PINless How To Guide

From Swivel Knowledgebase
Jump to: navigation, search


PINless How To Guide

Overview

Swivel offers a unique method of protecting security strings for authentication using a PIN number with the PINsafe protocol. PIN protection offers significant protection over One Time Code or passcode solutions and the default 4 digit PIN is recommended for deployment. Swivel can also send One Time Codes or passcodes without PIN protection and is called PINless.

PINless is designed for use with Dual Channel authentication and is not suitable for single Channel authentication, except where an obfuscated image is required such as registrations.


Configuration

PINless Policy

The PINless One Time Code length is defined under Policy>PIN and OTC.

'PINless OTC length: default 6, options 4-8

When using PINless and with users of a Token then a six digit PINless one Time Code should not be used and needs to be more or less than six digits to differentiate it from the token.


PINless users

PINless users can be configured by selecting the PINless option for the group that they are members of. When a synchronisation is carried out with the repository, then the users will be set to PINless users.

If the user is a member of multiple groups, and one of those groups is set to use PINless then the user will be configured as a PINless user.


Swivel administration console Repository Groups

PINsafe 37 PINless Groups.JPG


Swivel administration console User Administration

PINsafe 37 PINless users.JPG


Switching between PIN and PINless

When a switch is made for users from PIN protection to PINless, the existing authentication credentials become invalid at the point of change. Users will not receive notification of the new string or PINless OTC, unless they request a new one or for standard delivery, when they fail an authentication attempt (except Swivel versions 3.10, 3.10.1 and 3.10.2 where none will be sent).


PINless Transport

Using a separate Swivel group without PIN details in the notification allows users to be sent an account creation email or SMS without the %PIN option which will send a PINless user a PIN of 0000.


PINless and Single Channel Authentication

It is not recommended to use PINless with single Channel authentication. If PINpad is used with PINless then only six digits will be displayed.


PINless and Tokens

When using PINless and with users of a Token then a six digit PINless one Time Code should not be used and needs to be more or less than six digits to differentiate it from the token.