UCF STIG Viewer Logo

The mobile operating system must disallow more than two sequential numbers (e.g., 456) in the device unlock password.


Overview

Finding ID Version Rule ID IA Controls Severity
KNOX-03-001100 KNOX-03-001100 KNOX-03-001100_rule Medium
Description
Password complexity or strength refers to how difficult it is to determine a password using a dictionary or brute force attack. Passwords with sequential numbers (e.g., 456 or 987) are considered easier to crack than random patterns. Therefore, disallowing sequential numbers makes it more difficult for an adversary to discover the password.
STIG Date
Samsung Knox Android 1.0 STIG 2013-05-03

Details

Check Text ( C-KNOX-03-001100_chk )
This check procedure is performed on both the MDM Administration Console and the Samsung Knox Android device.

Check that the appropriate setting is configured on the MDM server.

For example, on the Fixmo Sentinel Administration Console:
1. Ask the MDM administrator to display the "Max Sequential Chars" setting in the "Android Knox Password Restrictions" rule.
2. Verify the configured value is 2 or greater.

On the Samsung Knox Android device:
1. Open the device settings.
2. Select "Lock Screen".
3. Select "Screen lock".
4. Enter current password.
5. Select "Password".
6. Attempt to enter a password that contains three sequential numbers.

If the "Max Sequential Chars" setting is not 2 or greater, or if the MOS accepts a password with three sequential numbers, this is a finding.
Fix Text (F-KNOX-03-001100_fix)
Configure the mobile operating system to disallow more than two sequential numbers in the device unlock password.

For example, on the Fixmo Sentinel Administration Console, set the "Max Sequential Chars" value to 2 or greater in the "Android Knox Password Restrictions" rule.