Fair Isaac Product Name User s Guide ENHANCEMENT NOTIFICATION 6.1.2 Fair Isaac LenStar Security Requirements
This document is the confidential, unpublished property of Fair Isaac Corporation. Receipt or possession of it does not convey rights to divulge, reproduce, use, or allow others to use it except as expressly provided in the license agreement between user and Fair Isaac Corporation. The information in this document is subject to change without notice. If you find any problems in this documentation, please report them to us in writing. Fair Isaac Corporation does not warrant that this documentation is error-free, nor are there any other warranties with respect to the documentation except as may be provided in the license agreement. Copyright 2004 Fair Isaac Corporation. All rights reserved. Fair Isaac and LenStar are trademarks or registered trademarks of Fair Isaac Corporation, in the United States and/or in other countries. Other product and company names herein may be trademarks of their respective owners. Last Revised 12/17/04 Version 6.1.2 Template LG4.2
Contents Contents LenStar Security Requirements....................... 5 Introduction........................................................................ 5 Password Requirements.............................................................. 6 Initial Login Procedure............................................................... 7 Forgotten Passwords............................................................... 9 Additional Security Enhancements.................................................... 10 Deactivating User Accounts........................................................ 10 Resetting User Passwords......................................................... 11 Locked User Accounts............................................................ 12 Duplicate User Names............................................................ 13 Fair Isaac Confidential and Proprietary Information 3
Contents 4 Fair Isaac Confidential and Proprietary Information
LenStar Security Requirements Introduction In response to customer feedback, security enhancements have been made to the login procedure on the LenStar Web site. This document provides an explanation and instructions for the new security requirements, including: Password Requirements Initial Login Procedure Additional Security Enhancements Fair Isaac Confidential and Proprietary Information 5
: Password Requirements The following requirements apply to all LenStar users within LenStar passwords must meet the following criteria: At least one uppercase letter At least one lowercase letter At least one digit Eight or more total characters Cannot contain more than two consecutive characters (ex: $$$, 222, aaa) After the password is changed, it cannot be changed again for 24 hours. If the user attempts to change the password within 24 hours, a message appears stating, The password has been changed in the last 24 hours and cannot be changed until the 24 hour period has expired. Users with manager access can change a password in the Add/Edit User section. Expired passwords cannot be reused in the next 10 password changes. Expired passwords are stored in an encryption protected database. Passwords expire every 45 days. Passwords issued by LenStar Support or the Servicer/Vendor Security Administrator is valid only for the initial login. Users are prompted to change the original password and security questions upon login. 6 Fair Isaac Confidential and Proprietary Information
LenStar Security Requirements Enhancement Notification Initial Login Procedure This section contains information on logging in to LenStar for the first time using the enhancement or the password provided by LenStar Support or the Servicer/Vendor Security Administrator. This procedure includes changing the password for the first time using this enhancement or the temporary password issued by LenStar Support or the Servicer/ Vendor Security Administrator, and setting up your security questions and answers. These questions are used to retrieve forgotten passwords, and by LenStar support for user verification. To log in to LenStar: 1 Access www.lenstar.com, www.lenstarweb.com, or www2.lenstarweb.com. 2 Enter your LenStar User Name in the User Name text box. 3 Enter the temporary password in the Password text box. 4 Enter the account in the Account text box. Fair Isaac Confidential and Proprietary Information 7
: 5 Click Login. The LenStarWeb User Login page appears notifying you that the password has expired, and you are prompted to change the password. 6 Enter the original password in the Old Password text box. 7 Enter your new password in the New Password and Retype New Password text boxes. 8 Select three questions from the drop down menus, and enter your answers in the corresponding text boxes. Note Please record your questions and answers. Your selected questions do not appear automatically in the drop down menu fields, so it is important that you remember both your questions and answers. These questions are also used for identification when calling LenStar support. 9 Click Login. Your password has been changed. 8 Fair Isaac Confidential and Proprietary Information
LenStar Security Requirements Enhancement Notification Forgotten Passwords If you need to retrieve a forgotten password, click the Forgot your password? link. The following information is needed to reset a forgotten password: User Name Account Security questions and answers Fair Isaac Confidential and Proprietary Information 9
: Additional Security Enhancements This section provides information on additional enhancements made to the LenStar Web site, including: De activating User Accounts Resetting User Passwords Locked User Accounts Duplicate User Names Deactivating User Accounts This enhancement is applicable to all LenStar users. This feature allows a manager or LenStar support to de activate an account so that users cannot use it to log in. Click the De Activate Account button to de activate the account. Note If an account has been de activated, an Activate Account button is displayed. Click the Activate Account button to re activate the account. Click to deactivate the account 10 Fair Isaac Confidential and Proprietary Information
LenStar Security Requirements Enhancement Notification Resetting User Passwords This enhancement allows managers to reset user passwords. Previous to this enhancement, managers could manually change a user s password. With this modification, managers can click the Reset Password button, and the system automatically generates a new password and deletes the user s security questions and answers. The user can then establish a new password and security questions using the generated temporary password. Click to reset user passwords Fair Isaac Confidential and Proprietary Information 11
: Locked User Accounts This security feature locks user accounts after 5 unsuccessful login attempts. LenStar support or users with manager access can unlock a user account on the Add/ Edit User page. Click the Unlock Account button to unlock a user account. Click to unlock a user account 12 Fair Isaac Confidential and Proprietary Information
LenStar Security Requirements Enhancement Notification Duplicate User Names With this security enhancement, duplicate user names are not allowed. Fair Isaac Confidential and Proprietary Information 13
: 14 Fair Isaac Confidential and Proprietary Information