This document will provide information pertaining to various passwords that will be required when requesting Federated Identity Service (FIS) Medium Level of Assurance (MLOA) digital certificate, and using a hardware token device to access the Managed Access Gateway (MAG).
As with any user account, you will need to manage your password. In addition, you will also encounter terms such as one-time password, system generated password, and hardware token password. The table below details the various passwords that each user will be required to input for a digital certificate download and installation, along with the hardware token that has been purchased.
When your account is created with Exostar, you will be required to enter two passwords - a 'system generated password' and a 'one-time password'. These passwords will be provided to you, the user, via email during the registration process and can be easily restored if lost. During your first time login to the Exostar system, you will create your permanent 'Exostar password'. The Exostar password will be used in conjunction with your User ID to access the Exostar system in order to manage your account information and to download your digital certificate.
The 'Certificate Passcode' is issued during the proofing process and is used for download and installation of the digital certificate. It is a one-time passcode assigned to a specific individual. If lost or forgotten, reissuance of the Certificate Passcode will require reproofing, in order to maintain the 'high assurance' that is established when the passcode is assigned during the proofing event.
The hardware token is issued with a generic 'Token Password'. Upon first use of your token, you will be prompted to create your own, unique Token Password. During all subsequent uses of your token, you will be required to enter your Token Password. If lost or forgotten, your Token Password cannot be reset. As with the Certificate Passcode, a Token Password reissuance will require reproofing.
Frequency of Use
Impact of Reset
One Time/As Required
Certificate Passcode (issued by proofer)
Requires in-person proofing to be completed again; charged at Exostar standard rates.
Requires in-person proofing to be completed again; and a new certificate to be issued.
Both will be charged at Exostar standard rates.