Difference between revisions of "PINless How To Guide"
m (1 revision imported) |
|
(No difference)
|
Latest revision as of 12:52, 11 May 2017
Contents
PINless How To Guide
Overview
Swivel offers a unique method of protecting security strings for authentication using a PIN number with the PINsafe protocol. PIN protection offers significant protection over One Time Code or passcode solutions and the default 4 digit PIN is recommended for deployment. Swivel can also send One Time Codes or passcodes without PIN protection and is called PINless.
PINless is designed for use with Dual Channel authentication and is not suitable for single Channel authentication, except where an obfuscated image is required such as registrations.
Configuration
PINless Policy
The PINless One Time Code length is defined under Policy>PIN and OTC.
'PINless OTC length: default 6, options 4-8
When using PINless and with users of a Token then a six digit PINless one Time Code should not be used and needs to be more or less than six digits to differentiate it from the token.
PINless users
PINless users can be configured by selecting the PINless option for the group that they are members of. When a synchronisation is carried out with the repository, then the users will be set to PINless users.
If the user is a member of multiple groups, and one of those groups is set to use PINless then the user will be configured as a PINless user.
Swivel administration console Repository Groups
Swivel administration console User Administration
Switching between PIN and PINless
When a switch is made for users from PIN protection to PINless, the existing authentication credentials become invalid at the point of change. Users will not receive notification of the new string or PINless OTC, unless they request a new one or for standard delivery, when they fail an authentication attempt (except Swivel versions 3.10, 3.10.1 and 3.10.2 where none will be sent).
PINless Transport
Using a separate Swivel group without PIN details in the notification allows users to be sent an account creation email or SMS without the %PIN option which will send a PINless user a PIN of 0000.
PINless and Single Channel Authentication
It is not recommended to use PINless with single Channel authentication. If PINpad is used with PINless then only six digits will be displayed.
PINless and Tokens
When using PINless and with users of a Token then a six digit PINless one Time Code should not be used and needs to be more or less than six digits to differentiate it from the token.