About Password Login
Signicat Password is a simple, user administrated identity solution for login with username/password. Signicat Password fits very well into any scenario where you already have a customer database, employee directory or any other list of potential users that should have access to a web application. Signicat Password also makes a good supplementary solution when most, but not all, of your user base can use a strong eID solution
Signicat Password handles distribution of first-time passwords for new users, recovery codes when users have forgotten their password and password change. You only have to provide the list of users. Registration codes and recovery codes can be distributed by SMS, post or email.
Signicat Password allows for login with both static passwords created by the user or one-time passwords distributed by SMS or email. Login with Signicat Password is integrated with Signicat ID. The username/password solution will be available as one of the accessible eID solutions along with the solutions for strong authentication.
This process describes the interaction between the Customer and Signicat Operations when developing and establishing a Web application using Signicats Password module.
- Customer signs agreement with Signicat AS.
- Customer integrates the Web application with Id.signicat.
- Customer performs the acceptance test of the web application.
1. Customer signs agreement with Signicat AS
The Customer signs an agreement with Signicat AS. This agreement specifies:
- the SLA between the Customer and Signicat AS
- the number of ID-methods (authentication, signing, verification, etc)
- the number of ID-solutions (Password Module, Norwegian BankID, etc)
- the number of graphical profiles the Customer needs
2. Customer performs technical integration with Id.signicat
After the agreements are signed, the Customer performs technical integration with Id.signicat. This includes:
- Installation and programming with the Signicat client kit
- Testing the integration
3. Customer performs the acceptance test of the web application
A service provider should verify the production configuration by performing an end-to-end test in production.
No merchant or client certificates are necessary when setting up or using the Signicat password module.
Customer defined test users can be ordered. Prepare a semicolon-separated list containing userid, email-address, mobilenumber and name and send this list to firstname.lastname@example.org.
Signicat offers 24/7/365 free access to the test environment, preprod.signicat.com.
This is screenshots of a typical login session. The actual screens may have a different graphical profile in your setup.
The pictures below illustrates the login/authentication process with Password login.
1. Provide national identification number
The user provides his/hers Userid (email-address, national identification number, or another unique code). If you already know the Userid it is possible to prefill it, and skip this step.
2. Provide security code and password
The user provides his/hers password, and selects Login to login.
- Web-service integration with your existing user registry
- Distribution of first-time registration and recovery codes on 4 channels: e-mail, SMS and postal letters
- Customizable texts
- Change password
- Supports 5 languages: Norwegian, Swedish, Danish, Finnish and English
Security and configuration
Passwords are always hashed and salted and never stored in clear-text. All characters in the ISO-8859-1 character set (Latin) are allowed. The password module can be configured with the following policies to ensure that all passwords have a certain strength
- Minimum length (default 6)
- Maximum length
- Require both letters and digits
- Require both upper-case and lower-case letters
- The validity time for passwords can not be set