Do you really need a long complicated pass code on Android?
Traditionally, IT admins applied similar pass code requirements to Android devices as with server and desktop operating systems. How...
Updated 6 months ago
Version 4.0
Blog Post
Interesting article but how about the companies that are using an external factor, like smartcard or usb token for example, to authenticate strongly people on their PC ? (I know a lot of companies using this still and if I'm right, you also have some in Google). On these external tokens, no need to change the passcode every 90 days for example but the user experience also brings some questions. On pc, we lock the device once the smartcard is removed for example but on smartphones / tablets we can't do so. If we need to keep this external factor for mobile devices as they have now more and more sensitive data on them, it means that the OS will also need to bring new features to manage them.
Finding how to strongly authenticate the user BUT keeping a good UX is in my top 3 topics to manage this year.
Hi Yann_ROLAND, all great points. We mostly see Smart Cards and CAC/PIV cards still used in Laptops, but the use of them on Mobile has significantly dropped off due to user experience issues. Users will have to carry a special sled or external card reader that connects to the phone by Bluetooth to insert the card into. We see more customers like that using Derived Credentials that are linked to the Smart cards that are sent to the devices with a short TTL.
We do use Yubi keys here at Google on mobile, but only for enrollment, not for an ongoing basis.