Enable a method of recipient authentication using sender-defined passwords.
Overview
The Signing password authentication method requires a recipient to enter a password that the agreement's sender provides. Passwords as a security method are well understood and easily adopted by recipients who might find more complex authentication methods daunting.
The sender defines the signing password when they compose the agreement, and it must be communicated to the recipient by some out-of-band process (Phone call, email, text).
Availability:
The Signing password is available for all plans.
Configuration scope:
The feature can be enabled at the account and group levels.
The Signing password is not a metered service. There is no charge for use, regardless of volume.
How it's used
The default authentication process challenges the recipient to validate their identity by entering the agreement's signing password in a text field.
- A link is provided for the recipient to contact the sender if they need to obtain the password:
Once the authentication is passed, the recipient is granted access to interact with the agreement as long as the session between their computer and Acrobat Sign persists.
If the recipient closes the agreement window for any reason or allows their session to expire, they must re-authenticate to resume their activity.
Configuring Password authentication when composing a new agreement
When Password authentication is enabled, the sender can select it from the Authentication drop-down to the right of the recipient's email address.
After selecting the Password authentication type, the sender must provide the password string.
Passwords can be up to 32 characters long using alphanumeric characters. The Security Settings dictate the required complexity of the string.
Best Practices and Considerations
- Passwords can be tricky to track for hundreds of agreements. Having an internal convention to build decryptable passwords may be helpful to ensure recipients don't get locked out of their agreements if a password is forgotten.
- Passwords can only be changed for in-process agreements by editing the authentication type on the sender's manage page.
- Passwords should be delivered to the recipient through an out-of-band method (e.g., Phone). Do not include the password in the agreement message.
- If you have the resources, configure the support contact to streamline any customer contacts.
Configuration Options
Signing password authentication has two sets of controls, which are available to be configured at the account and group levels:
- Send Settings, which control the sender's access to the password option.
- Security Settings, which govern the recipient's experience.
The option to use Signing password authentication can be enabled for senders by navigating to Send Settings > Signer Identification Options
- Signing password checkbox - When checked, Password is an available option for the agreements composed in the group.
- (Optional) Support contact - By default, the challenge page for the recipient requiring them to enter the password provides the sender's email address if the recipient needs to contact someone. The optional Support contact field replaces the sender's email address with a phone number or an email address, providing a funnel for inbound queries to a resource dedicated to resolving issues.
- (Optional) By default, use the following method - When Signing passwords are enabled, the option to set Signing password as the default authentication method is available.
Configure a support contact for password questions
At the account or group level, the Acrobat Sign administrator can configure a contact email address or phone number that is inserted into the authentication page when the recipient is prompted to apply the password.
No interaction is required on the part of the users after the setting is configured. The custom email/phone number is automatically embedded in all password authentication screens generated from the configured group/account.
Contact customization only requires an appropriate contact value to be entered into the setting field.
- The default behavior is to use the sender's email address as the contact value.
- The customization field accepts either a phone number or email address.
- The signing password contact can be customized at the account and group levels.
- Group-level configuration overrides the account-level setting for agreements sent from that group.
Configure the Security Settings
The agreement signing password has two control options that can be configured by the admin on the Security Settings page under the Agreement Signing Password section:
- Restrict number of attempts - Enabled by default. If disabled, then recipients can try to enter the password an unlimited number of times.
- Allow Signer XX attempts to enter the agreement password before canceling the agreement - The admin can enter a threshold number to limit the number of attempts a recipient can take to authenticate. Once the number of attempts is crossed, the agreement is automatically canceled, and the sender is notified
- Document Password Strength - This setting defines the minimum complexity of the passwords that are requested for:
- Recipient authentication for agreement access
- Signed agreement encryption (downloaded agreement PDFs)
- Signer Identity Reports (as related to Government ID reporting)
- Recipient authentication for agreement access
The setting values are:
► None - Requires the password to be set with at least one non-whitespace character
► Standard - Requires a minimum of six characters
► Medium - Requires a minimum of seven characters
► Strong - Requires a minimum of eight characters
If you don't see the Security Settings available in your menu, verify that the authentication method is enabled on the Send Settings page.
Individual tier accounts don't have access to the Security Settings tab. For these accounts, the Standard setting value is applied (a minimum of six characters).
Customers in the Acrobat Sign for Government environment don't have access to adjust the document password strength. These accounts must use a password consisting of at least 14 characters, including at least:
- One uppercase alpha character
- One lowercase alpha character
- One number
Audit Report
The audit report clearly indicates the recipient entered a valid password:
If the agreement is canceled due to the recipient being unable to authenticate, the reason is explicitly stated:
Automatic agreement cancellation when a recipient fails to authenticate
If the settings restrict the number of password authentication attempts, and the recipient fails to authenticate that number of times, the agreement is automatically canceled.
The agreement's originator is sent an email announcing the cancellation with a note identifying the recipient who failed to authenticate.
No other parties are notified.