Password security requisites
In order for the system to meet certain security criteria, the access password must meet certain minimum requisites which make it strong against attacks aimed at obtaining it.
The main requisites of the permanent Cl@ve password are:
- At least 8 characters in length.
- It must have at least one character of each of the following groups: lower case letters, upper case letters, digits and special characters.
- Letters ñ and ç, as well as any vowels with written accents are allowed. The following special characters can be used:
- If the length of the password is equal to or exceeds 16 characters, there will be no restrictions regarding the type of characters to be used (this allows to use a complete sentence as password).
- The password cannot include the name, surnames or DNI.
- When changing the password, the former one cannot be used.
Your password expires in 2 years, and it must be changed after that time. If you access the service after that time, you will be requested to change your password. You may also modify it at any given time through the Password change service; from this moment on, it will be valid for 2 additional years.
Password security recommendations
It is also recommended to follow the guidelines below when creating and managing secure password:
- Avoid using the same password you use for other systems or services.
- Do not use personal information for the password: your name or the name of your relatives, surnames or birth dates. And, of course, do never use data such as your DNI or telephone number.
- Avoid using basic keyword sequences (for example: “asdf” or numerical sequences: “1234”, etc.
- Do not repeat the same characters within the same password. (i.e. 111222.
- Do not use data related to the username which are easily deducible or which are based on same. (i.e. do not use nicknames, an actor or fictional character's name as password).
- Do not write your password on a paper or document in which it remains recorded, and do not send it by email or sms. Also do not provide it or mention it in a conversation or communication of any kind.