BlackBerry Forums Support Community - View Single Post - Best Security Practices for a Bank Holding Company

DarthBBerry · 01-20-2011, 11:22 AM

Password
Password Pattern Checks - No Restrictions
Maximum Password Age - 90 Days
Maximum Security Timeout - 15 Minutes
With sensitive data, you may want to change that to less; like 5 minutes of inactivity.
Minimum Password Length - 6
Password Required - Yes
Maximum Password History - 4
Suppress Password Echo - Yes
This is debatable. If your user can't remember the password, perhaps actually seeing it on the screen will help. (I've had users say they set the password to 1234567654321 when in actuality is is "wersdfzfdsrew". They were looking at the numbers but not using the ALT key.)
Maximum Password Attempts - 8
If the end user can't remember their password after 6 attempts, they sure as heck ain't gonna get it at 8. My policy is set to 6.
Password Timeout - 15 Minutes

I also recommend that you put a Forbidden Password policy in place. 911 is a no-no in my environment. If you happen to have 911 in part of your password, your device may call 911 Emergency.

Security
Disallow Third Party Applications Downloads - No
You may be opening up for some strange 3rd party apps on devices. I've seen some really bizarre things make an OS go "POOF."

You may want to add:
User Can Change Timeout: No
Content Protection Strength: Strong
External File System Encryption Level: Encrypt to User Password (including multi-media directories)

Some type of password/encryption requirement for Bluetooth if allowed. Otherwise, disable it completely.
Same goes for Smart Card Readers.

01-20-2011, 11:22 AM	#5
DarthBBerry Wireless Sith Lord Join Date: Jan 2007 Location: Online Model: iOS 6 Carrier: Verizon x2 Posts: 1,458	Re: Best Security Practices for a Bank Holding Company Password Password Pattern Checks - No Restrictions Maximum Password Age - 90 Days Maximum Security Timeout - 15 Minutes With sensitive data, you may want to change that to less; like 5 minutes of inactivity. Minimum Password Length - 6 Password Required - Yes Maximum Password History - 4 Suppress Password Echo - Yes This is debatable. If your user can't remember the password, perhaps actually seeing it on the screen will help. (I've had users say they set the password to 1234567654321 when in actuality is is "wersdfzfdsrew". They were looking at the numbers but not using the ALT key.) Maximum Password Attempts - 8 If the end user can't remember their password after 6 attempts, they sure as heck ain't gonna get it at 8. My policy is set to 6. Password Timeout - 15 Minutes I also recommend that you put a Forbidden Password policy in place. 911 is a no-no in my environment. If you happen to have 911 in part of your password, your device may call 911 Emergency. Security Disallow Third Party Applications Downloads - No You may be opening up for some strange 3rd party apps on devices. I've seen some really bizarre things make an OS go "POOF." You may want to add: User Can Change Timeout: No Content Protection Strength: Strong External File System Encryption Level: Encrypt to User Password (including multi-media directories) Some type of password/encryption requirement for Bluetooth if allowed. Otherwise, disable it completely. Same goes for Smart Card Readers. __________________ DarthBBerry 6-Time BlackBerry World Champion (2007-2012) BlackBerry® Certified Support Specialist v5.0 BlackBerry® Certified System Administrator v5.0
Offline