Password-protection for Notes® and Domino® IDs

To ensure the security of the Domino® system, password-protect all Notes® and Domino® IDs -- certifier, server, and user. When you password-protect an ID, a key that is derived from the password encrypts the data on the ID. Then, when you attempt to access mail, open a server-based database, or examine ID file information, you are prompted to enter a password.

The following sections in this topic describe the Domino® password-protection features. Note that this information does not apply to password-protection for Internet clients.

Password quality

When you register a user or server or create a certifier ID, you use a scale of 0 to 16 to specify the level of password quality you want enforced for the ID. The higher the level, the more complex the password and, therefore, the more difficult it is for an unauthorized user to guess the password. For optimal security, specify a password quality level of at least 8.

The password quality level you assign is enforced when you enter a password for new IDs or when users change the password for an existing ID. When users change their passwords, Notes® displays information about the password quality level required by the ID file. Users must enter a password that meets the criteria for the level; otherwise, they are not allowed to change the password.

When choosing a password, it is best to specify a random, alphanumeric string that includes mixed uppercase and lowercase letters, numbers, and punctuation. Also, it is better to specify an entire phrase, rather than a single word. A passphrase is easy to remember, difficult to guess, and generally longer than a single-word password. If you choose to use a phrase, you should misspell one or more of the words to make it more difficult for attackers to guess at the phrase.

To change the password quality level assigned to an ID, you must recertify the ID or use a security settings policy document.

Time-delay and anti-spoofing mechanisms

All passwords for Notes® IDs have built-in time-delay and anti-spoofing mechanisms, both of which deter password-guessing programs and prevent password theft by programs that resemble the password-prompt dialog box. The time-delay mechanism delays the time it takes to be able to proceed after an incorrect password is typed. When a user types a password, the anti-spoofing mechanism creates a graphic pattern that other programs cannot reproduce.

Password and public-key verification during authentication

By default, Notes® and Domino® use passwords only to protect information stored in ID files. However, you can configure servers to verify passwords and Notes® public keys during authentication. Password and public-key verification reduces the unauthorized use of IDs. If you set up a server to verify passwords and an unauthorized user obtains an ID and its password, the authorized user just needs to change the password for the ID. Then, the next time the unauthorized user attempts to authenticate, that user will not be allowed access to the server because Domino® informs the user that they must change the password on this copy of the ID to match that on another copy of their ID (which the unauthorized user doesn't know).

Along with verifying passwords, you can set up servers to require users to change their password periodically.

ID file encryption

Notes® keys are stored encrypted in the Notes® ID file, and are encrypted with a key derived from the ID file password. Prior to Domino® 7, this key was 64-bits wide. Now users have the option of using a 128-bit RC2 or AES key, or 256-bit AES key for ID file encryption. As the ID file can now store larger document encryption keys, the encryption used to store them will be as least as strong as the stored keys.

Multiple passwords

To provide tighter security for certifier and server IDs, assign multiple passwords to those IDs. Using multiple passwords requires that a group of administrators work together to access an ID. For example, this feature is useful when you want to avoid giving authority for a certifier ID to one person. You can specify that only a subset of the assigned passwords be required to access the ID. For example, you can assign four passwords to the ID but require that only any two of the four passwords be entered to gain access to the ID. Requiring only a subset of the passwords allows administrators to access the ID, even when all of the administrators are not available.

Note: User Ids can also be secured with multiple passwords.

Password recovery

The preferred way to recover from forgotten passwords is to use the ID vault. When an ID vault is used, help personnel or users can easily reset passwords, and users can automatically use the new passwords from any Notes® client. If you do not use the ID vault, an alternative recovery method is to use the older ID file recovery feature.

Using a Smartcard to secure a Notes® ID

When using Smartcards to log into Notes®, users are essentially locking and unlocking their user IDs. The advantage of using a Smartcard with Notes® is that the user's Internet private keys can be stored on the Smartcard instead of on the workstation. Then users can take Smartcards with them when they are away from their computers. For both regular and roaming users, Smartcards increase user ID security.

Custom password policies

Many current information protection and data privacy laws include specific requirements for the selection of secure passwords for identity verification. In order to help users comply with these laws, you can implement password restrictions on a policy basis. This enables users to meet the essence of these laws - that passwords must not be trivial or predictable.

You create and apply custom password policies through a security policy settings document.