Password-protection for Notes and Domino IDs
To ensure the security of the Domino system, password-protect all Notes and Domino IDs -- certifier, server, and user. When you password-protect an ID, a key that is derived from the password encrypts the data on the ID. Then, when you attempt to access mail, open a server-based database, or examine ID file information, you are prompted to enter a password. Note that this information does not apply to password-protection for Internet clients.

For information on password protecting Internet clients, see Name-and-password authentication for Internet/intranet clients.

Password-protection features

Password quality

When you register a user or server or create a certifier ID, you use a scale of 0 to 16 to specify the level of password quality you want enforced for the ID. The higher the level, the more complex the password and, therefore, the more difficult it is for an unauthorized user to guess the password. For optimal security, specify a password quality level of at least 8.

The password quality level you assign is enforced when you enter a password for new IDs or when users change the password for an existing ID. When users change their passwords, Notes displays information about the password quality level required by the ID file. Users must enter a password that meets the criteria for the level; otherwise, they are not allowed to change the password.

When choosing a password, it is best to specify a random, alphanumeric string that includes mixed uppercase and lowercase letters, numbers, and punctuation. Also, it is better to specify an entire phrase, rather than a single word. A passphrase is easy to remember, difficult to guess, and generally longer than a single-word password. If you choose to use a phrase, you should misspell one or more of the words to make it more difficult for attackers to guess at the phrase.

To change the password quality level assigned to an ID, you must recertify the ID or use a security settings policy document.

For more information about using a security settings policy document to manage IDs, see the topic Creating a security policy settings document.

For more information on password quality, see the topic The password quality scale.

Time-delay and anti-spoofing mechanisms

All passwords for Notes IDs have built-in time-delay and anti-spoofing mechanisms, both of which deter password-guessing programs and prevent password theft by programs that resemble the password-prompt dialog box. The time-delay mechanism delays the time it takes to be able to proceed after an incorrect password is typed. When a user types a password, the anti-spoofing mechanism creates a graphic pattern that other programs cannot reproduce.

Password and public-key verification during authentication

By default, Notes and Domino use passwords only to protect information stored in ID files. However, you can configure servers to verify passwords and Notes public keys during authentication. Password and public-key verification reduces the unauthorized use of IDs. If you set up a server to verify passwords and an unauthorized user obtains an ID and its password, the authorized user just needs to change the password for the ID. Then, the next time the unauthorized user attempts to authenticate, that user will not be allowed access to the server because Domino informs the user that they must change the password on this copy of the ID to match that on another copy of their ID (which the unauthorized user doesn't know).

Along with verifying passwords, you can set up servers to require users to change their password periodically.

For more information on verifying passwords, see the topic Verifying user passwords during authentication.

For more information on verifying public keys, see the topic Public key security.

Multiple passwords

To provide tighter security for certifier and server IDs, assign multiple passwords to those IDs. Using multiple passwords requires that a group of administrators work together to access an ID. For example, this feature is useful when you want to avoid giving authority for a certifier ID to one person. You can specify that only a subset of the assigned passwords be required to access the ID. For example, you can assign four passwords to the ID but require that only any two of the four passwords be entered to gain access to the ID. Requiring only a subset of the passwords allows administrators to access the ID, even when all of the administrators are not available.

Note User Ids can also be secured with multiple passwords.

For more information on multiple passwords, see the topic Assigning multiple passwords to server and certifier IDs.

ID file recovery

If you have ID recovery in place, when a user loses an ID file or forgets the password to the ID file, a group of administrators can work together to recover the ID file. Losing an ID file normally prevents users from accessing servers and reading messages and other data that they encrypted with the ID. Using the ID file recovery feature, administrators can prevent this loss of access and prevent unauthorized users from illicitly recovering IDs.

For more information on ID file recovery, see the topic ID file recovery.

Using a Smartcard to secure a Notes ID

When using Smartcards to log into Notes, users are essentially locking and unlocking their user IDs. The advantage of using a Smartcard with Notes is that the user's Internet private keys can be stored on the Smartcard instead of on the workstation. Then users can take Smartcards with them when they are away from their computers. For both regular and roaming users, Smartcards increase user ID security.

Caution In order for Notes users to set up Smartcards, you must disable password checking, change/grace intervals and expiration in the user's Person document. Otherwise, Smartcard users will eventually be locked out.

For information on how Notes users can use Smartcards to log into Notes, see Enabling Smartcards for Notes login, if you have installed Lotus Notes 6 Help. Or, go to to download or view Lotus Notes 6 Help.

See Also