- 2 Minutes to read
- Print
- DarkLight
- PDF
Password Security
- 2 Minutes to read
- Print
- DarkLight
- PDF
During Digital Banking enrollment, users must create a username and password to log in to their account. This section describes the requirements and password validators we use to ensure the creation of strong passwords.
Note: There is no default expiration of a user's password. We do not prompt users to change their passwords after a given amount of days.
For troubleshooting username and password issues, go to Username and Password Issues.
Username and Password Requirements
Usernames must be less than 150 characters and may contain letters, numbers, or any of the following special characters: _, @, +, ., -. Usernames are not case-sensitive. User passwords can be 4,096 characters or fewer. Your institution can configure a minimum username length in the Admin Platform under Configurations > Institution Settings > Minimum Number of Characters for Usernames. The default minimum is one character.
The default minimum password length is 8 characters and the minimum can be configured for your financial institution. We highly recommend a minimum password length of at least 10 characters. To configure the minimum password length or any other password conditions, contact support@narmi.com.
Password Validators
By default, we apply the following password validators:
User similarity – Ensures that the password is not too similar to the user's username, first name, last name, or email
Common password – Ensures that the password is not in the 20,000 most common passwords
Numeric password – Ensures that the password is not entirely numeric
Each password validator provides help text to explain the requirements to the user, validates a given password, and returns an error message if it does not meet the requirements.
Additional Password Conditions
Each financial institution can set its own requirements for the parameters below. Minimum requirements can be set for each character that is expected to occur within a password. To configure any of the following password conditions, please contact support@narmi.com.
Password number minimum – Validates whether the password meets the minimum amount of numbers required during the password generation
Password uppercase letter minimum – Validates whether the password meets the minimum amount of uppercase letters required during the password generation
Password lowercase minimum – Validates whether the password meets the minimum amount of lowercase letters required during the password generation
Password symbol minimum – Validates whether the password meets the minimum amount of symbols required during the password generation
Changing Passwords
Users can change their password from the Profile tab of Settings on the web app or My accounts on the mobile app. After changing their password, they will remain logged in to Digital Banking on the device they used. Additionally, the user is logged out of any other devices they used before the password change and will be automatically redirected to the login screen.
Once a user changes their password, we send a password change acknowledgment email notification and/or SMS text message to the email address and/or phone number associated with their user profile. The user also receives a push notification if push is enabled on their device. Your institution can customize the text used in the SMS text message that gets sent. To do this, please contact your Narmi Relationship Manager.