Forgot your password?

Does Your Company Password Protect Your BlackBerry?

Recently a colleague asked me a question that I had no answer for. He was considering implementing a password policy on all of his companies BlackBerrys that he is responsible for and was wondering what other companies are doing. He happens to be working in the retail industry and wanted to know what steps others were taking to secure their mobile devices.

So I thought I would put the question to all our readers:

  • Does your company require password protection on your BlackBerry?
  • What industry do you work in? (Federal, Retail, Financial, etc.)
  • What kind of password or other requirements are implemented? (6 characters, content protection, SD card encryption, etc.)

Sound off in the comments and let us know. Surprisingly RIM does not seem to have any best practices in this regard. The closest I found was a US government NIST document detailing how they require BlackBerry servers and devices to be locked down.

19 total comments on this postSubmit your comment!
  1. * Yes on a password
    * Industry – entertainment
    * 4 Character combo with numbers and letters

  2. I require a Password, with only 4 characters and a device wipe after 10 failed attempts. We are a software company.

    • Nice find Sith!
      The military is a perfect example of the high end of BES and BlackBerry security but many companies are just curious about what their peers do. For example Macy’s might be interested in what Bloomingdale does…

      That way when you go to upper management for approval you are not comparing yourself to the military since you will get laughed out of the office…

  3. Password is required here. Mimics the internal computer/laptop pw policy but with only 4 characters vs 8 on internal computers. We are in a regulated medical imaging environment. We do the wipe on ten attempts too.

    We have had a few people loose their BB’s, mostly exec and sales. If the information wasn’t locked it wouldn’t have been good. Not only does it protect the data but it also displays the name of the user and the company. Most of the lost phones have been mailed back to us.

  4. – Semiconductor Manufacturing
    – Password enforced via IT Policy with 5 characters
    – Content protection
    – SD card encryption
    – 3rd party app install block
    – App permission block on keystroke + prompt only on few others

  5. 6 characters
    1) auto-engages after 20 minutes of non-activity
    2) auto-engages after 30 minutes regardless of activity
    3) Serial port (USB) blocked from 3rd party apps – this helps protects from potential outside threats getting in via the PC but also inhibits cool programs like Impatica Showmate from working.

    I appreciate and understand the need to auto-lock the device so the information doesn’t get into the wrong hands but it is such a pain in the backside because everytime you try to use it the dan thin is locked.

  6. Software industry
    1. Password enforced via IT Policy with 8 character password needing at leat one numeric value, one alpha numeric and one special character
    2. Reset after 5 failed attempts

  7. Manufacturing industry
    – Password enforced
    – 5 character minimum
    – Content protection enabled
    – Lock device after 30 min inactivity
    – Wipe device after 10 attempts

  8. – Medical Device Manufacturing.
    – Password policy enforced via IT Policy.
    – Password minimum 10 characters requiring at least one each: upper case letter, lower case letter, numeral, and special character.
    – Device auto-locks after 30 minutes of inactivity.
    – Device wipes after 10 failed attempts (I’m told).
    – Content protection enabled, strongest encryption including address book.

  9. Even if your company doesn’t require it, if you don’t have a password on your blackberry, then you a certified moron IMHO.
    However, you wouldn’t believe the amount of clients I see without a password on their blackberry.
    I service many clients, some who have bes and some who don’t. About 1/2 “require” a password and 1/2 don’t.
    Those that do require passwords too are pretty flexible on it policies though.
    I have only 1 client I have ever worked for that actually had strict it policies. Most don’t care.
    BTW: the clients I service range from large attorney firms to mom and pops companies.

  10. I require a password here, as I did at my last position. In both corporations (one private-sector homebuilder and one public sector) time proved the decision prudent, as at least one Blackberry was lost.

    With the password protection set to wipe after 10 failed logons we were at least reassured that information didn’t make it’s way to the press at an ainappropriate time.

  11. Hi,

    Senior management in wireless cellular services provider Canada.

    – IT policy with 4 different digits password
    – Device gets wiped after 10 attempts.
    – Password renewed avery 3 months

    All tough IT policy seems easy to flush (please see:

    I hope it helps.

    • Although it is relatively easy to remove the IT policy set from any Blackberry you still have to provide the unit’s existing password first. If you don’t have the password you can’t remove the IT policy.

      To remove the policy, once a home PC is set up with the appropriate policy.bin file and the one registry change, all you do is start up Desktop Manager, connect the blackberry, TYPE IN THE EXISTING PASSWORD, then once you see “device connected” you can shutdown Desktop Manager and disconnect the blackberry.

      I’ve appropriately done this many times to decommissioned units that were already wiped of all company information.

      • 1) Please understand that when you remove the IT policy all the options stay the same including password and timeouts. Once the policies are removed you then can go into Security Options make whatever changes you need to.

        2) In the above steps you will only be prompted for a password if the device already has a password. So some of you may have done the above steps and not needed to type in a password to remove the policies.

  12. Fortune 100 high tech firm.
    Password is mandatory via BES policy.
    Min 8 characters, max 16.
    Must contain letters and numbers.
    Auto lock time out is 30 mins max if inactivity.

    Its a hassle but I understand the security reasons
    Behind it. I think a 8 character minimum is overkill.
    4 or 5 as a min is more appropriate for a
    Handheld IMO.

  13. – Yes on a password
    – Industry – Manufacturing
    – 6 Character’s

  14. – Advertising Agency
    – Password is enforced, minimum lenght of 4 characters
    – Device is locked after 5 minutes of inactivity
    – Device is wiped afer 10 attempts

  15. Financial Consulting
    – Password enforced
    – 6 character minimum

BlackBerry© is a registered Trademark of BlackBerry Limited. BerryReview is in no way affiliated with BlackBerry Limited though sometimes their lawyers send us love letters...

Copyright © 2007-‘2018’ BerryReview LLC