|
Infineon Security Platform Solution |
Password Handling
Passwords used in Security Platform Solution
The Infineon Security Platform Solution uses several different passwords. Some of them are for Security Platform Administrators, others are for Security Platform Users. Please make sure not to mix up different passwords.
 |
In server mode the administrative passwords and the Reset Authorization Code are not valid as the Trusted Computing Management Server handles the task of preparing and providing these passwords. |
The following table gives an overview of Security Platform Passwords and their usage.
| Password | Used by... | Purpose/Explanation |
| Owner Password | Administrator | Is set during Security Platform
initialization, and is required to perform critical administrative Security Platform tasks.
Can be set manually, or a random Owner Password can be created. Can be saved to a Owner Password Backup File, which can be used for Owner Password authentication (instead of typing the Owner Password). This file is compatible with the Owner Password Backup File generated by the Microsoft application "Trusted Platform Module (TPM) Management". |
| Emergency Recovery Token Password | Administrator | Protects the Emergency Recovery Token which is needed to perform an Emergency Recovery. |
| Password Reset Token Password | Administrator | Protects the Password Reset Token which is required when a user needs to change his Basic User Password. |
| Basic User Password (also called "Password", in Enhanced Authentication mode also called "Basic User Passphrase") | User | Protects the Basic User Key which is needed to access user-specific Infineon Security Platform
data. No Security Platform Features can be used without this password. The Basic User Password is also required to restore and migrate user data and to configure certain user settings. It can be reset, if both administrator and user have configured this feature. In Enhanced Authentication mode this password is replaced by a "passphrase", which is protected by the authentication device.
|
| PKCS #12 Password | User | Protects a user's private key stored in a PKCS #12 file. |
| Reset Authorization Code | User | This code string is not really a password, but quite similar from the user's point of view. It is automatically created during the preparation of a user's Password Reset. It is required to reset a Basic User Password. |
General hints regarding passwords
- Use different passwords for different purposes. Especially, do not re-use your Windows password. If you re-used your Windows password for all Security Platform related passwords, the enhanced hardware-based security level would not be effective any more. An attacker knowing your Windows Password could access your EFS and PSD data, use your credentials for identification and authorization and tamper Security Platform settings.
- The use of special characters is highly recommended to enhance the quality of passwords. Nevertheless, you should keep in mind that some characters change their position on the keyboard depending on the locale settings. Some characters may even not be available depending on the system language. Also, some characters may not be permitted within passwords depending on your operating system and other software components.
- Avoid the use of passwords that can be found in dictionaries, even when the password is made up of a combination of such words.
- Adding digits and using capitalization improves the quality of a password.
- The minimum and maximum length of passwords normally remain unchanged once a system is set up. Therefore the appearance of passwords may vary on different systems. Nevertheless, the general aspects hold for each installation of the software.
- To prevent from spying attacks on passwords the copying from password input fields is not supported.
Password Complexity
The following table gives an overview of the Password Complexity requirements:
|
Password complexity requirements |
Characters from 3 of the following 4 categories required:
|
Owner Password Policies and Password Complexity
There are special requirements to the length and complexity of Owner Password. The following table gives an overview of the default password policy settings:
|
Default minimum length |
6 characters |
|
Password complexity required |
No |
Basic User Password Policies and Password Complexity
There are special requirements to the length and complexity of Basic User Passwords. The following table gives an overview of the default password policy settings:
| Password Authentication - no authentication device is used | Enhanced Authentication - authentication device protects a passphrase | |
|
Default minimum length |
6 characters | 20 characters |
|
Password complexity required |
No | No |
Your administrator can change these settings. Details on Basic User Password Policies are available in the description of Infineon Security Platform User Policies.
Please ask your administrator for your actual Basic User Password
policies, if your access rights do not allow to set or view password policies.
The options within the password field may be restricted depending upon the system policy
Enable stringent password field security.
©Infineon Technologies AG