PWQASEEP
A Password Quality Security Event Exit Process (SEEP) that controls all password changes based on a set of configurable rules.
Overview
The standard authentication method on Tandem systems is based on static passwords. A user’s credentials are the unique ID (defined by the user’s manager and used to decide access rights) and the corresponding password (set at introduction, changeable by the user according to the password lifetime criteria defined in SAFEGUARD).
When SAFEGUARD is active, the password lifetime is controlled according to NCSC C2 requirements, but there is no quality filter delivered by Tandem. The solution from Tandem is a so-called Security Event Exit (SEE), which interfaces to user-written SEE Processes (SEEP). One SEE type interface is defined for password quality filtering.
The Password Quality Security Event Exit Process (PWQASEEP) interfaces exactly to this SEE. The password quality SEEP is used when:
- a user is introduced by SAFECOM and the initial password is set
- the password of an existing user is changed by his manager
- the user logs on through a TACL and changes his password
- the user uses the PASSWORD program
- an application process uses the GUARDIAN procedure call User_Authenticate_ and its ability to change the password during the authentication cycle
Order Trial