PINsafe Configuration Best Practices
From Swivel Knowledgebase Wiki
Contents |
Overview
Each PINsafe installation will have its own requirements that will require changes to standard configurations. However below are some best practices for configuring PINsafe policies and settings. A policy document in word format can be downloaded from here PINsafe Policy Document
Policy/General
- Security String Type: Numbers, Upper Case Letters, Lower Case Letters, Mixed numbers and letters
Default: Numbers
Best Practice: Numbers
- Maximum login tries: 0-99
Default: 5
Best Practice: Testing 0 (no lockout), Initial provisioning: 5, Long Term production: 3
- Inactive account expiry (days):
Default 0 (no expiry)
Best Practice: 90
Policy/PIN and OTC
- Minimum PIN size: 4-10
Default: 4
Best Practice: 4
- PIN expiry (days): 0-99
Default: 0 (no expiry)
Best Practice: 30 (where change PIN is available)
- Require PIN change after auto. setting:
Default: No
Best Practice: Yes (where change PIN is available)
- Require PIN change after admin. reset:
Default: No
Best Practice: Yes (where change PIN is available)
- Maximum repeated PIN digits:
Default: 0 (digits may not be repeated)
Best Practice: 0
- Allow numerical sequences for PIN:
Default: Yes
Best Practice: No
Policy/Password
- Require password:
Default: No
Best Practice: No (Where another primary/secondary authentication server is used in access device)
- Check password with Repository:
Default: No
Best Practice: No (Where another primary/secondary authentication server is used in access device)
Logging/SMTP
- Send errors:
Default: No
Best Practice: No (where Syslog is used)
- Send account locks:
Default: No
Best Practice: Yes
- Send User Account Create/Delete:
Default: No
Best Practice: No
Transport/User Alerts
- PIN expiry warning:
Default: Yes
Best Practice: Yes
- PIN change required:
Default: Yes
Best Practice: Yes
- PIN changed:
Default: Yes
Best Practice: Yes
- Account locked:
Default: Yes
Best Practice: Yes
- Device key allocated:
Default: Yes
Best Practice: Yes
