Apple password policy analysis tool
| Setting | Description | Value |
|---|---|---|
| Require passcode on device | If true, forces the user to enter a PIN. | true |
| Allow simple value | Permits users to use sequential or repeated characters in their passcodes or passwords — for example, “3333” or “DEFG”. | true |
| Require alphanumeric value | Requires that the passcode or password contain at least one letter and one number. | false |
| Minimum length | Specifies the minimum number of characters a passcode or password can contain. | 10 |
| Minimum number of complex characters | Specifies the number of characters (such as $ and !) that the passcode or password must contain. | 4 |
| Maximum passcode or password age | Requires users to change their passcode or password at the interval you specify. | 5 days |
| Maximum Auto-Lock | If the device isn’t used for the period of time you specify, it automatically locks. | 3 minutes |
| Passcode or password history | A device refuses a new passcode or password if it matches a previously used passcode or password. You can specify how many previous passcodes or passwords are remembered and compared. | 6 |
| Maximum grace period for device lock | Specifies how soon a device can be unlocked again after use, without prompting again for the passcode or password. | 1 minute |
| Maximum number of failed attempts | Forces a device to be erased after a specified number of incorrect attempts. | 4 |
Based on the maximum auto-lock time of 3 minutes and grace period of a minute, we estimate that users will enter their password 30 times per day
as compared with the default policy where it would be 3 times per day.
Based on selected password complexity rules it will take users 15.9 seconds to enter their passsword as compared with the default policy where it would be 9.6 seconds. Assuming 250 working days in a year and 30 password entries per day (calculated above) this will result in a day spent entering passwords, as compared with the default policy where it would be 2 hours.
Based on selected password complexity rules, the probability of a user entering
4 consecutive incorrect passwords and being locked out of their account is 11%. Assuming a productivity loss
of 8 hours will result from being locked out, the average time spent dealing with account lockouts per year will be 2 days.
Based on selected password complexity rules, it will take 23.0 seconds to create a new password. Each year users will need to create 50 passwords due to expiry and 5 due to being locked out. The total time spent creating new passwords is 21 minutes.
Overall the policy will result in an average productivity loss of 3 days as compared to the default policy where it is 2 hours