BlackBerry blacklists the 'Pooh' gang

A report surfaced recently contending that BlackBerry OS 10 will include a list of 106 prohibited passwords designed to prevent the clueless from choosing the likes of 123456, blackberry, or the ever-popular "password" as their password.

However, a RIM spokesman clarified for me that the list actually applies to BlackBerry ID universally, not only the upcoming operating system, and "has been active for some time now."

What he wasn't able to clarify, though, was why the BlackBerry blacklist enforces such a brutally disproportionate prohibition against names found on the character list of "Winnie the Pooh." Fully five of the no-can-do 106 -- tigger, rabbit, eeyore, piglet and poohbear - are plucked from the pages of the children's classic.

Yes, the blacklist is heavy on cartoon and fictional characters, in general: mickey, donald, barney, batman, gandalf, george and snoopy are also not allowed.

But inclusion or exclusion seems to carry little rhyme or reason, nursery or otherwise.

Calvin is banned, but not hobbes.

Dorothy and wizard are forbidden, but not scarecrow or tinman. Monkey is on the list, but not flyingmonkey. (Sure, longer character length matters.)

Want to use snowwhite as your password? Have a party. Same goes for all seven dwarfs.

Care to indulge in a more modern careless choice? Butthead is out of bounds, but not beavis, heh-heh. Homer is swell; so, too, simpson, simpsons and thesimpsons.

More questions:

Why are Monday uppercase and monday lowercase prohibited, yet either variant of the other six days of the week passes BlackBerry password muster? (I'm assuming the answer is that people try to use Monday more often ... but why might that be? People hate Mondays.)

The blacklisting by BlackBerry of molson makes some sort of sense, I guess, since both are products of Canada. But if beer names are problematic -- and they probably are -- why ban miller and not budweiser, other than perhaps the latter is harder to spell?

(By the harder-to-spell standard, then, the least BlackBerry could have done for the now permanently stigmatized Pooh gang would have been to leave poor eeyore be, since I have to look up that spelling every time.)

Baseball, football and even Canada's national religion, hockey, are all banned. But not basketball. The ninth letter was enough to earn basketball a pass? Who knows?

At least at a glance, it would appear that first names appear on the list or not nonsensically. Andrew, amanda, brandy, chelsea, jennifer, jonathan, maggie, mathew, michael - and mike - michelle, natasha, pamela, patrick, rachel, steven - but not stephen -- thomas and victoria are all among the banned.

Granted, victoria is a city name, too. But natasha is a no-no while robert, which would seem to be an automatic no siree, Bob, sails on through. Also OK are charles, david, patricia, richard, susan and william.

Perhaps the oddest entry on the blacklist - oddest until I looked it up - is ncc1701. Now I understand that I will have to endure the mockery of the Star Trek crowd for having had to look it up.

Of course, it's not my ill-advised behavior that has earned the Starship Enterprise a spot on a password blacklist.

If you'd like to get your favorite Pooh character off the list, write to RIM. Otherwise, the address is

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags Blackberryconsumer electronicspasswordsNetworkingsecuritywirelesssmartphonesRIM

More about Andrew Corporation (Australia)BlackBerryResearch In MotionTrek

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Paul McNamara

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place