...
- Enforces a password of minimum length 4 on a mobile device that mounts Exchange.
- Password complexity is not a requirement, nor password age, or password reset frequency. These items are security deterrents but unnecessary to attain the Goals stated above.
- After 10 incorrect password entries, a wipe code is sent to the device. The user is warned of this. Many Devices (such as iPhones) institute their own time lockouts between password entries
| Code Block |
|---|
iPhone 4s, running iOS 6.1.3 (latest) *ATTEMPT – OUTCOME* * 1-5: bad password * 6: 1min lockout (emergency calls allowed) * 7: 5min lockout (emergency calls allowed) * 8: 15min lockout (emergency calls allowed) * 9: 60min lockout (emergency calls allowed) * 10: tether device and connect to iTunes Nokia Lumia 822, running Windows Mobile 8 *ATTEMPT - OUTCOME* * 1-4: bad password * 5: 1 min lockout * 6: 2 min lockout * 7: 4 min lockout * 8: 8 min lockout * 9: 16 min lockout * 10: 32 min lockout etc. HTC Rezoud, running Android 4.0.3 *ATTEMPT - OUTCOME* * 1-4: bad password * 5: 30 second lockout * 6-9: bad password * 10: 30 second lockout * 11: bad password etc. |
...