General FAQ's
      Back to home
      1. Knowledge Base
      2. Cyber Essentials FAQ
      3. General FAQ's

      Mobile Device PIN

      6 Digit (Unique to Device) Pin Requirements

      To be honest, this particular issue with compliance comes up all the time and we find users generally having a 4 digit pin on the device.

      The requirement for the standard is that we have, was at least 6-digit pins on our mobile devices, as long as the pin is not used (it doesn't follow you around) on other devices (it is unique to that device) and this must be enforced on the devices, whether BYOD or Company Provided, either via basic controls of the backend-system (e.g. Exchange Online in 365 can enforce this), Mobile Device Management (MDM), which pushes it out to devices or using "currently" a corporate/company policy to ensure compliance.

      To be honest, whilst we would strongly suggest that any PIN used is unrelated to the person who owns the device, is not used anywhere else, and ideally is complex, we have to be honest and know that on a mobile phone, the PIN isn't usable anywhere other than on the device itself, thus, whatever it is, its to protect, generally, the device from someone who doesn't necessarily know you.

      Ideally, a PIN is used (just in case) as biometrics are generally used on modern phones, however, really, it is to protect the device if you leave it on a train, or bus, lose it in the park or somewhere else, for example, its not something that can be used remotely.

      Therefore, again, whilst strongly recommending good PINs are picked which are unrelated to the person using the device, even a date, not related to the person directly, is 6 digits and is far better than no PIN at all.

      Remember however, these phones have access to your company data, therefore protection of your data, which you are responsible for, is key - ultimately if you lose the data or have a breach, you, the CEO / Board, will have to advise the ICO and ultimately explain what you did to protect it.

      What you can do is perhaps have the PIN (if digits) as a word, using the keypad letters related to the numbers, for example, DogWhite = 36494483 (that is not my PIN by the way) is easier to remember than the actual numbers in use.

      Using a good pin is essential for good security and is a requirement of Cyber Essentials