PDA

View Full Version : Do your companies require a password on the Blackberries?


SDCromer
07-06-2005, 03:58 PM
My company has apparently pushed down a requirement for a password on my Blackberry. Now when I pull our the Blackberry to make a call, I have to type in a long password. This sure is a pain in the a$$.

For those of you on BES, does your company require you to have a password?

NJBlackBerry
07-06-2005, 04:06 PM
Yes. 60 minute timeout. 6 characters or more.

SUFan
07-06-2005, 08:30 PM
After a conversation with our RIM regional sales rep, he mentioned that all of his BES clients require passwords. We are contemplating making this a requirement. I have enabled my own password with a 30 minute timeout and its not that big of a deal.

jibi
07-06-2005, 08:37 PM
From a security standpoint, its highly advised. I think the minimum of 4 characters is plenty, though... so long as some form of strong security is enforced (number and letter requirements; or the addition of a required special character). Someone would have to get REALLY lucky in order to brute force the password within the maximum 10 allowed tries to break the security. I just don't see that happening.

As for you having to type in a password before making calls, go into your options and then Security and see if you have a new option to Allow Outgoing Calls when Locked (or something like that) and enable it. If its not present, then suggest to your Administrators to add that functionality in the IT Policy, as it will not remove the security needed/wanted for the DATA on the handheld (if someone stole your phone, they would simply be able to make calls on it, if this was enabled - not that big of an issue, imo).

Rancor
07-06-2005, 10:26 PM
forced to use minimum 6 characters and including at least one number with a 20 minute timeout and I like it.

I set up one device on a test BES and did not have a password forced and felt so insecure carrying the Blackberry around that I ended up manually setting the device to lock and require a password.

Knowing that if I was ever human enough to leave the Blackberry somewhere, the data is securely locked away is the way I like it.

alect
07-07-2005, 12:04 AM
Yes ours was introduced recently - 15 min timeout and 8 min password - it is the BANE of my existence - literally every time I pick up the BB i need to enter my password

cbandler
07-07-2005, 06:21 AM
I just changed jobs, and the new company does not have a BES. I have done a hard reset, but I can't seem to disable the password requirements. Can I do this. I tried searching, but can not find anything related to a non-BES password problem.

Thanks in advance.

insecterx
07-07-2005, 12:47 PM
10 minute time out but passwords can be whatever the user wants. its a good thing too because we have had a few lose theirs.

MarvinK
07-07-2005, 01:35 PM
I just changed jobs, and the new company does not have a BES. I have done a hard reset, but I can't seem to disable the password requirements. Can I do this. I tried searching, but can not find anything related to a non-BES password problem.

Thanks in advance.

Check this thread for clearing IT security policies:
http://www.blackberryforums.com/showthread.php?t=6682

kelvin
07-08-2005, 08:29 AM
Our company requires a password. Initially, they did not allow us to use the ALlow Phone Call feature. This crteated a bunch of compalints from the user community. We can make calls now. The only problem is that while I can make calls and chirp peopl (Nextel), I cannot use the Alert feature.

udontknowjack
07-08-2005, 08:39 AM
Well, I'll be the first on this thread to say my company with a BES doesn't require Passwords. The company I worked at before this didn't either. I, as the BES admin, have pushed for this at both companies as I think it is a great secuirty risk to not force passwords but in both cases, the CEO or some other real high up person thinks it is too much of an inconvenience so it doesn't happen. I'm sure once someone with some sensitive contact information or emails looses their blackberry and the info gets in the wrong hands, their tunes will change.

Think about it, almost all of us have PCs that lockout with a password after a certain time and those don't leave our desks. The Blackberry takes your email, contact information and many people store info in notes that is confidential out of the office and can be lost or stolen easier than a laptop. But for some reason, we think it shouldn't be password protected.

TheWastedYears
07-08-2005, 09:13 AM
BES4 has the remote kill feature, and people think this is a good alternative to preventive measures, apparently.

Chrisv2
07-13-2005, 04:35 PM
All 400 of my users are required to have a min. 8 char PWD with a mix of numbers and letters. All this with a 5 minute timout too!

SDCromer
07-13-2005, 07:33 PM
Well I guess that seven characters and a 15 minute timeout is not too bad. At least I can answer a phone call without typing in a password.

Luckystrik3
07-14-2005, 02:58 AM
So, well, I have a password as well, and donīt think of it as a pain. I rather think of it as a security measure, if I loose my BB (I loose things often ;) ).

smoorani
11-04-2005, 11:39 AM
From a security standpoint, its highly advised. I think the minimum of 4 characters is plenty, though... so long as some form of strong security is enforced (number and letter requirements; or the addition of a required special character). Someone would have to get REALLY lucky in order to brute force the password within the maximum 10 allowed tries to break the security. I just don't see that happening.

As for you having to type in a password before making calls, go into your options and then Security and see if you have a new option to Allow Outgoing Calls when Locked (or something like that) and enable it. If its not present, then suggest to your Administrators to add that functionality in the IT Policy, as it will not remove the security needed/wanted for the DATA on the handheld (if someone stole your phone, they would simply be able to make calls on it, if this was enabled - not that big of an issue, imo).

Once you set the option "Allow Outgoing calls", you must also change the option in Security on the handheld.

stonent
11-04-2005, 12:00 PM
Ours is just 6 characters. A few users have ones like poopoo or qaqaqa because they are easy to enter with one finger.

Better than nothing I say.

MozMan68
11-04-2005, 12:18 PM
My company doesn't require it, but I started using it after my boss left his in a restaurant at lunch....I didn't think too much of it when the "**** you" messages started coming across (we have a pretty laid back relationship)...but realized something was up when I asked a serious question and was told to "go **** yourself".

Thought it was pretty funny....probably because it wasn't my blackberry.

Aroc
11-04-2005, 01:53 PM
I am the BES admin. No passwords required. I don't see this being any bigger of a security risk that a lot of our other policies (which are pretty lax). (personal laptops, PDAs, other messages sent or stored "in the clear.") Some execs use their own passwords (which is a good idea), but I don't force the issue. Neither does senior management.

juwaack68
11-04-2005, 07:40 PM
I am the BES admin for our company and we have had a password since we rolled out the devices (6 char min, mix of letters and numbers, user can set max to 1 hour) - we're up to almost 300 now. Most users hate it, but oddly enough the owner of the company hasn't said boo about it.

We have had numerous devices stolen or lost (mostly from female sales people who won't wear the belt clip), so the kill command comes in handy, too.

HDClown
11-05-2005, 10:13 AM
No password here. I'm the BES admin but my manager or executive management has made no requests to force a password. It would certainly make a lot of people PO'd, but they'd have to deal if we did it.

If someone is terminated, or looses their BB, we immediately disable redirection so it does not get any more e-mail or work on the network, but that doesn't prevent someone from getting the e-mails/contacts/etc. already on the device.

The remote kill feature can solve all these problems, and not require a password. As long as it's reported as lost immediately to IT.

jetspeedz
11-07-2005, 11:29 AM
i hate the password feature when i switched over from one BES to another it got enabled so i cleared the IT policy and went back to the old BES...

for someone like myself who never loses things (bb, wallet, cards) and this BB is always with me then its a huge inconvenience... no one but myself uses this bb and i dont see the need for an annoying password everytime i pull out my bb out of the holster...

yes its a security issue and i used to work in IT so its hard for me to say its a bad thing but for people like myself its an inconvenience, for others they should setup the BB out the box so it has the option and a temp password is set but i still think its inconvenient