Password and Passphrase Security › Password Phrase Controls

Password Phrase Controls

CA Top Secret uses a number of password phrase controls to determine who can specify password phrases, how they are to be generated, what form they must take, and how long they are to remain valid. These controls are determined through the control option settings.

Available Settings for Password Phrases

CA Top Secret for z/VM requires password protection for all ACIDs by default. In addition to a password, an ACID can have an optional password phrase. You can use password phrases instead of passwords in applications that support them.

Passwords have a maximum length of eight characters. A password phrase can be from 9 to 100 characters long and can include mixed-case letters, numbers, and special characters including blanks. The same user ID can have a password for applications that accept passwords only and a password phrase for other applications.

The security administrator can specify:

Password and password phrase settings, including:

• Minimum length
• Permitted and required content
• Expiration interval
• whether passwords are for all facilities or individual facilities.
• whether CA Top Secret for z/VM prompts users for new password and password phrase verification.

Password Phrase Defaults

Set password phrase defaults with the PPHRASE, NPPTHRESH, PPEXP, PPHIST, and NEWPHRASE control options. The defaults are:

The password phrase:

• Must be at least 9 characters long
• Can be up to 100 characters long
• Expires after 30 days
• Cannot be the same as the previous three password phrases

CA Top Secret for z/VM issues warning messages three days before the password phrase expires.

Users cannot change a phrase more often than once each day (except for security administrators).

To manage this feature, see the Control Options Guide.