Password policy group
A BlackBerry® device uses the IT policy rules in the Password policy group only if, in the Device Only items, you configure the Password Required IT policy rule to Yes. For more information about using passwords on BlackBerry devices, see the BlackBerry Enterprise Solution Security Technical Overview.
Forbidden Passwords IT policy rule
Description
This rule specifies the passwords that a BlackBerry® device user cannot use. Separate multiple passwords with a comma (,).
Usage
By default, a BlackBerry device prevents a user from configuring passwords that use a natural sequence of characters or numbers. The BlackBerry device also automatically prevents common letter substitutions. For example, if you include "password" in the forbidden passwords list, users cannot use "p@ssw0rd", "pa$zword", or "password123" on the BlackBerry device.
Maximum Password History IT policy rule
Periodic Challenge Time IT policy rule
Description
This rule specifies the security timeout interval (in minutes) after which a BlackBerry® device locks and prompts a user to type a password, regardless of whether the BlackBerry device was active during that interval.
Default value
By default, if you change the Enable Long-Term Timeout IT policy rule to Yes, the security timeout interval is turned on and set to 60 minutes.
Usage
Type a periodic challenge time to shorten or extend the security timeout interval to a value that is within the range of 1 to 1440 minutes.
Dependencies
A BlackBerry device uses this rule only if a password is configured on the BlackBerry device. To require that a user configure a password, configure the Password Required IT policy rule to Yes. You can also change the User Can Change Timeout IT policy rule to No so that a user cannot change the timeout settings on a BlackBerry device.
Set Maximum Password Attempts IT policy rule
Description
This rule specifies the number of password attempts that a user can make before a BlackBerry® device permanently deletes all of the application data. The permitted range is 3 through 10 attempts.
Set Password Timeout IT policy rule
Description
This rule specifies the number of minutes of inactivity before the security timeout occurs and a BlackBerry® device user must type the password to unlock the BlackBerry device.
Default value
For BlackBerry® Device Software versions earlier than version 4.7, the default value is 2 minutes.
For BlackBerry Device Software version 4.7 and later, the default value is 30 minutes.
Dependencies
A BlackBerry device uses this rule only if you change the Password Required IT policy rule to Yes.
If you do not change the User Can Change Timeout IT policy rule to No, the user can change the security timeout to any value.
By default, the maximum security timeout interval is 60 minutes.
Suppress Password Echo IT policy rule
Description
This rule specifies whether, after a given number of incorrect password attempts, the characters that a user types in the Password dialog box appear on the screen.
Dependencies
The BlackBerry® device uses this rule only if a password is configured on the BlackBerry device. To require a password, configure the Password Required rule to Yes.
To specify the number of incorrect password attempts that the BlackBerry device permits before the typed characters appear on the screen, configure the Set Maximum Password Attempts rule.