BlackBerry ID lockout behavior

Article ID: KB24157

Type: Support Content

Last Modified: 01-08-2013

 

Product(s) Affected:

  • BlackBerry 7 OS and earlier
  • BlackBerry World for BlackBerry smartphones
  • BlackBerry News Feeds for BlackBerry smartphones
  • BlackBerry Protect for BlackBerry smartphones
  • Tablets
  • BlackBerry ID
Jump to: Environment | Overview
CollapseEnvironment
  • BlackBerry PlayBook tablet
  • BlackBerry smartphones 
  • BlackBerry ID
  • BlackBerry App World storefront 2
  • BlackBerry Protect 1.0
  • BlackBerry News Feeds 1.0
CollapseOverview

BlackBerry ID is the master key to BlackBerry smartphone products, sites, services and applications, including BlackBerry Protect and the BlackBerry App World storefront.

To prevent unauthorized access to the account, the BlackBerry ID will become locked out after a number of failed attempts. See the information below for an outline on the expected behavior:

Local Authentication Lockout 

On BlackBerry PlayBook and BlackBerry smartphones if the user enters their BBID password incorrectly 10 times on the BBID sign in screen, verify password screen, or BBID Edit screens, they are LOCKED OUT of all the following functions on that BlackBerry device for 15 minutes:

  • Authenticating with their BlackBerry ID on the sign in screen
  • Authenticating with their BlackBerry ID on the verify password screen
  • Authenticating with their BlackBerry ID on the BBID edit screens 

Note: The user can still log in on the web or any other devices associated with their BlackBerry ID. They are only locked out on the device where the 10 incorrect attempts occurred.  On the locked out device, after 15 minutes, they get 1 try to provide the correct password on the sign in and/or verify password screens. If they fail to enter the correct password, they are locked out for an additional 15 minutes on that device.

Account Server Lockout

Users have total of 10 attempts to enter their password correctly against the BlackBerry ID Account Server.

The scenarios that increment the Account Server lockout counter are as follows:

  • Providing an incorrect password anywhere on the BlackBerry ID web portal (blackberry.com/blackberryid)
  • Providing an incorrect password within the BlackBerry ID Edit feature on any BlackBerry device or BlackBerry PlayBook

Note: if a user provides an incorrect password 5 times on the BlackBerry ID web portal (blackberry.com/blackberryid), and then 5 more times on the BlackBerry ID Edit feature on their BlackBerry PlayBook, the cumulative number of failed attempts is 10. Once the user has made 10 incorrect attempts to provide their password against the Account Server, they are locked out of the Account Server PERMANENTLY until they reset their password.

See KB26361 for information to reset a BlackBerry ID password

Note: The Account Server Lockout does NOT prevent the user from local authenticating on devices  (the user can still authenticate on the sign in and verify password screens on their BlackBerry devices).

Forgot Password Lockout

If the user answers their Security Question incorrectly 10 times, they are locked out for 15 minutes of Forgot Password functionality on all interfaces such as:

Note: After 15 minutes, they get 1 try, and if they fail to answer the question correctly, they are locked out for an additional 15 minutes.

Disclaimer

By downloading, accessing or otherwise using the Knowledge Base documents you agree:

   (a) that the terms of use for the documents found at www.blackberry.com/legal/knowledgebase apply to your use or reference to these documents; and

   (b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.


Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.