Static Password Randomization

Static password randomization is used to enforce strong authentication for Windows logon. It helps ensure the following:

The user will not be able to log on to a Windows machine without an OTP.
The user cannot uninstall Digipass Authentication for Windows Logon and log on with the Windows static password only.

If password randomization is enabled, OneSpan Authentication Server replaces the static Windows password with a randomly generated password for each logon, while adhering to strict formatting rules. Password randomization occurs transparently for the user, who only needs to enter their ID and an OTP for authentication. The password is generated in the background.

Since the password is randomized for each authentication procedure, users are prevented from logging on to client workstations which do not have Digipass Authentication for Windows Logon installed.

You can enable password randomization in the relevant Digipass Authentication for Windows Logon client component policy.

Static password randomization

Log in

Two-step verification is required