Français

English

Token password policies

Enhanced password policies for 3SKey tokens

 

By September 2017, three new password policies will become available on the 3SKey portal. Each policy specifies a set of password rules such as minimum length and maximum lifetime. The 3SKey administrators will be able to select the policy that best suits their needs and that will become applicable to all the users they manage.

After the administrator has selected the new password policy, the new rules will be enforced for each user only the next time that the user gets activated, reset, recovered or renewed. Through the user management screen, 3SKey administrators will be able to check which rules apply to each of their users' current password.

If, by 2018, 3SKey administrators have not selected a new password policy for their users, then SWIFT will assign the less restrictive password policy by default, overwriting the current policy. In this case also, the new rules will be enforced for each user only the next time that the user gets activated, reset, recovered or renewed.

The following table provides detailed parameters for each password policy:

 

Parameter Description Level 6 (Minimum) Level 8 (Medium) Level 12 (Maximum)
Length Minimum number of characters 6 8 12
Expiration Validity period (in days) before a password must be changed 90 180 365
Character set Minimum characters set that must be used
  • Number(0-9)
  • Letter (a-z)
  • Number(0-9)
  • Capital Letter (A-Z)
  • Symbol
Complexity Rules on the composition of a password Maximum 2 repeating characters
  • Maximum 2 repeating characters
  • At least 1 character from the 4 character types
History Number of previous passwords that cannot be re-used 5
Lockout Number of failed attempts before an account is locked 5
SWIFT © 2017