mds mds - 1 month ago 6
Android Question

How does android do Password Validation?

I have added a password policy with the following requirements for an android device.


  • Minimum Password Length - 4

  • Maximum failed password attempts - 3



Then I created a password with four characters.

Expected behaviour in this scenario is that the device wipes data (Factory Reset) after three failed attempts to log in.

This behaviour is correctly observed when I try to log in and fail three times with a password which has a
passwordLength >= 4
; but when the
passwordLenth < 4
The device doesn't wipe after three failed attempts.

Is this the intended behaviour of android?

Answer

This is the expected behavior from android. Since the minimum length of the password is set to 4 , all the entries which are less than 4 characters are not a treat since it dose not register as a valid password entry.

But the entry contains more than 4 characters this is a considered as a valid password and process this can be a rick since user can different entries and try to crack the password.

So the company reset/ wipe data is triggers when a user enter 3 or more password entries which consider as valid candidates for the password.