Lotus Domino Administrator 8 Help - Password-protection for Notes and Domino IDs

SECURITY

Password-protection for Notes and Domino IDs
To ensure the security of the IBM® Lotus® Domino™ system, password-protect all IBM® Lotus® Notes® and Domino IDs -- certifier, server, and user. When you password-protect an ID, a key that is derived from the password encrypts the data on the ID. Then, when you attempt to access mail, open a server-based database, or examine ID file information, you are prompted to enter a password. Note that this information does not apply to password-protection for Internet clients.

For information on password protecting Internet clients, see Name-and-password authentication for Internet/intranet clients.

Password-protection features

Password quality

When you register a user or server or create a certifier ID, you use a scale of 0 to 16 to specify the level of password quality you want enforced for the ID. The higher the level, the more complex the password and, therefore, the more difficult it is for an unauthorized user to guess the password. For optimal security, specify a password quality level of at least 8.

The password quality level you assign is enforced when you enter a password for new IDs or when users change the password for an existing ID. When users change their passwords, Lotus Notes displays information about the password quality level required by the ID file. Users must enter a password that meets the criteria for the level; otherwise, they are not allowed to change the password.

When choosing a password, it is best to specify a random, alphanumeric string that includes mixed uppercase and lowercase letters, numbers, and punctuation. Also, it is better to specify an entire phrase, rather than a single word. A passphrase is easy to remember, difficult to guess, and generally longer than a single-word password. If you choose to use a phrase, you should misspell one or more of the words to make it more difficult for attackers to guess at the phrase.

To change the password quality level assigned to an ID, you must recertify the ID or use a security settings policy document.

For more information about using a security settings policy document to manage IDs, see the topic Creating a security policy settings document.

For more information on password quality, see the topic The password quality scale.

Time-delay and anti-spoofing mechanisms

All passwords for Lotus Notes IDs have built-in time-delay and anti-spoofing mechanisms, both of which deter password-guessing programs and prevent password theft by programs that resemble the password-prompt dialog box. The time-delay mechanism delays the time it takes to be able to proceed after an incorrect password is typed. When a user types a password, the anti-spoofing mechanism creates a graphic pattern that other programs cannot reproduce.

Password and public-key verification during authentication

By default, IBM® Lotus® Notes® and IBM® Lotus® Domino™ use passwords only to protect information stored in ID files. However, you can configure servers to verify passwords and Lotus Notes public keys during authentication. Password and public-key verification reduces the unauthorized use of IDs. If you set up a server to verify passwords and an unauthorized user obtains an ID and its password, the authorized user just needs to change the password for the ID. Then, the next time the unauthorized user attempts to authenticate, that user will not be allowed access to the server because Domino informs the user that they must change the password on this copy of the ID to match that on another copy of their ID (which the unauthorized user doesn't know).

Along with verifying passwords, you can set up servers to require users to change their password periodically.

For more information on verifying passwords, see the topic Verifying user passwords during authentication.

For more information on verifying public keys, see Public key security.

128-bit ID file encryption

For more information on 128-bit ID file encryption, see the topic Using 128-bit ID file encryption.

For information on larger document encryption keys, see Public and private keys.

Multiple passwords

To provide tighter security for certifier and server IDs, assign multiple passwords to those IDs. Using multiple passwords requires that a group of administrators work together to access an ID. For example, this feature is useful when you want to avoid giving authority for a certifier ID to one person. You can specify that only a subset of the assigned passwords be required to access the ID. For example, you can assign four passwords to the ID but require that only any two of the four passwords be entered to gain access to the ID. Requiring only a subset of the passwords allows administrators to access the ID, even when all of the administrators are not available.

Note User Ids can also be secured with multiple passwords.

For more information on multiple passwords, see the topic Assigning multiple passwords to server and certifier IDs.

ID file recovery

If you have ID recovery in place, when a user loses an ID file or forgets the password to the ID file, a group of administrators can work together to recover the ID file. Losing an ID file normally prevents users from accessing servers and reading messages and other data that they encrypted with the ID. Using the ID file recovery feature, administrators can prevent this loss of access and prevent unauthorized users from illicitly recovering IDs.

For more information on ID file recovery, see the topic ID file recovery.

Using a Smartcard to secure a Notes ID

When using Smartcards to log into IBM® Lotus® Notes®, users are essentially locking and unlocking their user IDs. The advantage of using a Smartcard with Lotus Notes is that the user's Internet private keys can be stored on the Smartcard instead of on the workstation. Then users can take Smartcards with them when they are away from their computers. For both regular and roaming users, Smartcards increase user ID security.

Caution In order for Lotus Notes users to set up Smartcards, you must disable password checking, change/grace intervals and expiration in the user's Person document. Otherwise, Smartcard users will eventually be locked out.

For information on how users can use Smartcards to log into Lotus Notes, see Enabling Smartcards for Notes login, if you have installed Lotus Notes 8 Help. Or, go to www.lotus.com/ldd/doc to download or view Lotus Notes 8 Help.

For information on how to secure the IBM® Lotus® Domino™ server console with a Smartcard, see Physically securing the Domino server.

Custom password policies

Many current information protection and data privacy laws include specific requirements for the selection of secure passwords for identity verification. In order to help users comply with these laws, you can implement password restrictions on a policy basis. This enables users to meet the essence of these laws - that passwords must not be trivial or predictable.

You create and apply custom password policies through a security policy settings document.

For more information, see Custom password policies.

See also

Domino server and Notes user IDs

User registration

Glossary

Feedback on Help or Product Usability?

Help on Help

All Help Contents

Glossary