BerryReview.com - BlackBerry News and Reviews
Forgot? | Register
Shop The BerryReview Store

Does Your Company Password Protect Your BlackBerry?

by Ronen Halevy on Jan 6th, 2009 at 11:31 am EST
19 Comments »
 

Recently a colleague asked me a question that I had no answer for. He was considering implementing a password policy on all of his companies BlackBerrys that he is responsible for and was wondering what other companies are doing. He happens to be working in the retail industry and wanted to know what steps others were taking to secure their mobile devices.

So I thought I would put the question to all our readers:

  • Does your company require password protection on your BlackBerry?
  • What industry do you work in? (Federal, Retail, Financial, etc.)
  • What kind of password or other requirements are implemented? (6 characters, content protection, SD card encryption, etc.)

Sound off in the comments and let us know. Surprisingly RIM does not seem to have any best practices in this regard. The closest I found was a US government NIST document detailing how they require BlackBerry servers and devices to be locked down.

Please Share With A Friend!

This entry was posted on Tuesday, January 6th, 2009 and is filed under News.
Tags: , , ,

If you enjoyed this article, make sure you subscribe to our RSS Feed to stay on top of the latest BlackBerry news you can use.

Previous Post: TwitApps Replies – Get You Twitter Messages By Email Free »
Next Post: Google Mobile Asking For Your Ideas – Vote Them Up Or Down »

If you liked this article, you might find these interesting:

Latest Articles:

19 Comments to “Does Your Company Password Protect Your BlackBerry?

  1. Posted by: circadian
    January 6, 2009 at 11:54 am EST

    * Yes on a password
    * Industry – entertainment
    * 4 Character combo with numbers and letters

  2. Posted by: jskolm85
    January 6, 2009 at 12:15 pm EST

    I require a Password, with only 4 characters and a device wipe after 10 failed attempts. We are a software company.

  3. Posted by: Sith_Apprentice
    January 6, 2009 at 12:20 pm EST

    http://iase.disa.mil/stigs/checklist/wireless_stig_blackberry_checklist_v5r2-1.pdf

    There you go, a bit out of date but still not bad.

    • Posted by: Ronen Halevy
      January 6, 2009 at 7:39 pm EST

      Nice find Sith!
      The military is a perfect example of the high end of BES and BlackBerry security but many companies are just curious about what their peers do. For example Macy’s might be interested in what Bloomingdale does…

      That way when you go to upper management for approval you are not comparing yourself to the military since you will get laughed out of the office…

  4. Posted by: bryan
    January 6, 2009 at 12:42 pm EST

    Password is required here. Mimics the internal computer/laptop pw policy but with only 4 characters vs 8 on internal computers. We are in a regulated medical imaging environment. We do the wipe on ten attempts too.

    We have had a few people loose their BB’s, mostly exec and sales. If the information wasn’t locked it wouldn’t have been good. Not only does it protect the data but it also displays the name of the user and the company. Most of the lost phones have been mailed back to us.

  5. Posted by: JackD
    January 6, 2009 at 1:02 pm EST

    - Semiconductor Manufacturing
    - Password enforced via IT Policy with 5 characters
    - Content protection
    - SD card encryption
    - 3rd party app install block
    - App permission block on keystroke + prompt only on few others

  6. Posted by: Blackberry Beard
    January 6, 2009 at 1:12 pm EST

    6 characters
    1) auto-engages after 20 minutes of non-activity
    2) auto-engages after 30 minutes regardless of activity
    3) Serial port (USB) blocked from 3rd party apps – this helps protects from potential outside threats getting in via the PC but also inhibits cool programs like Impatica Showmate from working.

    I appreciate and understand the need to auto-lock the device so the information doesn’t get into the wrong hands but it is such a pain in the backside because everytime you try to use it the dan thin is locked.

  7. Posted by: perrin_75
    January 6, 2009 at 2:10 pm EST

    Software industry
    1. Password enforced via IT Policy with 8 character password needing at leat one numeric value, one alpha numeric and one special character
    2. Reset after 5 failed attempts

  8. Posted by: panpan1975
    January 6, 2009 at 2:57 pm EST

    Manufacturing industry
    - Password enforced
    - 5 character minimum
    - Content protection enabled
    - Lock device after 30 min inactivity
    - Wipe device after 10 attempts

  9. Posted by: Digg
    January 6, 2009 at 3:09 pm EST

    - Medical Device Manufacturing.
    - Password policy enforced via IT Policy.
    - Password minimum 10 characters requiring at least one each: upper case letter, lower case letter, numeral, and special character.
    - Device auto-locks after 30 minutes of inactivity.
    - Device wipes after 10 failed attempts (I’m told).
    - Content protection enabled, strongest encryption including address book.

  10. Posted by: n8
    January 6, 2009 at 4:34 pm EST

    Even if your company doesn’t require it, if you don’t have a password on your blackberry, then you a certified moron IMHO.
    However, you wouldn’t believe the amount of clients I see without a password on their blackberry.
    I service many clients, some who have bes and some who don’t. About 1/2 “require” a password and 1/2 don’t.
    Those that do require passwords too are pretty flexible on it policies though.
    I have only 1 client I have ever worked for that actually had strict it policies. Most don’t care.
    BTW: the clients I service range from large attorney firms to mom and pops companies.

  11. Posted by: DC
    January 6, 2009 at 4:45 pm EST

    I require a password here, as I did at my last position. In both corporations (one private-sector homebuilder and one public sector) time proved the decision prudent, as at least one Blackberry was lost.

    With the password protection set to wipe after 10 failed logons we were at least reassured that information didn’t make it’s way to the press at an ainappropriate time.

  12. Posted by: John
    January 6, 2009 at 8:03 pm EST

    Hi,

    Senior management in wireless cellular services provider Canada.

    - IT policy with 4 different digits password
    - Device gets wiped after 10 attempts.
    - Password renewed avery 3 months

    All tough IT policy seems easy to flush (please see: http://www.blackberryforums.com/bes-admin-corner/2558-removing-policy-blackberry.html).

    I hope it helps.

    • Posted by: Blackberry Beard
      January 7, 2009 at 10:56 am EST

      Although it is relatively easy to remove the IT policy set from any Blackberry you still have to provide the unit’s existing password first. If you don’t have the password you can’t remove the IT policy.

      To remove the policy, once a home PC is set up with the appropriate policy.bin file and the one registry change, all you do is start up Desktop Manager, connect the blackberry, TYPE IN THE EXISTING PASSWORD, then once you see “device connected” you can shutdown Desktop Manager and disconnect the blackberry.

      I’ve appropriately done this many times to decommissioned units that were already wiped of all company information.

      • Posted by: Blackberry Beard
        January 7, 2009 at 11:07 am EST

        1) Please understand that when you remove the IT policy all the options stay the same including password and timeouts. Once the policies are removed you then can go into Security Options make whatever changes you need to.

        2) In the above steps you will only be prompted for a password if the device already has a password. So some of you may have done the above steps and not needed to type in a password to remove the policies.

  13. Posted by: david
    January 6, 2009 at 9:10 pm EST

    Fortune 100 high tech firm.
    Password is mandatory via BES policy.
    Min 8 characters, max 16.
    Must contain letters and numbers.
    Auto lock time out is 30 mins max if inactivity.

    Its a hassle but I understand the security reasons
    Behind it. I think a 8 character minimum is overkill.
    4 or 5 as a min is more appropriate for a
    Handheld IMO.

  14. Posted by: Rob
    January 8, 2009 at 9:11 am EST

    - Yes on a password
    - Industry – Manufacturing
    - 6 Character’s

  15. Posted by: Marco
    January 9, 2009 at 6:57 am EST

    - Advertising Agency
    - Password is enforced, minimum lenght of 4 characters
    - Device is locked after 5 minutes of inactivity
    - Device is wiped afer 10 attempts

  16. Posted by: LJ
    January 9, 2009 at 9:27 am EST

    Financial Consulting
    - Password enforced
    - 6 character minimum