Table of Contents
Advertisement
USING ACROBAT X PRO
Security
How to protect your digital IDs
When private keys are stored on hardware tokens, smart cards, and other hardware devices that are password- or PIN-
protected, use a strong password or PIN. Never divulge your password to others. If you must write down your
password, store it in a secure location. Contact your system administrator for guidelines on choosing a strong
password. Keep your password strong by following these rules:
• Use eight or more characters.
• Mix uppercase and lowercase letters with numbers and special characters.
• Choose a password that is difficult to guess or hack, but that you can remember without having to write it down.
• Do not use a correctly spelled word in any language, as they are subject to "dictionary attacks" that can crack these
passwords in minutes.
• Change your password on a regular basis.
• Contact your system administrator for guidelines on choosing a strong password.
To protect private keys stored in P12/PFX files, use a strong password and set your password timeout options
appropriately. If using a P12 file to store private keys that you use for signing, use the default setting for password
timeout option. This setting ensures that your password is always required. If using your P12 file to store private keys
that are used to decrypt documents, make a backup copy of your private key or P12 file. You can use the backed up
private key of P12 file to open encrypted documents if you lose your keys.
The mechanisms used to protect private keys stored in the Windows certificate store vary depending on the company
that has provided the storage. Contact the provider to determine how to back up and protect these keys from
unauthorized access. In general, use the strongest authentication mechanism available and create a strong password
or PIN when possible.
What to do if a digital ID is lost or stolen
If your digital ID was issued by a certificate authority, immediately notify the certificate authority and request the
revocation of your certificate. In addition, you should not use your private key.
If your digital ID was self-issued, destroy the private key and notify anyone to whom you sent the corresponding public
key (certificate).
Smart cards and hardware tokens
A smart card looks like a credit card and stores your digital ID on an embedded microprocessor chip. Use the digital
ID on a smart card to sign and decrypt documents on computers that can be connected to a smart card reader. Some
smart card readers include a keypad for typing a personal identification number (PIN).
Similarly, a security hardware token is a small, keychain-sized device that you can use to store digital IDs and
authentication data. You can access your digital ID by connecting the token to a USB port on your computer or mobile
device.
If you store your digital ID on a smart card or hardware token, connect it to your device to use it for signing documents.
More Help topics
"Sharing certificates with
others" on page 228
"Register a digital
ID" on page 240
"About digital
signatures" on page 249
"Securing documents with
certificates" on page 227
Last updated 10/11/2011
242
Advertisement
Table of Contents
