Token password policies
Enhanced password policies for 3SKey tokens
By September 2017, three new password policies will become available on the 3SKey portal. Each policy specifies a set of password rules such as minimum length and maximum lifetime. The 3SKey administrators will be able to select the policy that best suits their needs and that will become applicable to all the users they manage.
After the administrator has selected the new password policy, the new rules will be enforced for each user only the next time that the user gets activated, reset, recovered or renewed. Through the user management screen, 3SKey administrators will be able to check which rules apply to each of their users' current password.
If, by 2018, 3SKey administrators have not selected a new password policy for their users, then SWIFT will assign the less restrictive password policy by default, overwriting the current policy. In this case also, the new rules will be enforced for each user only the next time that the user gets activated, reset, recovered or renewed.
The following table provides detailed parameters for each password policy:
|Parameter||Description||Level 6 (Minimum)||Level 8 (Medium)||Level 12 (Maximum)|
|Length||Minimum number of characters||6||8||12|
|Expiration||Validity period (in days) before a password must be changed||90||180||365|
|Character set||Minimum characters set that must be used||
|Complexity||Rules on the composition of a password||Maximum 2 repeating characters||
|History||Number of previous passwords that cannot be re-used||5|
|Lockout||Number of failed attempts before an account is locked||5|