PINsafe FAQ

From Swivel Knowledgebase Wiki

Q). Why does PINsafe offer additional security over other OTC solutions?

A). The PIN protection prevents a OTC from being used without the PIN being known.

Q). Can PINsafe send a OTC without PIN protection?

A). Its a step down in security, but yes it can be done.

Q). Has PINsafe any government quality marks based on accredited independent testing?

A). Yes see CESG Claims Tested Mark (CCTM)

Q). Can PINsafe use a static password with an OTC?

A). Yes.

Q). Can PINsafe issue a time limited OTC?

A). Yes using either the single channel image or SMS message.

Q). Where can I set a PIN

A). A users PIN can be sent automatically by their transport (such as SMS, Email), or manually set on the administration console.

Q). Can PINsafe work with my VPN or access device?

A). Yes, if it supports RADIUS authentication or can use the PINsafe XML API for authentication.

Q). How long is a standard Security String valid for?

A). It is valid until used.

Q). Can I turn off standard delivery and automatic delivery of security strings?

A). Yes.

Q). How long can the PIN be?

A). 4-10 digits, but the longer it is the harder it is to remember.

Q). Is the PIN always a number?

A). Yes

Q). Can the security string and hence OTC be a number, upper case letter and/or lower case letter?

A). Yes

Q). Where does PINsafe take its time from

A). PINsafe uses the Java Clock, which takes information from the Software Clock. The OS can in turn be configured to use NTP.

Q). Does PINsafe do Single Sign On (SSO)

A). PINsafe does not do Single Sign On, but will work with Single Sign On provided by other vendors, allowing strong and two factor authentication.

Q). Is it possible to merge two pinsafe databases?

A). Merging PINsafe databases is possible but requires Swivel technical support, which is chargeable.

Q). How many users can use one single account simultaneously?

A). For security reasons a PINsafe (and often also an AD account) should not be used by more than one person.

Q). Do I need an email address for a user?

A). No, if SMS is used all information can be sent by SMS text message.

Q). Do I need a phone number?

A). No, information can be sent by email.

Q). Do I need an email or phone number?

A). Having one of these is useful to tell the user what their PIN number is and other information such as if the account becomes locked. However it is not essential, but the users PIN would need to be set and the user informed what it is set to.