Login Screens for Data Vaults

An application that implements a login screen is considered secure. Mobile application developers are responsible for creating login screens for the applications they create. A login screen allows the device user to enter a password to unlock the data vault after an administrator has set a client password policy in Management Cockpit.

A secure application that uses a login screen:

Prompts the user to enter the data vault password to open the application and gain access to the local client database. If the wrong password is used, the application is rendered useless: the key that encrypts and decrypts data in the vault cannot be used to access data until this code is accurately entered.
Can self-destruct after a configured number of incorrect password attempts.

The Lock Timeout limits the length of time (seconds) the data vault can be left unlocked within the application so the user can continue to use it. If the data vault is not accessed within this timeout, it locks itself and the user has to go back to the login screen to re-enter their password in order to continue using the application.

To implement a login screen, developers must create the login and define the password. The screen and the password unlock the data vault. Unlocking the vault enables access to application data offline or online.

Administrators can allow users to change this password, when defining the client password policy in Management Cockpit.

The SAP Mobile Platform data vault password policy does not include any password change frequency requirements. The user can change their password whenever desired. When a user does change their password, any changes the administrator may have made to the policy would be applied to the new user password only. This is dependent upon the developer has included logic to:

Allow the user to change the password
Pick up password policy changes and apply them to the vault when they occur