Why Aren't Secure Passwords Common?

[BESadmin]

Why Aren't Secure Passwords for Mobile Devices More Common?

Password protecting access to data and networks is an obvious security precaution. Most employees are used to having passwords for their computers, voicemail and other office technologies. So why aren't secure passwords for mobile devices more common?

The fact is mobile devices need the same security precautions. Spyware, corruption and theft can affect your mobile devices as easily as they can your computer – and the information can be just as sensitive.

“The security concerns you would have with a mobile device are the same as with a laptop, because the same type of information and the same ability to access information within a network is also on your device,” says BlackBerry security expert Michael Brown.

Without a clear policy for verifying password integrity and password practices on mobile devices, your organization is putting itself at risk.

Security breaches can threaten competitive position, result in litigation for failing to protect confidential client information, or lead to serious financial losses. Fortunately, there are ways to reduce vulnerability and increase security. And it all starts with a plan for verifying password integrity and implementing policies that encourage sound password habits.

Passwords 101: Common Mistakes

Password protecting your device is the key to peace of mind, but not all passwords are created equal. Many of us find we are overwhelmed with passwords for everything from bank accounts to our front doors – and memorizing them can be onerous.

As a result, we write them down or, worse, post them in plain view, making it very easy for a savvy intruder to get at your most private information.

Another common mistake is using memory cues to make passwords easier to remember. Using part of a phone number, family name, social security number or birth date may seem innocuous enough. But the truth is this information is often readily available; anyone looking to gain access to a mobile device is well schooled in how to access these details. Even recycling old passwords to create new ones offers an intruder a helping hand into your mobile data.

Beefing Up Your Password

There is no such thing as a truly impenetrable password, but a strong password should require a lot of time and effort to crack. The best passwords are often longer. Increasing the length of a password by just one character significantly increases the time and effort it takes to guess the exact combination of letters and numbers.

When you create your device password, take into account these elements:

• At least eight characters in length
• A combination of letters of mixed case and numbers
• Known only to the user (i.e., not present in any database)
• Not found in an English or foreign language dictionary
• Never shared
• Never written down

Passwords are just one component of maintaining a secure mobile solution whether you are using the BlackBerry® Internet Service or BlackBerry® Enterprise Server. For BlackBerry Enterprise Server customers, your IT department can set specific policies to ensure passwords are in use by your employees.

BlackBerry Enterprise Solution – Over 200 published IT policies

The BlackBerry® Enterprise Solution includes more than 200 published IT management policies and leads the way in helping administrators manage and control their wireless solution through intuitive and comprehensive IT policy management tools.

A sub-set of these policies is dedicated strictly to passwords, ensuring that administrators are able to effectively manage and enforce passwords right at the device level. Control isn't limited to setting a "true" or "false" condition.

Your administrator can specify everything from the minimum password length to the precise number of minutes that elapse before a security timeout. He or she can ensure that recent passwords aren't recycled, that the password requirement can't be disabled, that users can initiate a warning message if their handheld is in danger of being stolen and much more.

To find out more about each password policy rule, access the BlackBerry Enterprise Server Policy Reference Guide, which includes all the IT Policies available with the BlackBerry Enterprise Solution.

To learn more about securing your mobile device, download the user guide specific to your device at http://www.blackberry.com/support/documentation/handhelds/index.shtml