If you have any important information on your organization's iPhones or iPads, you may want to secure them with a passcode. Passcodes can be as simple as a 4-digit number, or a complex alphanumeric passphrase with multiple words. Let's look at what setting a passcode policy for your team entails.
The most common setting we encounter for mobile device passwords is minimum password length (4-16). Other controls include:
- Allow simple passwords (repeating/ascending/descending characters)
- Require at least one letter and one number
- Minimum number of complex characters
- Days until the password must be changed (not recommended by NIST)
- Number of unique passwords required before allowing repeat passwords (also called "password history")
- Delay after failed login attempts (in minutes)
- Maximum failed attempts before lock/erase
Once you've decided on your settings, we can deploy the profile to your fleet. Your users will see the following notification the next time they unlock/wake their device:
They can defer the notification for up to an hour before they'll be required to set a passcode in order to continue using their device. When users tap Change Now, they'll be prompted to set and re-enter their passcode:
When unlocking their device with their new password, they'll either be shown a keypad if the passcode only included numbers or a keyboard if it was alphanumeric:
Frequently Asked Questions
What about FaceID or TouchID?
We strongly recommend the use of biometric authentication - it's difficult to compromise and is less susceptible to shoulder-surfing (when a bad actor tries to read your password as you type it in).
How do we schedule deployment of our password profile?
Users have 1 hour to set their passcode from the first time they unlock their device after the profile has been deployed. This means that if the profile is deployed at 9:00 AM, but a user doesn't wake their iPad until noon, they'll still have a sixty-minute window to choose a passcode. This flexibility ensures that users secure their devices quickly without immediate disruption. Consult with your team and account manager to decide on the best deployment date and time.
What happens if I forget my passcode?
The support desk can help you temporarily clear your passcode so you can define a new one. To avoid having a situation like this lock you out of your device, we recommend enabling FaceID or TouchID so you have an alternate way to access your device.