With Digipass password protection, the usage of the application is protected via a password. This is required for every OTP A password that is valid for only one authentication process. OTPs can be used only once, and each authentication process requires a new OTP. and signature generation, and for changing the password. The user chooses the password in the course of the activation process and it is part of the calculation of the dynamic vector encryption key. This key is derived from the password provided by the user and from the Digipass serial number The unique identifier of a Digipass license. It consists of a 3-alphanumeric-character prefix set in the static vector, and a 7-digit suffix. The suffix can be provided in the XFAD or by the user during Digipass activation. See also XFAD, Digipass serial number prefix, Digipass serial number suffix. according to the following algorithm:
Key = PBKDF2 (PRF, PIN||Serial Number||Device Data, salt, c, sekLen)
The PBKDF2 parameters must be:
- PRF: SHA-256
- PIN||Serial number||Device data: Concatenation of the user’s PIN, the Digipass serial number and the device-specific data
- Salt: Fixed data
- C: Configurable number of iterations
- sekLen: Key length – 32 bytes
In Activation with password protection (overview), the dynamic vector is protected by a password which the Digipass owner provides. The control of the password fully relies on the Digipass SDK. Only the owner of the password will be able to use the Digipass authenticator.
Once a user password protects the secret in the dynamic vector, any operation involving the secret will require the validation of the user password. This password validation is done by the Digipass SDK according to the password security level defined in the static vector The Digipass parameter set, i.e. customer-specific binary configuration data. It contains the Digipass serial number prefix, the customer master key and the parameter settings of the cryptographic application(s). It can be provided independently in clear text format, or as part of the FAD. See also Customer master key; FAD..
The user password can be entered as a string or as a byte array. When entered as a byte array, the password can be reset to avoid security issues.
Weak password control
Weak PIN rules have been updated in Mobile Security Suite 4.21.2
If weak password control is configured for the Digipass authenticator, the detection rules for weak passwords are:
-
The difference between consecutive digits of the password must vary.
Example: 12345 is a weak password because the difference between the consecutive digits is always +1.
-
A row of 0s (N-1 0s for a PIN of N digits) followed by a number (e.g. 00003) or a number followed by a row of 0s (e.g. 2000) are not valid. (This is the ATM mimic.)
-
When the password is changed, the new password must be different from the old password.
Weak password control is used during the activation process and password change.
Password | Decimal Value | Steps suite | Control result |
---|---|---|---|
ABCDEF | 65,66,67,68,69,70 | 1 1 1 1 1 | FAIL |
tsrqpo | 116, 115, 114, 113, 112, 111 | -1 -1 -1 -1 -1 | FAIL |
Password | Control result |
---|---|
000005 | FAIL |
200000 | FAIL |
007000 | SUCCESS |
Password security level
The password security level determines how the Digipass SDK validates the password. The Digipass SDK supports the following security levels for password validation:
-
No password check. Each password is used as-is to decrypt the Digipass secret. Only the password provided during the Digipass activation to encrypt the Digipass secret will generate a correct OTP A password that is valid for only one authentication process. OTPs can be used only once, and each authentication process requires a new OTP. or signature. Other passwords will generate invalid responses. This method fully relies on the server lock functionality, which can be activated in the settings of the OneSpan server solution. For more information, refer to the OneSpan server solution documentation.
-
Checksum. During the activation process, a checksum of the password is stored on 1 byte in the dynamic vector. In the course of the Digipass lifecycle, passwords will be tested against that checksum so that only those matching it will be used to decrypt the secret.
The checksum allows wrong password collision. Wrong passwords with a valid checksum will be used to decrypt the secret but will generate invalid responses. Compared to the no–password-check level, more passwords are rejected but a large number still generates wrong responses.
In case of a password change, a wrong old password with a correct checksum will collide with the current password. The decryption of the Digipass secret will not be correct and the incorrect secret will be encrypted with the new password. The result is a definitive Digipass secret corruption. The Digipass authenticator must be re-activated or replaced.
-
Hash. During activation, a hash of the password is stored on 4 bytes in the dynamic vector. In the course of the Digipass lifecycle, passwords will be tested against this hash so that only those matching it will be used to decrypt the secret. As the hash is on 4 bytes, fewer passwords are matching than with the 1-byte checksum. Compared to the checksum feature, a lot of passwords are rejected and only a few generate wrong responses.
To avoid brute-force attacks, OneSpan strongly recommends using the checksum level. With checksum validation, a wrong password may be accepted, which leads to an incorrect decryption of the Digipass keys.