[tduffy]

Quote:

Originally Posted by jack_b

I am trying to convince management to have all Blackberries password protected, and they are not yet convinced.

- Can you let me know if your company requires (either yes and no)?
- What industry you are in?
- What kind of password or other requirements (# of characters, # of failed attempts, inactivity, etc)?

Also, does anyone know of any studies that have this type of data?

Thanks, Jack

My company is a Financial Institution
- We enforce password and content protection through BES It policy.
- Minimum 8 characters required
- Cannot use previous 6 passwords
- No repeating characters
- Device wipes itself after 10 unsuccessful attempts
- Required to change every 90 days
- Automatically locks when in holster or 10 minutes of inactivity
There is no complaining about this from our users because it has been this way since Day 1 with full support from senior management. Everyone is informed of it before they are issued a Blackberry. If they don't like it, their other option is no blackberry.

[mrvtx]

Quote:

Originally Posted by DarthBBerry

If you're not willing to press a key on your BB every 9 minutes and 59 seconds to keep it from locking, dont come b1tchin' to your BES admin when it gets stolen and your data is compromised.

Besides, if you're not using it every 9 minutes and 59 seconds, then you probably have an alterative method of accessing your e-mail, calendar and PIM.

I'm not sure what pressing the key every 9.9 minutes or every 29.9 minutes has to do with it being stolen, since I suspect people that steal them don't really know what protections people have on their phones before they steal them. My company chooses to balance user inconvenience with security, yours may feel differently. I wouldn't ***** to my BES admin if I lost my device, since that's my fault, not theirs.

I do have an alternative method of accessing my data at my desk, but not in a meeting. Thus, I use a mobile device when I am not in my office.

[mrvtx]

Quote:

Originally Posted by CanuckBB

You need to start having better managed meetings

True - I'd prefer that they were all 9 minutes and 58 seconds, but until I'm king, I'm stuck with what rolls down from on high.

[mrvtx]

Quote:

Originally Posted by knottyrope

Big guy here tells everyone to turn off their phone and if yours makes a sound... everyone in the meeting is required to loudly boo and hiss at you.

No one here keeps their phone on during a meeting.

Ours kind of assume that we will use our discretion to answer e-mails or take calls when they are more important than the meeting topic, or are occuring during times when we aren't actively participating in a portion of the meeting.

I'm sure that not every call that gets answered and every e-mail that gets answered is more important than the meeting, of course, but that's the price of being an adult in a free society, I guess.

I do keep my phone on silent during most meetings, so I try to do my part...

[SteveO86]

Yes.
4 Character min.
30 minute lock-out
8 Attempts
IT Policy goes on........

Public Safety

[DarthBBerry]

Quote:

Originally Posted by mrvtx

I'm not sure what pressing the key every 9.9 minutes or every 29.9 minutes has to do with it being stolen, since I suspect people that steal them don't really know what protections people have on their phones before they steal them. My company chooses to balance user inconvenience with security, yours may feel differently. I wouldn't ***** to my BES admin if I lost my device, since that's my fault, not theirs.

Yes, my users feel differently. They are under the belief that because there is a 60 minute time out setting that they are required to have an action on the BB every 59 minutes to keep it from locking. Therefore, they keep their devices out even when they are not being used. Hence, they are left on desks, tables, bathroom sinks, etc etc. And because the devices are being left out of the holder due to the security policy, it's MY FAULT that they lost it or had the BB stolen.

Yeah, follow that train of logic.....

I keep trying to emphasize that BlackBerry Security is not trying to keep you out of your device; it's meant as a preventative measure to keep outside folks from getting in. But they don't see it that way. I even had one user tell me that the only reason I implemented a BlackBerry Security policy was to make sure that users screwed up their devices so I could have a job and reset the passwords. To quote: "Without that policy, we wouldn't need you."

[mrvtx]

I guess in our case, we think we strike the right balance between security and user inconvenience at 30 minutes, but most of the BB users also have office computers, we are typically only on the BBs when away from our offices. We are not in a particularly security sensitive or law enforcement environment, so we don't need as much of a security concern as some others.

I'm sure there have been more than a few lost/stolen/misplaced, but I haven't heard of any blowback to the admins because of the policy. I know I wouldn't have the nerve to blame them for the lost device.

[SteveO86]

Old depends on the type of information you store.. If the information (SSN, Financial records, etc) you store on your devices could effect someone's life negatively it should protected if not then o well.

[afo1201]

Ok, I have about 50 users currently activated on BES and the IT policy doenst require them to have a password, where in the IT policy can I change this?

[DarthBBerry]

Quote:

Originally Posted by afo1201

Ok, I have about 50 users currently activated on BES and the IT policy doenst require them to have a password, where in the IT policy can I change this?

Depends on your version of BES.

[RJeffDay]

NOPE.

I have gone 'round and round' with my superior but no one will budge.

I even set up an IT Policy but they refuse to let me implement it.

*SIGH*

Just waiting for that day...

[afo1201]

running 5.0.1 , i found the option to change this on device only tab. changed it saved IT policy sent to both a curve and tour and its not prompting to set password, what else do i have to do? do i need to re-activate the bes account on the phone?

[afo1201]

ok, made the change.
only that I had to run enterprise activation on the phone itself AGAIN to make it see the changes, any other way I can force the device to see this change without having to re-activate it?

[dmeags]

Quote:

Originally Posted by afo1201

ok, made the change.
only that I had to run enterprise activation on the phone itself AGAIN to make it see the changes, any other way I can force the device to see this change without having to re-activate it?

Did you resend the IT policy after making the change?