You are here:
Manage Mobile Policies for a Connected App: Mobile PIN Complexity Control
This security setting mandates a specific cryptographic entropy level for local application access by requiring a minimum eight-digit numerical sequence to unlock the mobile interface.
Control Name
Connected Apps: Manage Mobile Policies for a Connected App: Mobile PIN Complexity
Recommended Configuration
Pin Length - Select "8 digits".
Control Overview
This security setting mandates a specific cryptographic entropy level for local application access by requiring a minimum eight-digit numerical sequence to unlock the mobile interface.
Security Risk If Not Configured
Weak PIN length requirements for mobile connected apps lead to a vulnerability where local data is susceptible to simple brute-force attacks or observed PIN guessing by unauthorized individuals.
Threat Scenarios
An attacker who has gained physical possession of a mobile device successfully bypasses a short four-digit PIN through a rapid trial-and-error sequence or by identifying common numerical patterns used for low-complexity authentication.
Estimated CVSS Score Range
High (7.0–8.9).
Risk Impact Considerations
Failure to enforce an 8-digit PIN facilitates unauthorized entry into the mobile application, granting full access to cached customer records and the ability to execute API calls using the active session token.
Higher Risk When
When the application is used in public environments where shoulder surfing is prevalent or when the organization does not enforce a strict lockout policy after multiple failed attempts.
Low Risk When
If the org enables biometric authentication as the primary unlock mechanism, using the 8-digit PIN only as a high-security fallback for identity verification.
Business and Integration Considerations
An 8-digit PIN is the recommended standard for protecting highly sensitive corporate intelligence, whereas a shorter PIN may be appropriate for non-sensitive utility applications to prioritize user convenience.
Recommended Remediation
Go to the Mobile App Settings for the Connected App, find the PIN Length field, and select the 8-digit option to increase the difficulty of unauthorized local access.
Security Health Review Guidance
Security Health Review identifies an 8-digit PIN as a strongly recommended standard for mobile security to make sure that the mathematical difficulty of a brute-force attack is sufficient to protect the integrity of the organizational perimeter.
