. Click Save.
  3. You can also associate the policy to device groups, users, user groups, or domains from the left pane of the Policy Targets tab.

If the policy has been saved,

  1. Go to Policies tab. Choose the desired policy.
  2. Click on Manage drop-down and select Associate Targets.
  3. Choose the target entities and click Associate.