Require passwords for managed mobile devices

This feature is available with Cloud Identity Free and Cloud Identity Premium editions. Compare editions 

As an administrator, you can protect your organization's data by requiring users to set a screen lock or password on managed mobile devices. With advanced mobile management, you can set minimum password characteristics and require that users reset their password regularly.

Understand the user impact

  • Users get a notification when their passwords don't comply with your requirements. Users have 24 hours to update their passwords. After that period, they can't access their work data until they set an acceptable password.

    Note: To enforce your password requirements immediately with no grace period, you can set up Context-Aware Access to block non-compliant devices. Devices must be under basic or advanced mobile management and the user must have a license that supports Context-Aware Access. Learn more

  • If you use basic management and require a password, passwords aren't enforced for Android 5.1.1 Lollipop and earlier devices or Apple iOS 7 and earlier devices.

Set password requirements

Expand section  |  Collapse all

Basic option: Require a screen lock or password

Before you begin: If you need to set up a department or team for this setting, go to Add an organizational unit.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. In the Admin console, go to Menu and then Devicesand thenMobile & endpointsand thenSettingsand thenUniversal.
  3. Click Generaland thenPassword requirements.
  4. (Optional) To apply the setting to a department or team, at the side, select an organizational unit. Show me how
  5. Check the Require users to set a password box.
  6. Select Basic.
  7. (Optional) If you use basic mobile device management and want to require passwords on devices earlier than Android 6.0 Marshmallow, check the Require users of pre-Android 6.0 (Marshmallow) devices to set a password box.
  8. Click Save. Or, you might click Override for an organizational unit.

    To later restore the inherited value, click Inherit

Advanced option: (Recommended) Require a strong password
This feature is available with Cloud Identity Premium edition. Compare editions 

Before you begin: If you need to set up a department or team for this setting, go to Add an organizational unit.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. In the Admin console, go to Menu and then Devicesand thenMobile & endpointsand thenSettingsand thenUniversal.
  3. Click Generaland thenPassword requirements.
  4. (Optional) To apply the setting to a department or team, at the side, select an organizational unit. Show me how
  5. Check the Require users to set a password box.
  6. Choose a password strength:
    • Basic—Any screen lock patterns are accepted.

    • Standard—Requires a PIN or password. Screen lock patterns are not accepted. A password can contain any characters in any order. 
      Note: Android 12 and above personal devices (BYOD) that apply password settings at the device level require a PIN or password. The PIN can’t have repeating (4444) or ordered (1234, 4321, 2468) sequences.

    • Strong—Requires at least one character, number, and symbol (or the custom strength settings you set for Android devices). Not supported on Windows Phone 7 and 7.5 devices.
      Note: Android 12 and above personal devices (BYOD) that apply password settings at the device level require a PIN or password. The PIN can’t have repeating (4444) or ordered (1234, 4321, 2468) sequences.

  7. For Minimum characters, enter a minimum password length. Strong passwords should have 3 or more characters.
    Note: Minimum password length is not supported for Android 12 and above personal devices (BYOD) that apply password settings at  the device level. Standard password length must have at least 4 characters, and Strong must have at least 6 or 8 characters for the PIN. 
  8. (Optional) To lock the device screen after it's inactive for some time, select a time from the Time until screen locks menu.

    This setting overrides mobile devices' default values. For iPhones, the default is 5 minutes. For iPads, the default is 15 minutes.

  9. (Optional) To prompt users to reset their password regularly, check the Set a password lifespan box and enter the number of days. Supported on Android 3.0 Honeycomb and later devices.
  10. (Optional) To prevent the reuse of expired passwords, check the Block expired passwords box and enter the number of previous passwords that can’t be used again. For example, enter 2 to block the user from reusing their last 2 device passwords. Supported on Android 3.0 and later devices.
  11. (Optional—Use with caution) To automatically wipe a device when a user enters too many incorrect passwords, check the Wipe device after failed attempts box and enter a number. On iOS, the user gets one less failed attempt than on Android. For example:
    • On Android–If you enter 5, after the fifth failed attempt, the device is wiped and reset to its factory settings.
    • On iOS–If you enter 5, after the fourth failed attempt, the device is wiped and reset to its factory settings.
  12. (Optional) If you selected Strong in step 7, you can override the one character, number, symbol, and biometric requirements for Android devices. Check the Apply custom strength settings for Android box and select the requirements. 
    Important: This setting is not supported for Android 12 and above personal devices (BYOD) that apply password settings at the device level. 
  13. Click Save. Or, you might click Override for an organizational unit.

    To later restore the inherited value, click Inherit

Less secure option: (Not recommended) Turn off password requirements

Before you begin: If you need to set up a department or team for this setting, go to Add an organizational unit.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. In the Admin console, go to Menu and then Devicesand thenMobile & endpointsand thenSettingsand thenUniversal.
  3. Click Generaland thenPassword requirements.
  4. (Optional) To apply the setting to a department or team, at the side, select an organizational unit. Show me how
  5. Uncheck the Require users to set a password box.
  6. Click Save. Or, you might click Override for an organizational unit.

    To later restore the inherited value, click Inherit

Related topics


Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

Was this helpful?

How can we improve it?
Search
Clear search
Close search
Google apps
Main menu
6422333943671999490
true
Search Help Center
true
true
true
false
false