Solution
In Trust/Link Enterprise, when an Administrator invites a user to receive a digital certificate, they must define a shared secret that is used when the user opens the link in their Trust/Link invitation email. The shared secret is used to prevent an imposter intercepting the email and in appropriately picking up the digital certificate.
Once logged in for the initial time using the shared secret, the user will choose their own long term password that is used to manage their digital certificate in future.
The Administrator has two options when creating the shared secret:
- Choose an answer that will be communicated out-of-band to the Registrant by checking the “Shared Secret Answer” box and completing the corresponding answer.
- Choose a shared secret question and answer that the Registrant will be able to correctly answer on their own. You may also define a “guidance line” to help them properly format their answer.
What are some examples of a shared secret?
- Partial employee ID number
- Word or phrase provided over the phone
- Partial passport number or driver's license number
- Word or phrase known only between Administrator and user
What information should I never use as a shared secret?
Below are a few examples of what you should never use as a shared secret:
- Credit card number
- Full passport number
- Full driver's license number
- Easily obtainable information (Example: date of birth, company extension, etc.)