Environment
Situation
Question
Can SecureLogin enforce a passphrase policy?
Resolution
Answer
SecureLogin is extremely flexible and customizable and can be deployed with or without passphrases. If you opt to deploy SecureLogin with passphrases, as well as predefining the list of questions, you can also select a passphrase policy.
Without a passphrase policy users could enter their passphrase without knowing it is CasE SEnsItiVe. When they answer their passphrase (if they are ever prompted) they may be entering the correct answer but in the wrong case or format.
Most users who answer their passphrase incorrectly are entering it in the ""wrong"" case. E.g. If Parrot is the passphrase answer, parrot won’t work as the answer as the answer contains a capital ""P"".
If a policy is enforced, support staff can prompt users who do forget their passphrase, for example, that their answer must begin with a capital letter and all other characters are lowercase.
This will prompt them to enter the answer in the correct case and also standardize the format of the answers.
Passphrase policies can be enforced using the snapins to MMC in Microsoft environments and iManager in Novell Directory environments.
If you do enforce a policy you must be careful which questions you ask. A policy requiring the first character as an uppercase letter would not support a passphrase question requiring numbers only, for example.