Common use of User Authentication Clause in Contracts

User Authentication. 9.7.1 Users will usually be authenticated by use of a password. Strong authentication methods (e.g. one- time passwords, digital signatures, etc.) may be required in the future. 9.7.2 Passwords must not be stored in script files. 9.7.3 Passwords must be entered by the user. 9.7.4 Passwords must be at least 6-8 characters in length, not blank or a repeat of the user id; contain at least one letter, and at least one number or special character must be in a position other than the first or last one. This format will ensure that the password is hard to guess. Most systems are capable of being configured to automatically enforce these requirements. Where a system does not mechanically require this format, the users must manually follow the format. 9.7.5 Systems will require users to change their passwords regularly (usually every 31 days). 9.7.6 Systems are to be configured to prevent users from reusing the same password for 6 changes/months. 9.7.7 Personal passwords must not be shared. A user who has shared his password is responsible for any use made of the password.

User Authentication. 9.7.1 Users will usually be authenticated by use of a password. Strong authentication methods (e.g. one- time passwords, digital signatures, etc.) may be required in the future. 9.7.2 Passwords must not be stored in script files. 9.7.3 Passwords must be entered by the user. 9.7.4 Passwords must be at least 6-8 characters in length, not blank or a repeat of the user idID; contain at least one letter, and at least one number or special character must be in a position other than the first or last one. This format will ensure that the password is hard to guess. Most systems are capable of being configured to automatically enforce these requirements. Where a system does not mechanically require this format, the users must manually follow the format. 9.7.5 Systems will require users to change their passwords regularly (usually every 31 days). 9.7.6 Systems are to be configured to prevent users from reusing the same password for 6 changes/months. 9.7.7 Personal passwords must not be shared. A user who has shared his password is responsible for any use made of the password.

User Authentication. 9.7.1 8.8.1 Users will usually be authenticated by use of a password. Strong authentication methods (e.g. one- e.g., one-time passwords, digital signatures, etc.) may be required in the future. 9.7.2 8.8.2 Passwords must not be stored in script files. 9.7.3 8.8.3 Passwords must be entered by the user. 9.7.4 8.8.4 Passwords must be at least 6-8 characters in length, not blank or a repeat of the user idID; contain at least one letter, and at least one number or special character must be in a position other than the first or last oneposition. This format will ensure that the password is hard to guess. Most systems are capable of being configured to automatically enforce these requirements. Where a system does not mechanically require this format, the users must manually follow the format. 9.7.5 8.8.5 Systems will require users to change their passwords regularly (usually every 31 thirty-one (31) days). 9.7.6 . Page 55 of 127 Contract Id: 4875779 8.8.6 Systems are to be configured to prevent users from reusing the same password for 6 six (6) changes/months. 9.7.7 8.8.7 Personal passwords must not be shared. A Any user who has shared his password is responsible for any use made of the password.

User Authentication. 9.7.1 11.7.1 Users will usually be authenticated by use of a password. Strong authentication methods (e.g. one- one time passwords, digital signatures, etc.) may be required in the future. 9.7.2 11.7.2 Passwords must not be stored in script files. 9.7.3 11.7.3 Passwords must be entered by the useruser in real time. 9.7.4 11.7.4 Passwords must be at least 6-8 characters in length, not blank or a repeat of the user iduserid; contain at least one letter, and at least one number or special character must be in a position other than the first or last one. This format will ensure that the password is hard to guess. Most systems are capable of being configured to automatically enforce these requirements. Where a system does not mechanically require this format, the users must manually follow the format. 9.7.5 11.7.5 Systems will require users to change their passwords regularly (usually every 31 days). 9.7.6 11.7.6 Systems are to be configured to prevent users from reusing the same password for 6 changes/months. 9.7.7 11.7.7 Personal passwords must not be shared. A user who has shared his password is responsible for any use made of the password.