Ramifications of Password Parameters

Understanding issues related to applying password parameters.

There are several considerations needed when using Kandji's password parameters. Without fully understanding the possible ramifications, you may cause unwanted disturbance to your users. We strongly recommend reviewing the following and performing tests of your own before deploying to production devices. 

Password Complexity Requirements

Kandji offers several parameters that allow you to determine how complex users' local Mac passwords should be. It is important to note that deploying these requirements via Kandji does not result in a user being prompted to change their password, even if the current password does not match the requirements. Only when a user manually changes their password, or as new users are created will the password requirements be enforced.


Force Password Reset 

You can use the "Force user to reset password at next authentication" parameter to ensure that all Mac Devices enrolled in the Blueprint are using acceptable passwords. Please note that the parameter forces all user accounts on all Mac Devices enrolled in the Blueprint to change their password during their next login, including users that have a password that does meet the password complexity requirements. 


We strongly recommended alerting your users before this parameter is deployed to ensure they will be prepared for the prompt.