RIM's BlackBerry 10 To Block Certain Passwords - InformationWeek
09:38 AM
[Dark Reading Crash Course] Finding & Fixing Application Security Vulnerabilitie
Sep 14, 2017
Hear from a top applications security expert as he discusses key practices for scanning and securi ...Read More>>

RIM's BlackBerry 10 To Block Certain Passwords

A file uncovered in early builds of BlackBerry 10 shows a list of 106 passwords that won't be allowed on RIM's new devices.

RIM is prepared to help protect its customers' BlackBerry 10 smartphones by blacklisting certain passwords. The idea is to coax people into selecting more secure passwords by denying them the ability to use the idiotic and insecure passwords they might prefer to pick.

The eagle-eyed folks over at RapidBerry spotted the security feature deep within the recesses of BlackBerry 10. For the moment, the list has 106 unusable words on it. It is possible that RIM will add to this list over time.

RIM has not yet announced this as a feature of BlackBerry 10, but it should be. It's a good idea, one that's time is overdue. Every month, it seems, there's a new massive security breach somewhere thanks to weak passwords. People are reminded time and again to use secure passwords that contain a mix of letters and numbers, but many don't get the message.

[ BlackBerry 10: good enough for government work. See RIM BlackBerry 10 Gets Government Security Clearance. ]

RIM, an expert at helping deliver messages, is sending one of its own.

The list contains some of the most obvious suspects, such as password, 123456, 123abc, abc123, secret, freedom and blackberry. There are some interesting choices in the list that may not be all that common, but apparently make the cut in RIM's mind as verboten.

My favorites include batman, gandalf, merlin, wizard and zapata. There is an entire contingent of Winnie the Pooh and other Disney names on the list, including eeyore, poohbear, piglet, tigger, mickey and donald. (Is there something about Winnie the Pooh that I'm missing, or are there that many of you working from home and looking at your kids' toys in the living room?)

There are also a ton of regular names on the list, including amanda, angel, andrew, barney, brandy, calvin (but not Hobbes), chelsea, dorothy, george, jennifer, jonathan, maggie, matthew, michael, michelle, pamela, patrick, rachel, steven, thomas and victoria.

Businesses should be sure that their employees are using passwords to lock their mobile devices (smartphones, tablets and laptops), and also ensure that those passwords are secure. A good policy is to force employees to change their password every 30 or 60 days. For those IT admins in the audience, take a look at the full list to see about blacklisting some in your own system.

RIM will debut BlackBerry 10 on January 30, with new BlackBerry smartphones to follow by late February or early March.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
12/8/2012 | 1:13:54 PM
re: RIM's BlackBerry 10 To Block Certain Passwords
Why not link that list to an online dictionary of choice? If eeyore is no good then fryingpan should not be allowed. In that sense, give users the option to link to a (maintained) list of their choice or have no blacklist at all. In the end RIM cannot fix stupid.
User Rank: Apprentice
12/5/2012 | 10:48:01 PM
re: RIM's BlackBerry 10 To Block Certain Passwords
sorry for lousy typing skills...
User Rank: Apprentice
12/5/2012 | 10:46:58 PM
re: RIM's BlackBerry 10 To Block Certain Passwords
I agree with the idea in principal, and wonder why it is not in every device and OS - indeed why is it not just a link to the OS dictionary - no common words allowed ever!

And as for forcing password changes, I agree with the sentiment that is adds little to security. I'd prefer an approach where changing a password is suggested rather than mandated. The sugtgestion box might prompt people with useful questions such as; did you share your password recently? do you think anyone knows your password? do you have it written down anywhere? and so on - if yes, please change.

And considering the implications of the inclusion of the doictionary as a pw blacklist you can use the grammar and spell-checker lists as well. This way common (hackneed) phrases and miss-spelled words are also excluded.
Andrew Binstock
Andrew Binstock,
User Rank: Author
12/5/2012 | 10:25:10 PM
re: RIM's BlackBerry 10 To Block Certain Passwords
BB's idea is a good one. As we've seen from the posted passwords that have been computed from the LinkedIn hack and others, many people choose easily guessed passwords.

As OldUber notes below, however, the proposal of forcing password changes every 60 days is a security hole and I am quite certain BB or any other device maker will never implement such a proposal.
User Rank: Strategist
12/5/2012 | 6:29:43 PM
re: RIM's BlackBerry 10 To Block Certain Passwords
If you force you users to change their passwords every 30-60 days you WILL have 'yellow sticky syndrome.' Period. End of Statement.

If you're lucky, your users will put the yellow sticky on the bezel of the monitor where its easy to detect, instead of the default location under the keyboard. Either way, IT gets to be the bad guy for getting people fired.

Have fun!
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll