On this page:
- What is a "good" password?
- With Microsoft Windows and Internet Explorer how is your Digital ID Certificate password protected?
- How are Digital ID Certificates' passwords used? What are the rules?
What is a "good" password?
A good password is one that is long enough and unusual enough that an exhaustive search (such as by using a dictionary) is not likely to reveal it. A good password is easy for you to remember but difficult for someone else to guess.
Use a password of at least eight characters. Do NOT use something obvious or easily traceable to you, such as your telephone number, birth date, or the name of a member of your family. Do NOT use an ordinary English word, a familiar jargon term, or a password that you have previously used. If you write down your password, do not store it in an easily accessible place.
With Microsoft Windows and Internet Explorer how is your Digital ID Certificate password protected?
If you pick up your digital ID certificate using Microsoft Internet Explorer as instructed in NRC's Digital ID Certificates Guide, then your certificate is protected from unauthorized use two ways: First your certificate is protected by your PC operating system password. Only someone logged into your PC as you can access your certificate. Second your certificate is protected by a digital ID certificate password, which you created at the time you enrolled for your certificate.
How are Digital ID Certificates' passwords used? What are the rules?
There are three different types of passwords used with VeriSign® digital ID certificates. The three types and their purposes are as follow:
- The Challenge Phrase
Purpose: Enables users to revoke their own digital ID certificates before they expire and may also be used by some users for renewal of their digital ID certificates.
Description: The user is asked to provide this password during the certificate enrollment process. This password is needed for the certificate owner to revoke the digital ID certificate. This password may also be needed to renew a certificate using some browsers including Netscape. This password is not needed for renewal of your certificate when using Windows XP and Internet Explorer Version 6.0.
- The Certificate Use Password
Purpose: Protect your digital ID certificate from unauthorized use by anyone who already has access to your computer while you are logged on.
Description: When you pickup your new digital ID certificate and set your digital ID certificate security to high instead of medium, you are then required to provide a password for accessing your digital ID certificate. This password is then required every time the digital ID certificate is used. This password provides an extra level of protection above that provided by your personal computer logon password. Good security practice is to have different strong passwords for both your computer logon and for your digital ID certificate usage.
- The Certificate Export/Import Password
Purpose: Protects your digital ID certificate during the export/import process.
Description: When you export your digital ID certificate, you are asked to create a certificate export/import password. This password is set during the export process and is required during the import process. Each time you export your certificate you are asked to create a password which is incorporated into the certificate files created. See NRC's Digital IDs Guide for detailed instructions on how to export and import your digital ID certificate. The export/import process allows you to backup your digital ID certificate and also to copy this certificate to multiple PCs.
For simplicity you may want to use the same password phrase for each of the three above passwords. This should help you remember your certificate's passwords and avoid confusion. There is also no simple way to change your VeriSign® certificate passwords and likewise no password aging or changing requirement. Therefore remember to protect this password since it can't be changed.
These VeriSign passwords can be from 1 to 35 characters long. Spaces are treated just like any other number, letter or special character in the password. There are no other rules about the contents of your digital ID certificate's passwords.
Copyright © 2000, VeriSign, Inc. All Rights Reserved