# Apple policy: Passcode

 The **Passcode settings** section controls device passcode requirements and related security rules (for example, minimum length and complexity).

## Options

 In the Apple Policy Editor, passcode options are configured using a mix of toggles and numeric fields. Many fields include tooltips that indicate supported OS versions and supervision requirements.

### Passcode toggles

- **ChangeAtNextAuth**: force a password reset the next time the user authenticates.
- **RequireAlphanumericPasscode**: require at least one alphabetic character and one number.
- **RequireComplexPasscode**: require a “complex” passcode (no repeating/sequential patterns and at least one non-alphanumeric character).
- **RequirePasscode**: require a passcode without additional length/quality requirements. Note: setting other passcode keys implicitly requires a passcode.

### Numeric fields

- **FailedAttemptsResetInMinutes**: minutes before the failed-attempts counter resets (requires MaximumFailedAttempts).
- **MaximumFailedAttempts**: failed attempts allowed before the device is erased/locked (range: 2–11).
- **MaximumGracePeriodInMinutes**: how long the device can be unlocked without requiring the passcode (0 = none).
- **MaximumInactivityInMinutes**: idle time before the device locks (range: 0–15).
- **MaximumPasscodeAgeInDays**: max passcode age before a forced change (range: 0–730).
- **MinimumComplexCharacters**: minimum number of “complex” characters (range: 0–4).
- **MinimumLength**: minimum passcode length (range: 0–16).
- **PasscodeReuseLimit**: passcode history length to prevent reusing old passcodes (range: 1–50).