What do you think of the following policy I am thinking of deploying?
Minimum Length: 5
Password requirements: at least 1 alpha and 1 numeric
User Can Disable: False
Maximum Password Age: 90 Days
Maximum Password History: 8 (can not use the past 8 passwords)
Maximum Security Timeout: 30 Minutes
Password Timeout: 30 Minutes
User Can Change Timeout: True, but only make shorter
Long-Term Timeout: True, Will lock even if in use
Long-term Timeout Challenge Time: 60 Minutes
Password attempts: 10, then blackberry will disable and
wipe itself, can be re-initiated with
our server after this.
I know the users will hate me for it, but losing a blackberry could be like losing your laptop with sensitive information and you email alone can be destroyed plus much other disaster.
I dont think this will be too harsh, would you do anythign different?