Apple policy: Passcode The Passcode settings section controls device passcode requirements and related security rules (for example, minimum length and complexity). Options In the Apple Policy Editor, passcode options are configured using a mix of toggles and numeric fields. Many fields include tooltips that indicate supported OS versions and supervision requirements. Passcode toggles ChangeAtNextAuth: force a password reset the next time the user authenticates. RequireAlphanumericPasscode: require at least one alphabetic character and one number. RequireComplexPasscode: require a “complex” passcode (no repeating/sequential patterns and at least one non-alphanumeric character). RequirePasscode: require a passcode without additional length/quality requirements. Note: setting other passcode keys implicitly requires a passcode. Numeric fields FailedAttemptsResetInMinutes: minutes before the failed-attempts counter resets (requires MaximumFailedAttempts). MaximumFailedAttempts: failed attempts allowed before the device is erased/locked (range: 2–11). MaximumGracePeriodInMinutes: how long the device can be unlocked without requiring the passcode (0 = none). MaximumInactivityInMinutes: idle time before the device locks (range: 0–15). MaximumPasscodeAgeInDays: max passcode age before a forced change (range: 0–730). MinimumComplexCharacters: minimum number of “complex” characters (range: 0–4). MinimumLength: minimum passcode length (range: 0–16). PasscodeReuseLimit: passcode history length to prevent reusing old passcodes (range: 1–50).