Let me tell you about my BlackBerry security configuration(s)
BlackBerry Bold 9650 (non-camera model) with OS 6 is my daily driver. I have two security configurations that I alternate between. I use one of the configurations for a while (maybe a month or two) then switch to the other. The first configuration is the stronger configuration, because Contacts are encrypted.
Configuration 1
1. Options>Security>Password
* Check "Enable" (See Note 1)
* Number of Password Attempts: 10
* Lock After: 1 hour
* Check "Prompt on Application Install"
* Check "Allow Outgoing Calls While Locked" (See Notes 2 & 3)
* Uncheck "Lock Handheld Upon Holstering"
2. Options>Security>Encryption
Device Memory
* Check "Encrypt"
* Strength: Strongest (See Note 1)
* Check "Include Contacts" (See Note 2 & 3)
* Check "Include Media Files"
Media Card
Check "Encrypt"
Mode: "Device Password & Device Key" (See important Media Card Encryption Note below)
Check "Include Media Files"
Notes:
1. I use a twenty-one character password. This allows me to take advantage of the "Strongest" Device Memory encryption strength. In case you think it's inconvenient for me to enter it, it's not. I use a one hour security timeout, my BlackBerry is on my person most of the time, and rarely an hour goes by that I don't look at my BlackBerry. If it's locked, it's because I deliberately locked it. In any case, I'm a pretty fast typist.
2. I encrypt my contacts. That way I'm fine with allowing outgoing calls while the device is locked. If someone needs to use my BlackBerry to make a call, I can simply lock it, and he won't see my contact list start to populate when he starts to dial. (I have unlimited calling, so I'm not especially worried about a thief who might place a bunch of calls before I report the phone stolen to my carrier.) This setting also allows me to take advantage of the "Recent Activities" feature in the Contacts application without the concern that someone with UFED/Cellebrite equipment might be able to view any unencrypted recent activities stored in the Contacts application.
3. Password for voicemail is enabled and set to enter manually. Reason: when someone goes to place a call when the BlackBerry is locked and outgoing calls are allowed, he can still press the BlackBerry (menu) key and choose the "Call Voicemail" option; there's no way to disable this.
Configuration 2
1. Options>Security>Password
* Check "Enable"
* Number of Password Attempts: 10
* Lock After: 1 hour
* Check "Prompt on Application Install"
* Uncheck "Allow Outgoing Calls While Locked" (See Notes)
* Uncheck "Lock Handheld Upon Holstering"
2. Options>Security>Encryption
Device Memory
* Check "Encrypt"
* Strength: Strongest
* Uncheck "Include Contacts" (See Notes)
* Check "Include Media Files"
Media Card
Check "Encrypt"
Mode: "Device Password & Device Key" (See important Media Card Encryption Note below)
Check "Include Media Files"
Notes:
1. When contacts are not encrypted, I don't allow outgoing calls while the BlackBerry is locked. Otherwise someone dialing a call will have access to all my contacts even while the BlacBerry is locked. Also, when Contacts are not encrypted, I don't enable the "Recent Activities" feature in the Contacts application. Though I don't know for sure, it's logical to conclude that someone with UFED/Cellebrite equipment who somehow circumvents the device password will be able to read any unencrypted data. If the "Contacts" application is unencrypted, it's likely the "Recent Activities" (emails, etc.) displayed therein are also unencrypted.
2. When I don't allow outgoing calls while the device is locked, I add a pause and password into my voicemail number for convenience. No one will be able to reach the dial out screen and "Call Voicemail" option without first entering my password.
3. When Contacts are not encrypted, I take full advantage of custom Contact Alerts; they'll work even when the Blackberry is locked. If Contacts are encrypted, any custom Contact Alerts will only work when the BlackBerry is unlocked.
Important Media Card Encryption Note
If it's imperative that you're able to view your encrypted media card files in a different BlackBerry, you must use "Device Password" as the media card encryption mode. If you use either of the other two encryption modes, you will not be able to view your encrypted media card files in any other BlackBerry ... ever! I have a mix of encrypted and unecrypted files on my media card. I transfer the encrypted files back and forth between BlackBerry and pc using BlackBerry Desktop Software 6. I transfer the unencrypted files between BlackBerry and pc using the USB (mass storage) mode.