Take the MyExostar User Experience Survey
  • Federated Identity Service (FIS)

  • Managing Passwords


    This document will provide information pertaining to various passwords that will be required when requesting Federated Identity Service (FIS) Medium Level of Assurance (MLOA) digital certificate, and using a hardware token device to access the Managed Access Gateway (MAG).

    As with any user account, you will need to manage your password. In addition, you will also encounter terms such as one-time password, system generated password, and hardware token password. The table below details the various passwords that each user will be required to input for a digital certificate download and installation, along with the hardware token that has been purchased. 

    Exostar Passwords

    When your account is created with Exostar, you will be required to enter two passwords - a 'system generated password' and a 'one-time password'.  These passwords will be provided to you, the user, via email during the registration process and can be easily restored if lost.  During your first time login to the Exostar system, you will create your permanent 'Exostar password'.  The Exostar password will be used in conjunction with your User ID to access the Exostar system in order to manage your account information and to download your digital certificate.

    Certificate Passcode

    The 'Certificate Passcode' is issued during the proofing process and is used for download and installation of the digital certificate.  It is a one-time passcode assigned to a specific individual.  If lost or forgotten, reissuance of the Certificate Passcode will require reproofing, in order to maintain the 'high assurance' that is established when the passcode is assigned during the proofing event.

    Token Password

    The hardware token is issued with a generic 'Token Password'.   Upon first use of your token, you will be prompted to create your own, unique Token Password.   During all subsequent uses of your token, you will be required to enter your Token Password.   If lost or forgotten, your Token Password cannot be reset.  As with the Certificate Passcode, a Token Password reissuance will require reproofing.

    Password Management


    Frequency of Use

    Resettable Online?

    Impact of Reset

    Exostar Password(s)

    One Time/As Required



    Certificate Passcode (issued by proofer)

    One Time


    Requires in-person proofing to be completed again; charged at Exostar standard rates.

    Token Password

    Each Login


    Requires in-person proofing to be completed again; and a new certificate to be issued.

    Both will be charged at Exostar standard rates.