Define password rules
Threats of security breaches have motivated organizations to develop stringent rules governing password creation and mandatory password change cycles.
BlackBerry Alertenables customizing the rules for password creation and password complexity to conform to your organization’s policies, including compliance with the United States Department of Defense password requirements.
System administrator and enterprise administrators can access the Security Policy screen, change the rules for password creation, control the visibility of the Password Never Expires setting on user profile pages, and enforce a system-wide password update for all operators the next time the operators log in.
In addition to the rules covered on the Security Policy screen, consider communicating the following guidelines to your organization when defining passwords:
- Avoid words found in a dictionary, or a proper name, spelled forwards or backwards.
- Avoid simple keyboard sequences with repeated keystrokes.
- Avoid previously used passwords.
- Avoid strings that reference personal information.
- In the navigation bar, click .
- In theSystem Setupsection, clickSecurity Policy.
- In thePassword Update Rulessection, on theSecurity Policyscreen, specify values based on the following information:If a password rule is unnecessary in your organization, type 0 (zero) as its value.
- Renew Password After: Force operators to change their passwords everynnumber of days. Type the number of days that a password is valid. Type0to never force operators to change their passwords.
- Show "Password Never Expires": Select this option to display the Password Never Expires option on user profile pages. This option is selected by default. You must have system administrator or enterprise administrator permissions to set this option.
- Reuse Password After: Prevent operators from recycling recent passwords. For example, if you type5and the system does not accept any of the last 5 passwords created by an operator. Type0to allow operators to use any previous password.
- Minimum Password Age: Set the minimum time interval for changing passwords. For example, type15to force users to wait at least 15 days before changing their passwords.
- Minimum Changes in Password: Specify the minimum number of characters in a password, to prevent users from using very similar passwords. For example, type5to force users to change at least 5 characters each time they change their passwords.
- Lock Account After: Prevent unauthorized attempts to guess an operator’s password. Type the maximum number of login attempts allowed. Operators cannot log in using the same username after a lockout. Type0to allow an unlimited number of login attempts.
- Reset Lockout After: If a lockout occurs, reset it after a specified number of minutes. Set to0(zero) to prevent the lockout from being automatically reset. For this last case, to reactivate the account, the Administrator must go toUsers>Users. Click the user's name, then clickEdit Operator Permissionson the user details screen. ClickUnlockto change the status.
- When you have finished updating the security policy settings, clickSave.
The updated password requirements go into effect for all new operators and for existing operators when their passwords expire. Operators whose passwords never expire do not have to change their passwords to conform to updated password requirements.