V-260441

Discussion

Password strength is a measure of the effectiveness of a password in resisting guessing and brute force attacks. Passwords that contain repeating or sequential characters are significantly easier to guess than those that do not. Therefore, disallowing repeating or sequential characters increases password strength and decreases risk. SFR ID: FMT_SMF_EXT.1.1 #1b

Check Content

Review the configuration to determine if the Samsung Android devices' Work Environment is disallowing passwords containing more than four repeating or sequential characters.

This validation procedure is performed on both the management tool and the Samsung Android device.

On the management tool, in the device password policies, verify "minimum password quality" is set to "Numeric(Complex)" or better.

On the Samsung Android device, confirm if the user has "One Lock" enabled (Settings >> Security and privacy >> More security settings >> Work profile security >> Use one lock).

If "One Lock" is enabled:
1. Open Settings >> Lock screen >> Screen lock type.
2. Enter current password. 
3. Tap "PIN". 
4. Verify that PINs with more than four repeating or sequential numbers are not accepted.

If "One Lock" is disabled:
1. Open Settings >> Security and privacy >> More security settings >> Work profile security >> Work profile lock type.
2. Enter current password. 
3. Tap "PIN". 
4. Verify that PINs with more than four repeating or sequential numbers are not accepted.

If on the management tool "minimum password quality" is not set to "Numeric(Complex)" or better, or on the Samsung Android device a password with more than four repeating or sequential numbers is accepted, this is a finding.