09:38 AM
Mobile Threats & How to Keep Them at Bay
Jun 01, 2016
With savvy cybercriminals using vulnerabilities in apps, networks, and operating systems to gain c ...Read More>>

RIM's BlackBerry 10 To Block Certain Passwords

A file uncovered in early builds of BlackBerry 10 shows a list of 106 passwords that won't be allowed on RIM's new devices.

RIM is prepared to help protect its customers' BlackBerry 10 smartphones by blacklisting certain passwords. The idea is to coax people into selecting more secure passwords by denying them the ability to use the idiotic and insecure passwords they might prefer to pick.

The eagle-eyed folks over at RapidBerry spotted the security feature deep within the recesses of BlackBerry 10. For the moment, the list has 106 unusable words on it. It is possible that RIM will add to this list over time.

RIM has not yet announced this as a feature of BlackBerry 10, but it should be. It's a good idea, one that's time is overdue. Every month, it seems, there's a new massive security breach somewhere thanks to weak passwords. People are reminded time and again to use secure passwords that contain a mix of letters and numbers, but many don't get the message.

[ BlackBerry 10: good enough for government work. See RIM BlackBerry 10 Gets Government Security Clearance. ]

RIM, an expert at helping deliver messages, is sending one of its own.

The list contains some of the most obvious suspects, such as password, 123456, 123abc, abc123, secret, freedom and blackberry. There are some interesting choices in the list that may not be all that common, but apparently make the cut in RIM's mind as verboten.

My favorites include batman, gandalf, merlin, wizard and zapata. There is an entire contingent of Winnie the Pooh and other Disney names on the list, including eeyore, poohbear, piglet, tigger, mickey and donald. (Is there something about Winnie the Pooh that I'm missing, or are there that many of you working from home and looking at your kids' toys in the living room?)

There are also a ton of regular names on the list, including amanda, angel, andrew, barney, brandy, calvin (but not Hobbes), chelsea, dorothy, george, jennifer, jonathan, maggie, matthew, michael, michelle, pamela, patrick, rachel, steven, thomas and victoria.

Businesses should be sure that their employees are using passwords to lock their mobile devices (smartphones, tablets and laptops), and also ensure that those passwords are secure. A good policy is to force employees to change their password every 30 or 60 days. For those IT admins in the audience, take a look at the full list to see about blacklisting some in your own system.

RIM will debut BlackBerry 10 on January 30, with new BlackBerry smartphones to follow by late February or early March.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
12/8/2012 | 1:13:54 PM
re: RIM's BlackBerry 10 To Block Certain Passwords
Why not link that list to an online dictionary of choice? If eeyore is no good then fryingpan should not be allowed. In that sense, give users the option to link to a (maintained) list of their choice or have no blacklist at all. In the end RIM cannot fix stupid.
User Rank: Apprentice
12/5/2012 | 10:48:01 PM
re: RIM's BlackBerry 10 To Block Certain Passwords
sorry for lousy typing skills...
User Rank: Apprentice
12/5/2012 | 10:46:58 PM
re: RIM's BlackBerry 10 To Block Certain Passwords
I agree with the idea in principal, and wonder why it is not in every device and OS - indeed why is it not just a link to the OS dictionary - no common words allowed ever!

And as for forcing password changes, I agree with the sentiment that is adds little to security. I'd prefer an approach where changing a password is suggested rather than mandated. The sugtgestion box might prompt people with useful questions such as; did you share your password recently? do you think anyone knows your password? do you have it written down anywhere? and so on - if yes, please change.

And considering the implications of the inclusion of the doictionary as a pw blacklist you can use the grammar and spell-checker lists as well. This way common (hackneed) phrases and miss-spelled words are also excluded.
Andrew Binstock
Andrew Binstock,
User Rank: Author
12/5/2012 | 10:25:10 PM
re: RIM's BlackBerry 10 To Block Certain Passwords
BB's idea is a good one. As we've seen from the posted passwords that have been computed from the LinkedIn hack and others, many people choose easily guessed passwords.

As OldUber notes below, however, the proposal of forcing password changes every 60 days is a security hole and I am quite certain BB or any other device maker will never implement such a proposal.
User Rank: Strategist
12/5/2012 | 6:29:43 PM
re: RIM's BlackBerry 10 To Block Certain Passwords
If you force you users to change their passwords every 30-60 days you WILL have 'yellow sticky syndrome.' Period. End of Statement.

If you're lucky, your users will put the yellow sticky on the bezel of the monitor where its easy to detect, instead of the default location under the keyboard. Either way, IT gets to be the bad guy for getting people fired.

Have fun!
InformationWeek Elite 100
InformationWeek Elite 100
Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
Register for InformationWeek Newsletters
White Papers
Current Issue
2016 InformationWeek Elite 100
Our 28th annual ranking of the leading US users of business technology.
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.