Set password requirements for managed mobile devices

Supported editions for this feature: Business Starter, Standard and Plus; Enterprise; Education and Enterprise for Education; G Suite Basic and Business; Essentials; Cloud Identity Free and Premium.  Compare your edition

As an administrator, you can protect your organization's data by requiring users to set a screen lock or password on managed mobile devices. With advanced mobile management, you can set minimum password characteristics and require that users reset their password regularly. 

Understand the user impact

  • Users get a notification when their passwords don't comply with your requirements. Users have 24 hours to update their passwords. After that period, they can't access their work data until they set an acceptable password.
  • If you use basic management and require a password, users with Android 5.1.1 Lollipop and earlier devices need to install the Google Apps Device Policy app. Passwords are not enforced on Apple iOS 7 and earlier devices.

Set password requirements

Basic option: Require a screen lock or password

Before you begin: To apply the setting for certain users, put their accounts in an organizational unit.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Devices.
  3. At the left, click Settingsand thenUniversal settings.
  4. Click Generaland thenPassword requirements.
  5. To apply the setting to everyone, leave the top organizational unit selected. Otherwise, select a child organizational unit.
  6. Check the Require users to set a password box.
  7. Select Basic.
  8. (Optional) If you use basic mobile device management and want to require passwords on devices earlier than Android 6.0 Marshmallow, check the Require users of pre-Android 6.0 (Marshmallow) devices to set a password box. 
  9. Click Save. If you configured a child organizational unit, you might be able to Inherit or Override a parent organizational unit's settings.
Advanced option: (Recommended) Require a strong password
Supported editions for this feature: Business Plus; Enterprise; Education and Enterprise for Education; G Suite Basic and Business; Cloud Identity Premium.  Compare your edition

Before you begin: To apply the setting for certain users, put their accounts in an organizational unit.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Devices.
  3. To apply the setting to everyone, leave the top organizational unit selected. Otherwise, select a child organizational unit.
  4.  At the left, click Settingsand thenUniversal settings.
  5. Click Generaland thenPassword requirements.
  6. Check the Require users to set a password box.
  7. Choose a password strength:
    • Standard—Requires a PIN or password. Screen lock patterns are not accepted. A password can contain any characters in any order.
    • Strong—Requires at least one character, number, and symbol (or the custom strength settings you set for Android devices). Not supported on Windows Phone 7 and 7.5 devices.
  8. For Minimum characters, enter a minimum password length. Strong passwords should have 3 or more characters.
  9. (Optional) To lock the device screen after it's inactive for some time, select a time from the Set time until screen locks menu.

    This setting overrides mobile devices' default values. For iPhones, the default is 5 minutes. For iPads, the default is 15 minutes.

  10. (Optional) To prompt users to reset their password regularly, check the Set a password lifespan box and enter the number of days. Supported on Android 3.0 Honeycomb and later devices.
  11. (Optional) To prevent the reuse of expired passwords, check the Block expired passwords box and enter the number of previous passwords that can’t be used again.  For example, enter 2 to block the user from reusing their last 2 device passwords. Supported on Android 3.0 and later devices.
  12. (Optional—Use with caution) To automatically wipe a device when a user enters too many incorrect passwords, check the Wipe device after failed attempts box and enter the number of attempts allowed.

    For example, if you enter 5, then 4 failed attempts are allowed. After the fifth, the device is wiped and reset to its factory settings.

    Note: This option doesn't apply to devices that use Google Sync.

  13. (Optional) If you select Strong, you can override the one character, number, and symbol requirements for Android devices. Check the Apply custom strength settings for Android box and select the requirements.
  14. Click Save. If you configured a child organizational unit, you might be able to Inherit or Override a parent organizational unit's settings.
Less secure option: (Not recommended) Turn off password requirements

Before you begin: To apply the setting for certain users, put their accounts in an organizational unit.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Devices.
  3. To apply the setting to everyone, leave the top organizational unit selected. Otherwise, select a child organizational unit.
  4.  At the left, click Settingsand thenUniversal settings.
  5. Click Generaland thenPassword requirements.
  6. Uncheck the Require users to set a password box.
  7. Click Save. If you configured a child organizational unit, you might be able to Inherit or Override a parent organizational unit's settings.

Related topics



Google, Google Workspace, and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

Was this helpful?
How can we improve it?

Need more help?

Sign in for additional support options to quickly solve your issue