Defining an enterprise mobile device passcode policy can be surprisingly difficult. Security managers must attempt to reconcile two opposing goals. They must create a passcode policy that is strong enough to protect the device if it is lost or stolen, while not annoying users with needless length or complexity.