Policy Reference Guide

Local Navigation

Password policy group

A BlackBerry® device uses the IT policy rules in the Password policy group only if you configure the Password Required IT policy rule to Yes in the Device Only policy group. For more information about using passwords on BlackBerry devices, see the BlackBerry Enterprise Solution Security Technical Overview.

Duress Notification Address IT policy rule

Description

This rule specifies the email address that is notified when BlackBerry® device users type a BlackBerry device password under duress. Users can indicate that they are unlocking their devices against their will by moving the first character of the password to the end. For example, if a device password is example, the duress password is xamplee. Configure this rule to permit users to notify you that a device might have been stolen. Instruct users how to use the duress password feature.

If you configure this rule, the maximum number times that a user can try a password is reduced by half. Each time a user types a password to unlock a device, the device must verify whether the password is either the correct password or the duress password.

To prevent an unlocked device that was stolen from receiving a response to the duress notification, the email address that you specify should be active and you should not configure an out-of-office reply for it.

Default value

  • Null value

Minimum requirements

  • BlackBerry® Device Software 4.0

Rule introduction

  • BlackBerry® Enterprise Server 4.0

Forbidden Passwords IT policy rule

Description

This rule specifies the passwords that a BlackBerry® device user cannot use. Separate multiple passwords with a comma (,). By default, a BlackBerry device prevents a user from configuring passwords that use a natural sequence of characters or numbers. The device also automatically prevents common letter substitutions. For example, if you include "password" in the forbidden passwords list, users cannot use "p@ssw0rd", "pa$zword", or "password123" on the device.

Related rules

The Password Required IT policy rule affects this rule. A device uses this rule only if the Password Required IT policy rule is configured to Yes.

Default value

  • Null value

Minimum requirements

  • BlackBerry® Device Software 4.1

Rule introduction

  • BlackBerry® Enterprise Server 4.0 SP2

Maximum Password History IT policy rule

Description

This rule specifies the maximum number of previous passwords that a BlackBerry® device checks new passwords against to prevent a BlackBerry device user from reusing previous passwords.

Possible values

  • 0 to 15 passwords

Default values

  • 0 in the Default and Basic password security IT policies
  • 6 in all other preconfigured IT policies

Exceptions

  • BlackBerry® Enterprise Server for Novell® GroupWise® only with devices that are running BlackBerry® Device Software 4.0 or later

Minimum requirements

  • BlackBerry Device Software 3.6

Rule introduction

  • BlackBerry® Enterprise Server 3.6

Periodic Challenge Time IT policy rule

Description

This rule specifies the security timeout interval that must elapse before a BlackBerry® device locks and prompts a BlackBerry device user to type a password, regardless of whether the device was active during that interval.

Related rules

The Password Required IT policy rule affects this rule. A device uses this rule only if a password is configured on the device. To require that a user configure a password, configure the Password Required IT policy rule to Yes.

The User Can Change Timeout IT policy rule affects this rule. Change the User Can Change Timeout IT policy rule to No so that a user cannot change the timeout settings on a device.

The Enable Long-Term Timeout IT policy rule affects this rule. By default, if you change the Enable Long-Term Timeout IT policy rule to Yes, the security timeout interval is turned on and set to 60 minutes.

Possible values

  • 1 to 1440 minutes

Default value

  • 60 minutes

Minimum requirements

  • BlackBerry® Device Software 4.0

Rule introduction

  • BlackBerry® Enterprise Server 4.0

Set Maximum Password Attempts IT policy rule

Description

This rule specifies the number of times that a BlackBerry® device user can try a password before a BlackBerry device permanently deletes all of the application data.

Possible values

  • 3 to 10

Default value

  • 10

Exceptions

  • BlackBerry® Enterprise Server for Novell® GroupWise® only with devices running BlackBerry® Device Software 4.0 and later

Minimum requirements

  • BlackBerry Device Software 3.6

Rule introduction

  • BlackBerry® Enterprise Server 3.6

Set Password Timeout IT policy rule

Description

This rule specifies the amount of time of inactivity that can occur before a BlackBerry® device user must type the password to unlock a BlackBerry device. This rule defines the default value for the security timeout.

Related rules

The User Can Change Timeout IT policy rule affects this rule. If you set the User Can Change Timeout IT policy rule to No, the device uses the security timeout that you set in this rule.

Possible values

  • 0 to 60 minutes

Default value

  • 2 minutes for BlackBerry® Device Software 4.6 and earlier
  • 30 minutes for BlackBerry Device Software 4.7 and later

Exceptions

  • BlackBerry® Enterprise Server for Novell® GroupWise® only with devices running BlackBerry Device Software 4.0 and later

Minimum requirements

  • BlackBerry Device Software 3.6

Rule introduction

  • BlackBerry® Enterprise Server 3.5

Suppress Password Echo IT policy rule

Description

This rule specifies whether the characters that a BlackBerry® device user types in the Password dialog box appear on the BlackBerry device screen after the user types the password incorrectly a specific number of times.

Related rules

The Password Required IT policy rule affects this rule. The device uses this rule only if a password is configured on the device. To require a password, configure the Password Required IT policy rule to Yes.

The Set Maximum Password Attempts IT policy rule affects this rule. To specify the number of times that the user can type the password incorrectly before the characters appear on the screen, configure the Set Maximum Password Attempts IT policy rule.

Possible values

  • Yes
  • No

Default value

  • No

Exceptions

  • BlackBerry® Enterprise Server for Novell® GroupWise® only with devices running BlackBerry® Device Software 4.0 or later

Minimum requirements

  • BlackBerry Device Software 3.6

Rule introduction

  • BlackBerry® Enterprise Server 3.6

Was this information helpful? Send us your comments.