Skip to content.
|Networking government in New Zealand.

1. Introduction

This Password Standard is one of the New Zealand E-government Interoperability Framework (NZ e-GIF) authentication standards. These standards outline current accepted good practice for the design (or re-design) of the authentication component for online services that require confidence in the identity of parties transacting with government agencies.

The authentication process consists of establishing and then confirming the established identity over time. Establishing identity requires verified evidence of a person’s identity, so that he or she can be set up as an online service customer. The ongoing confirmation of identity requires the use of an ‘authentication key’, such as a password, to authenticate identity across the Internet.

The suite of authentication standards and documents comprises:

  • Guide to Authentication Standards for Online Services
  • Evidence of Identity Standard
  • Authentication Key Strengths Standard
  • Data Formats for Identity Records Standard
  • Password Standard
  • Other authentication key standards (to be developed)
  • New Zealand Security Assertion Messaging Standard (in preparation)
  • Guidance on Multi-factor Authentication
  • Security Assertion Messaging Framework.

Further information on multi-factor authentication is contained in the document Guidance on Multi-factor Authentication. The Guidance on Multi-factor Authentication may be superseded once other authentication key standards are developed. The Security Assertion Messaging Framework provides a general introduction to security assertion messaging. The Guide to Authentication Standards for Online Services should be read before reading this Standard, as it provides a high-level overview of the authentication standards.

This Standard gives the specific requirements for password authentication keys to be used for online services in the Low Risk Category (the service risk categories are outlined in the Evidence of Identity Standard). These requirements are given in section 6. Section 5 describes relevant concepts, while the terms used in this Standard are defined in 4.6.

The Authentication Key Strengths Standard, to which this Standard is related, details more general protections for online services. Therefore, agencies need to use the Authentication Keys Strengths Standard in conjunction with this Standard as both standards contain requirements for services within the Low Risk Category.

[ Previous ] [ Next ]