Title

BlackBerry 10 OS must enforce a minimum length for the Work Space unlock password. (Cat II impact)

Discussion

Password complexity, or strength, is a measure of the effectiveness of a password in resisting guessing and brute force attacks. The ability to crack a password is a function of how many times an attempt to crack the password, how quickly the adversary can do each attempt, and the size of the password space. The longer the minimum length of the password is, the larger the password space.

Check Content

From either the Work Space or Personal Space, navigate to "Settings >> BlackBerry Balance" and select "Change Password". Authenticate using the current password. Select "Password Rules" and verify "Your password must be at least 6 characters." Otherwise, this is a finding.

Fix Text

On BlackBerry Device Service, set the IT Policy rule "Minimum Password Length" to 6.

Additional Identifiers

Rule ID:

Vulnerability ID: V-47181

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.