UCF STIG Viewer Logo

Samsung Android must be configured to not allow passwords that include more than two repeating or sequential characters.


Overview

Finding ID Version Rule ID IA Controls Severity
V-231014 KNOX-11-000400 SV-231014r608683_rule Medium
Description
Password strength is a measure of the effectiveness of a password in resisting guessing and brute force attacks. Passwords that contain repeating or sequential characters are significantly easier to guess than those that do not contain repeating or sequential characters. Therefore, disallowing repeating or sequential characters increases password strength and decreases risk. SFR ID: FMT_SMF_EXT.1.1 #1b
STIG Date
Samsung Android 11 with Knox 3.x Legacy Security Technical Implementation Guide 2020-12-08

Details

Check Text ( C-33944r592656_chk )
This requirement is not applicable if the password quality is set to Numeric (complex) or better.

Review Samsung Android configuration settings to determine if the mobile device is prohibiting passwords with more than two repeating or sequential characters.

This validation procedure is performed on both the management tool and the Samsung Android device.

On the management tool, in the device password section, verify the "maximum sequential numbers" is set to "2".

On the Samsung Android device:
1. Open Settings.
2. Tap "Lock screen".
3. Tap "Screen lock type".
4. Enter current password.
5. Tap "Password".
6. Verify that passwords with two or more sequential numbers are not accepted.

If on the management tool "maximum sequential numbers" is more than "2", or on the Samsung Android device a password with two or more sequential numbers is accepted, this is a finding.
Fix Text (F-33917r592657_fix)
This requirement is not applicable if the password quality is set to Numeric (complex), or better.

Configure Samsung Android to prevent passwords from containing more than two repeating or sequential characters.

On the management tool, in the device password section, set the "maximum sequential numbers" to "2".