grrr. There's always one guy...
Check out this response to my policy - from a user, mind you.
While I appreciate the comments, I do not appreciate the fact that this person thinks they can do our job for us.
As for the responses, I have a few on hand, but I wanted to put this past you guys for a more informed (and less heated) idea for feedback.
I take a fairly dim view of the approach to multiple password entry per dayprotection approach. |
The problem (company communications network security) isn't well addressed if everyone has a four letter password composed of the same letters or a simple keyslide that can be performed with only the right hand. You'd think we'd be a better group, but the first time you try to unlock your 'company cell phone / blackberry' to place a call on a very long drive, most users realize that simplicty is absolutely essential. I suspect we don't have a great deal password of diversity.
Perhaps there are other ways to approach the problem that better addresses the problem?
Consider password requirements for device-desktop syncronization. Staged password timeout for functionalities with different risks (30 min email lockout, 8 hours phone lockout). Device email lasts a max of one month. Or use-based software that reacts to possible malignant use senarios (like 3rd party software install) and locks out until a password is entered (if such a thing exists).
Ultimately doespasswording do much to protect our company anyway? Denial of service attacks to disable a blackberry enterprise server's corporate network are still a possiblility. MAPI and BBPROXY would seem to be threats if users can install 3rd party programs, and the blackberry's weak use of memory scrubbing (even with crypo) isn't something I much trust or understand. I guess what I'm saying is passwording only seems likely to block out casual (and probably not particularly dangerous) misuse senarios, without appearing to add security against more dangerous hacking or malware threats.
Has therebeen much blackberry abuse/theft/maluse in our company?