PINsafe FAQ
Q). Why does Swivel offer additional security over other OTC solutions?
A). The PIN protection prevents a OTC from being used without the PIN being known.
Q). Can Swivel send a OTC without PIN protection?
A). Its a step down in security, but yes it can be done.
Q). Has Swivel any government quality marks based on accredited independent testing?
A). Yes see CESG Claims Tested Mark (CCTM)
Q). Can Swivel use a static password with an OTC?
A). Yes.
Q). Can Swivel issue a time limited OTC?
A). Yes using either the single channel image or SMS message.
Q). Where can I set a PIN
A). A users PIN can be sent automatically by their transport (such as SMS, Email), or manually set on the administration console.
Q). Can Swivel work with my VPN or access device?
A). Yes, if it supports RADIUS authentication or can use the Swivel XML API for authentication.
Q). How long is a standard Security String valid for?
A). It is valid until used.
Q). Can I turn off standard delivery and automatic delivery of security strings?
A). Yes.
Q). How long can the PIN be?
A). 4-10 digits, but the longer it is the harder it is to remember.
Q). Is the PIN always a number?
A). Yes
Q). Can the security string and hence OTC be a number, upper case letter and/or lower case letter?
A). Yes
Q). Where does Swivel take its time from
A). Swivel uses the Java Clock, which takes information from the Software Clock. The OS can in turn be configured to use NTP.
Q). Does Swivel do Single Sign On (SSO)?
A). Swivel will do Single Sign On - Currently we are in the process of integrating with SalesForce and Google Apps.
Q). Is it possible to merge two pinsafe databases?
A). Merging Swivel databases is possible but requires Swivel technical support, which is chargeable.
Q). How many users can use one single account simultaneously?
A). For security reasons a Swivel (and often also an AD account) should not be used by more than one person.
Q). Do I need an email address for a user?
A). No, if SMS is used all information can be sent by SMS text message.
Q). Do I need a phone number?
A). No, information can be sent by email.
Q). Do I need an email or phone number?
A). Having one of these is useful to tell the user what their PIN number is and other information such as if the account becomes locked. However it is not essential, but the users PIN would need to be set and the user informed what it is set to.