Passwords and PINs Sample Clauses

Passwords and PINs. Text-based passwords and PINs were the only encountered implementations of knowledge-based factors. Other knowledge-based schemes have been proposed in the past, such as cognitive and graphical passwords [Zviran and Xxxx 1990; Xxx et al. 2005], but none of them are used by the banks examined in the survey. Using knowledge as a single factor for authentication is quite unsafe. Passwords and PINs are often kept static for longer periods of time to keep them memorable. As long-term secrets, passwords and PINs entered as plain text on a user’s computer can be collected by software-based keyloggers, to be used instantly in subsequent attacks [Xxxxxx and Xxx Xxxxxxxx 2007]. Despite this vulnerability and as shown in Table I, a relatively large number of banks still use passwords or PINs exclusively in home and ACM Computing Surveys, Vol. 49, No. 4, Article 61, Publication date: December 2016. 61:14 X. Xxxxxx et al. Table I. Knowledge Authentication Factor Use in Online Banking in 2015 Knowledge factor↓ Possession factor Regular sites (80) Mobile apps (60) Mobile sites (25) None Present None Present None Present PIN 2 17 5 20 2 3 Password and PIN 1 6 1 0 1 0 None N/A 3 N/A 1 N/A 1 Unknown 0 2 1 mobile banking (20% for home banking, 35% and 60% for mobile banking applications and sites, respectively). The “Password and/or PIN” knowledge factor in Table I requires some explanation. It relates to banks that offer different combinations of authentication options that support either passwords, passwords and PINs, or PINs only. This is because they offer different physical or electronic authentication devices, each with its own set of knowledge factors. For example, a bank can require a password to log in, and either physical paper or an electronic device to derive one-time passwords from for transaction authorization. The electronic device requires a PIN to be accessible, while a PIN is not necessary for the physical paper. Passwords are popular in both situations where knowledge is used as a single factor and when a possession factor is used. PINs are only popular in combination with a pos- session factor. If the only factor is knowledge, it is logical that passwords are preferred above PINs, since passwords offer more security due to their higher complexity, making them harder to guess. An explanation for why PINs are still quite popular in multi- factor scenarios is that they are often an intrinsic part of the authentication method. For instance, some OTP generator...
Sample 1Sample 2Sample 3See All (5)
AutoNDA by SimpleDocs
Passwords and PINs. NASA will incorporate password systems and PINs as necessary to ensure secure access to the system. This system will also provide NASA with a documented record of each stakeholder that logs on to the system and reviews reports and regulatory information. This will effectively produce a “transmission log” of all interested parties, including the general public. General public stakeholders can be issued passwords and PINs through a simple, interactive, log-on screen. NASA will carefully review the viability of this type of security system to ensure it is effective and not burdensome to stakeholders that require access to the web-based reports and regulatory information.
Sample 1Sample 2
Passwords and PINs. At commencement of the Service, You will be provided with a user name, password and pin number. This user name will give You the ability to generate additional user names with differing access levels, together with their own passwords and pins. These user names, passwords, and pins are personal to Your organisation and should not be given, assigned, or sold to any third party without CCL’s written permission. You are responsible for all actions that take place as a result of access to the Service via Your user names, pins, and passwords. It is Your responsibility to ensure the security of Your passwords and pins, to maintain their confidentiality, and to regularly change them. You acknowledge that You are responsible for ensuring that no unauthorised access to the Service is obtained using Your password and pins and that You are liable for all such activities conducted through Your account whether authorised or not. It is your responsibility to inform CCL in writing as soon as You become aware that you believe the username, password, or pin has become known to an unauthorised third party. CCL may cancel Your existing username, password, and pin and issue new ones to You either where: (i) CCL has reason to believe that the security of Your username, password, and pin has been compromised without Your knowledge (ii) You have requested either a new username, new password, or new pin in writing or have notified CCL of a breach of security
Sample 1

Related to Passwords and PINs

  • Passwords and Security You acknowledge that you will be the only authorized user of Firstrade Securities Inc.'s Electronic Services for your account(s). You will be fully responsible for the confidentiality and use of your user name(s) and password (s) and you agree that you will be fully and solely responsible for all activities, including brokerage transactions, which arise from the use of your user name (s) or password(s) (except as provided for in paragraph 5 below). You also agree that you will be fully and solely responsible for all activities, including brokerage transactions, which arise from your authorization to link your brokerage account(s) to any other Firstrade Securities Inc. account(s). You acknowledge that we may tape record conversations with you, whether in person or by telephone, for purposes of verification and you consent to such recording.

  • Records and Documentation The Sub-Recipient agrees to make available to AAAPP staff and/or any party designated by the AAAPP any and all contract related records and documentation. The Sub-Recipient shall ensure the collection and maintenance of all program related information and documentation on any such system designated by the AAAPP. Maintenance includes valid exports and backups of all data and systems according to AAAPP standards.

  • Usernames and Passwords 1. Staff will not share usernames and passwords with anyone, including supervisors and technical support staff.

  • Access to Records and Personnel Indivior shall ensure the IRO has access to all records and personnel necessary to complete the reviews listed in this Section III.E., and that all records furnished to the IRO are accurate and complete.

  • Passwords and Employee Access Provider shall secure usernames, passwords, and any other means of gaining access to the Services or to Student Data, at a level suggested by Article 4.3 of NIST 800-63-3. Provider shall only provide access to Student Data to employees or contractors that are performing the Services. Employees with access to Student Data shall have signed confidentiality agreements regarding said Student Data. All employees with access to Student Records shall pass criminal background checks.

  • Passwords Passwords are an important aspect of computer security. A poorly chosen password may result in unauthorized access and/or exploitation of Placer County’s resources. All users, including contractors and vendors with access to the County’s systems, are responsible for the creation and protection of passwords and additionally any updates to County Password policies must be followed. Users must not use the same password for Placer County accounts and personal accounts. The reliability of passwords for maintaining confidentiality cannot be guaranteed. Always assume that someone, in addition to the intended or designated recipient, may read any and all messages and files. Any user suspecting that his/her password may have been compromised must, without delay, report the incident to Placer County IT.

  • Use of information, data and software In the event that you receive any data, information or software via the Trading Platform other than that which you are entitled to receive pursuant to this Client Agreement, you will immediately notify us and will not use, in any way whatsoever, such data, information or software.

  • User IDs and Password Controls All users must be issued a unique user name for accessing DHCS PHI or PI. Username must be promptly disabled, deleted, or the password changed upon the transfer or termination of an employee with knowledge of the password, at maximum within 24 hours. Passwords are not to be shared. Passwords must be at least eight characters and must be a non-dictionary word. Passwords must not be stored in readable format on the computer. Passwords must be changed every 90 days, preferably every 60 days. Passwords must be changed if revealed or compromised. Passwords must be composed of characters from at least three of the following four groups from the standard keyboard: • Upper case letters (A-Z) • Lower case letters (a-z) • Arabic numerals (0-9) • Non-alphanumeric characters (punctuation symbols)

  • Access to Software Access Rights to Software which is Results shall comprise: Access to the Object Code; and, where normal use of such an Object Code requires an Application Programming Interface (hereafter API), Access to the Object Code and such an API; and, if a Party can show that the execution of its tasks under the Project or the Exploitation of its own Results is technically or legally impossible without Access to the Source Code, Access to the Source Code to the extent necessary. Background shall only be provided in Object Code unless otherwise agreed between the Parties concerned.

  • Records and Record Keeping Therapist may take notes during session, and will also produce other notes and records regarding Patient’s treatment. These notes constitute Therapist’s clinical and business records, which by law, Therapist is required to maintain. Such records are the sole property of Therapist. Therapist will not alter his/her normal record keeping process at the request of any patient. Should Patient request a copy of Therapist’s records, such a request must be made in writing. Therapist reserves the right, under California law, to provide Patient with a treatment summary in lieu of actual records. Therapist also reserves the right to refuse to produce a copy of the record under certain circumstances, but may, as requested, provide a copy of the record to another treating health care provider. Therapist will maintain Patient’s records for ten years following termination of therapy. However, after ten years, Patient’s records will be destroyed in a manner that preserves Patient’s confidentiality.

Time is Money Join Law Insider Premium to draft better contracts faster.