macOS: Password rules
macOS
: Password rulesName | Description | Activation types | Default | Possible values |
|---|---|---|---|---|
IT policy rules target | This rule specifies whether the IT policy rules for the password apply only to the assigned user's account or to the entire device. Minimum OS version: 10.8.0 | MDM controls | User |
|
Password required for device | Specify whether a user must set a password. | MDM controls | Not selected | |
Allow simple value | Specify whether the password can contain sequential or repeated characters, such as ABCD or 3333. Depends on: Password required for device | MDM controls | Selected | |
Require alphanumeric value | Specify whether the password must contain both letters and numbers. Depends on: Password required for device | MDM controls | Not selected | |
Minimum password length | Specify the minimum number of characters that the password must contain. Depends on: Password required for device | MDM controls | Minimum value: 1 character Maximum value: 16 characters | |
Minimum number of complex characters | Specify the minimum number of non-alphanumeric characters that the password must contain. Depends on: Password required for device | MDM controls | Minimum value: 1 character Maximum value: 4 characters | |
Maximum password age | Specify the maximum number of days that the password can be used. After the specified number of days elapse, the password expires and the user must set a new password. Depends on: Password required for device | MDM controls | Minimum value: 1 day Maximum value: 730 days | |
Maximum auto-lock | Specify the maximum value that a user can set for the auto-lock time, which is the number of minutes of user inactivity that must elapse before a device locks. If set to "None," the user can select any value. Depends on: Password required for device | MDM controls | None |
|
Password history | Specify the maximum number of previous passwords that a device checks to prevent reuse. Depends on: Password required for device | MDM controls | Minimum value: 1 previous password Maximum value: 50 previous passwords | |
Maximum grace period for device lock | Specify the maximum value that a user can set for the grace period for device lock, which is the amount of time that a device can be locked before a password is required to unlock it. If set to "None," all values are available on the device. If set to "Immediately," the password is required immediately after the device locks. Depends on: Password required for device | MDM controls | None |
|
Maximum failed password attempts | Specify the number of times that a user can enter an incorrect password before a device is wiped. Depends on: Password required for device | MDM controls | 10 attempts | Minimum value: 2 attempts Maximum value: 10 attempts |