Token password policies
Enhanced password policies for 3SKey tokens
Since September 2017 three new password policies are available on the 3SKey portal. Each policy specifies a set of password rules such as minimum length and maximum lifetime. When a new user group is being setup the administrators must select the policy that best suits the needs of their organisation and that will become applicable to all the users they manage. Administrators of existing groups can setup the PIN policy via the user management screen on the 3SKey portal.
After an administrator has selected a new password policy, the new rules will be enforced for each user only the next time that the user gets activated, reset, recovered or renewed. Through the user management screen, 3SKey administrators are able to check which rules apply to each of their users' current password.
For groups created before September 2017, if no PIN policy was defined on the group by an administrator, the less restrictive password policy is applied by default. In this case also, the new rules will be enforced for each user only the next time that the user gets activated, reset, recovered or renewed.
The following table provides detailed parameters for each password policy:
| Parameter | Description | Level 6 (Minimum) | Level 8 (Medium) | Level 12 (Maximum) |
|---|---|---|---|---|
| Length | Minimum number of characters | 6 | 8 | 12 |
| Expiration | Validity period (in days) before a password must be changed | 180 | 365 | |
| Character set | Minimum characters set that must be used |
|
|
|
| Complexity | Rules on the composition of a password | Maximum 2 repeating characters |
|
|
| History | Number of previous passwords that cannot be re-used | 5 | ||
| Lockout | Number of failed attempts before an account is locked | 5 | ||
Note: special characters (symbols) are allowed for all levels of PIN policy. In addition to lower case and upper case letters, and numbers, the allowed special characters are ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~ .