Goodbye, 123456: Blackberry bans weak passwords

Among the list, published in full on the Rapidberry blog, are no-brainers like '123456', 'Blackberry' and the ever-popular 'password', but also Canada and Molson, Poohbear and Tigger, and names like Natasha and Patrick.

The ban extends to Blackberry IDs only, and does not affect what users are relying on to secure the devices themselves. Blackberry IDs are used to log into apps and services or restricted areas on the Website.

“BlackBerry continually looks to help its customers protect their confidential information," Tim Segato, senior product manager for BlackBerry security at RIM, told the Huffington Post. "One element of BlackBerry’s overall security solution is to limit commonly used passwords on BlackBerry ID."

Passwords continue to be a fertile field for debate when it comes to best practices. Conventional wisdom says that changing them every 90 days is a good first step. Others, like Andrew Jaquith, CTO of Perimeter E-Security and former Forrester analyst on password security, disagrees.

“Requiring employees to change their passwords every 90 days just annoys them, and they will do highly insecure things to cope as a result,” he told Infosecurity last month. “They will scribble passwords on sticky notes, re-use the same password everywhere or make the absolute smallest changes to their passwords that they can while still complying with policy.”

Some, like government agencies, fall back on hash algorithms, which convert various length plaintexts into standard length scrambles in a manner that cannot mathematically be reversed. But even this technique can be compromised: As Infosecurity reported, the widely used SHA1 hash is no longer considered to be strong.

One-click password management, digital federated identities and other authentication schemes aimed at taking the memory and guesswork out of the equation are increasingly being floated as ideas to remedy the problem, but more often than not, companies are falling back on the users themselves to choose passwords that can’t be easily guessed.

Blackberry is not alone in its move: Gmail and Hotmail both banned weak passwords last year.

What’s hot on Infosecurity Magazine?