Français

English

Token password policies

Enhanced password policies for 3SKey tokens

 

Since September 2017 three new password policies are available on the 3SKey portal. Each policy specifies a set of password rules such as minimum length and maximum lifetime. When a new user group is being setup the administrators must select the policy that best suits the needs of their organisation and that will become applicable to all the users they manage. Administrators of existing groups can setup the PIN policy via the user management screen on the 3SKey portal.

After an administrator has selected a new password policy, the new rules will be enforced for each user only the next time that the user gets activated, reset, recovered or renewed. Through the user management screen, 3SKey administrators are able to check which rules apply to each of their users' current password.

For groups created before September 2017, if no PIN policy was defined on the group by an administrator, the less restrictive password policy is applied by default. In this case also, the new rules will be enforced for each user only the next time that the user gets activated, reset, recovered or renewed.

The following table provides detailed parameters for each password policy:

 

Parameter Description Level 6 (Minimum) Level 8 (Medium) Level 12 (Maximum)
Length Minimum number of characters 6 8 12
Expiration Validity period (in days) before a password must be changed 180 365
Character set Minimum characters set that must be used
  • Number(0-9)
  • Letter (a-z)
  • Number(0-9)
  • Capital Letter (A-Z)
  • Symbol
Complexity Rules on the composition of a password Maximum 2 repeating characters
  • Maximum 2 repeating characters
  • At least 1 character from the 4 character types
History Number of previous passwords that cannot be re-used 5
Lockout Number of failed attempts before an account is locked 5
SWIFT © 2019