InformationWeek: The Business Value of Technology

InformationWeek: The Business Value of Technology
InformationWeek Big Data Coverage
= Member Content
Facebook Twitter Share

E-mail | Print | Permalink | LinkedIn | RSS

RIM's BlackBerry 10 To Block Certain Passwords


A file uncovered in early builds of BlackBerry 10 shows a list of 106 passwords that won't be allowed on RIM's new devices.


By Eric Zeman
InformationWeek
December 05, 2012 10:45 AM

RIM is prepared to help protect its customers' BlackBerry 10 smartphones by blacklisting certain passwords. The idea is to coax people into selecting more secure passwords by denying them the ability to use the idiotic and insecure passwords they might prefer to pick.

The eagle-eyed folks over at RapidBerry spotted the security feature deep within the recesses of BlackBerry 10. For the moment, the list has 106 unusable words on it. It is possible that RIM will add to this list over time.

RIM has not yet announced this as a feature of BlackBerry 10, but it should be. It's a good idea, one that's time is overdue. Every month, it seems, there's a new massive security breach somewhere thanks to weak passwords. People are reminded time and again to use secure passwords that contain a mix of letters and numbers, but many don't get the message.

[ BlackBerry 10: good enough for government work. See RIM BlackBerry 10 Gets Government Security Clearance. ]

RIM, an expert at helping deliver messages, is sending one of its own.

The list contains some of the most obvious suspects, such as password, 123456, 123abc, abc123, secret, freedom and blackberry. There are some interesting choices in the list that may not be all that common, but apparently make the cut in RIM's mind as verboten.

My favorites include batman, gandalf, merlin, wizard and zapata. There is an entire contingent of Winnie the Pooh and other Disney names on the list, including eeyore, poohbear, piglet, tigger, mickey and donald. (Is there something about Winnie the Pooh that I'm missing, or are there that many of you working from home and looking at your kids' toys in the living room?)

There are also a ton of regular names on the list, including amanda, angel, andrew, barney, brandy, calvin (but not Hobbes), chelsea, dorothy, george, jennifer, jonathan, maggie, matthew, michael, michelle, pamela, patrick, rachel, steven, thomas and victoria.

Businesses should be sure that their employees are using passwords to lock their mobile devices (smartphones, tablets and laptops), and also ensure that those passwords are secure. A good policy is to force employees to change their password every 30 or 60 days. For those IT admins in the audience, take a look at the full list to see about blacklisting some in your own system.

RIM will debut BlackBerry 10 on January 30, with new BlackBerry smartphones to follow by late February or early March.


Federal agencies must eliminate 800 data centers over the next five years. Find how they plan to do it in the new all-digital issue of InformationWeek Government. Download it now (registration required).

Small and midsize businesses are falling prey to cyberattacks that cost them sensitive data, productivity and corporate accounts cleaned out by sophisticated banking Trojans. SMBs are typically on the hook for these losses and lack effective means to prevent them. Our Small Businesses, Big Losses report explains what makes these threats so menacing and shares best practices to defend against them. (Free registration required.)




InformationWeek encourages readers to engage in spirited, healthy debate, including taking us to task. However, InformationWeek moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. InformationWeek further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
Subscribe to RSS


Advertisement

InformationWeek Reports

report Mobility's Next Challenge: 8 Steps to a Secure Environment
Taking your company's mobile capabilities to the next level--whether on personally or company-owned devices-requires a lifecycle management plan that encompasses application security, development, distribution, support and enhancement. We show you how to get there and provide insight into five mobile application development options.

report Buyer's Guide: Mobile Device Management
Want the lowdown on nine top MDM products? Our InformationWeek Buyer's Guide is your one-stop guide for choosing an MDM system that match your requirements. ZIP file includes: Detailed comparison charts on security, administration, and platform and reporting features; our full questionnaire; and responses from Absolute Software, AirWatch, Fiberlink Communications, JAMF Software, MobileIron, Odyssey Software, Symantec, Tangoe, and Zenprise.

report Dark Side of Mobile Apps
Companies are rushing headlong to develop applications for Android, Apple and BlackBerry devices. But IT must maintain its secure development lifecycle process or risk a black eye.

report Reducing Mobile Device Risks to Enterprise Data
Innovative IT shops are turning the mobile device management challenge into a business opportunity--and showing that we can help people be more connected and collaborative, regardless of location. We offer a framework of four possible strategies to secure the mobile environment.