Passwords › Passwords and Password Phrases

Passwords and Password Phrases

CA Top Secret requires password protection for all ACIDs by default. In addition to a password, an ACID can have an optional password phrase. If an application supports password phrases, you can use the phrase instead of a password.

Passwords have a maximum length of eight characters. A password phrase can be from 9 to 100 characters and can include mixed-case letters, numbers, and special characters (including blanks). The same user ID can have a password for applications that accept only passwords and a password phrase for other applications.

The security administrator can specify the following settings:

• Password and password phrase settings, including:
  • Minimum length (which must be at least nine characters for password phrases)
  • Permitted and required content (for example, requiring at least one alphabetic character in a new password or requiring a minimum number of numeric characters in a password phrase)
  • Expiration interval
• Whether passwords are for all facilities or individual facilities
• Whether the product prompts users for new password and password phrase verification
• Whether the product uses Triple-DES3 encryption or the Advanced Encryption Standard (AES) to encrypt passwords and password phrases.

  Important! The AES encryption option is not backward compatible with releases prior to CA Top Secret r14.

Password Defaults

Set password requirements with the NEWPW control option. The defaults are:

• The password must be at least four characters long.
• The password must contain at least one alphabetical and one numeric character.
• The password can be up to eight characters long.
• The password cannot match any of the entries in the restricted password list.
• The password cannot match the user ID or the first four characters of any word in the associated NAME field.
• CA Top Secret issues warning messages three days before the password expires.
• The password cannot be too similar to the previous password.
• Users cannot change a password more often than once each day (except for security administrators and random password users).
• Passwords can contain:
  • Alphabetic uppercase characters (A-Z)
  • Numeric digits (0-9)
  • National characters ($#@)

For additional information, see the Control Options Guide.