Password Security Check
CSI Digital Banking Password Security Check feature notifies users if the password they currently use has appeared in data breaches at other companies. When this occurs, users will be presented with an ‘Update Your Password’ prompt when logging into Digital Banking.
As part of the service, your bank can establish a password breach threshold. This threshold sets the number of times a user’s password can match those on the compromised list before they are automatically required to create a new password for their Digital Banking profile.
Password Security Check Details and Frequency
An alert will occur immediately when a password is entered at login or if the password is changed.
Temporary one-time passwords will not be subjected to this requirement. If the threshold is lowered, a previously acceptable password could produce a change password prompt for users.
Bank Settings: Password Threshold and Force Password Option
There are two new Password Security Check options within Admin>Security>Password.
Password Breach Check Threshold: This is the number of times a user’s password can appear on the compromised list before they are prompted to change it. By default, the threshold is set to 100 but can be changed by your bank as needed. If the field is left blank, the threshold will be saved as "1". This means, the change password prompt begins displaying for a user the first time the threshold is met or exceeded.
User Deferred Force Password Change: This option gives the user the ability to bypass the change password prompt and log into Digital Banking by clicking on the "Continue Without Changing Password" link. The user will continue to receive the prompt each time they log into Digital Banking until the password is changed.
When the User Deferred Force Password Change option is NOT set, the user will be required to change their password the first time the prompt is presented before they can log into Digital Banking.
Breached Password Screen Verbiage Customization
The Breached Password screen verbiage, as well as the dismissal verbiage, can be customized by your bank. These new custom text options are available under Bank Settings>Custom Text>Settings.
- Change Password – Breached Password
- Change Password – Breached Password Dismiss
To Customize the Breached Password Screen:
- Access Admin>Bank Settings>Custom Text>Settings>Change Password – Breached Password
- Edit the standard message displayed in the text box and select save. The new text will now be displayed during the login process when a user has been flagged with a password breach.
To Customize the Breached Password - Dismiss Screen:
- Access Admin >> Bank Settings >> Custom Text >> Settings >> Change Password – Breached Password Dismiss.
- Edit the standard message displayed in the text box and select save. The new text will now be displayed when a user dismisses the Breached Password notification.
69759
|