Adobe Acrobat Sign Authentication Method: Signing Password

The Signing password authentication method requires a recipient to enter a password that the agreement's sender provides. Passwords as a security method are well understood and easily adopted by recipients that might find more complex authentication methods daunting.

The sender defines the signing password when they compose the agreement, and it must be communicated to the recipient by some out-of-band process (Phone call, email, text).

The default authentication process challenges the recipient to validate their identity by entering the agreement's signing password in a text field.

• A link is provided for the recipient to contact the sender if they need to obtain the password:

Once the authentication is passed, the recipient is granted access to view and interact with the agreement.

If the recipient closes the agreement window for any reason before completing their action, they will have to re-authenticate to resume.

Configuring Password authentication when composing a new agreement

When Password authentication is enabled, the sender can select it from the Authentication drop-down just to the right of the recipient's email address.

Audit Report

The audit report clearly indicates the recipient entered a valid password:

If the agreement is canceled due to the recipient being unable to authenticate, the reason is explicitly stated:

Best Practices and Considerations

• Passwords can be tricky to track for hundreds of agreements. Having an internal convention to build decryptable passwords may be useful to ensure recipients don't get locked out of their agreements if a password is forgotten
• Passwords can only be changed for in-process agreements by editing the authentication type on the sender's manage page
• Passwords should be delivered to the recipient through an out-of-band method (e.g., Phone). Do not include the password in the agreement message
  

Configuration Options

Signing password authentication has two sets of controls, which are available to be configured at the account and group levels:

• Send Settings, which control the sender's access to the password option
  
• Security Settings, which govern the recipient's experience

Enable the authentication method under Send Settings

The option to use Signing password authentication can be enabled for senders by navigating to  Send Settings > Identity Authentication Methods

• Signing password checkbox - When checked, Password is an available option for the agreements composed in the group
• (Optional) Use password when viewing the agreement after it has been signed - When enabled, any attempt to access the online agreement stored in Adobe Acrobat Sign via link will prompt the requester to enter the same password used to verify the recipient's identity (See below)
  
  • Note: This authentication only challenges access to the original agreement via link, and is different than the password protection to view an agreement's PDF
    
• (Optional) By Default,  use the following method - When Signing passwords are enabled for use, the option to set Signing password as the default authentication method is available

Require authentication to view the original signed agreement via web link

Email templates, like the post-signature verification to the recipient, can contain a link to the original agreement on the  Acrobat Sign servers:

By enabling the Use password when viewing the agreement after it has been signed setting, any attempt to access the agreement via link will be challenged to enter the same password that was used to verify the recipient's identity.

This setting is embedded into the agreement when it is created. Changing the setting does not change the experience for agreements that are already in process.

If the identity verification password for the recipient is changed, the authentication to view the agreement via link adopts the new password as expected.

The challenge process is exactly the same as the original recipient authentication process:

The agreement will not open for viewing until the correct identity password is entered.

There is no option to edit or disable the password authentication after the recipient has signed and completed their action.

Configure the Security Settings

The agreement signing password has three control options that can be configured by the admin on the Security Settings page under the Agreement Signing Password section:

• Restrict number of attempts - Enabled by default. If disabled, then recipients can try to enter the password an unlimited number of times 
  • Allow Signer XX attempts to enter the agreement password before cancelling the agreement - The admin can enter a threshold number to limit the number of attempts a recipient can take to authenticate. Once the number of attempts is crossed, the agreement is automatically canceled and the sender is notified
• Document Password Strength - This setting defines the minimum complexity of the passwords that are requested for:
  • Recipient authentication for agreement access
    
  • Signed agreement encryption (downloaded agreement PDFs)
    
  • Signer Identity Reports (as related to Government ID reporting)

The setting values are:

► None - Requires the password to be set with at least one non-whitespace character

► Standard - Requires a minimum of 6 characters

► Medium - Requires a minimum of 7 characters

► Strong - Requires a minimum of 8 characters

Automatic agreement cancelation when a recipient fails to authenticate

If the settings restrict the number of password authentication attempts, and the recipient fails to authenticate that number of times, the agreement is automatically canceled.

The agreement's originator is sent an email announcing the cancelation with a note identifying the recipient that failed to authenticate.

No other parties are notified.