The user account has one static password field that can be used in different ways:
- For local static password verification for users who do not have an authenticator (see Authentication without authenticators) or if the local authentication mode in the effective policy is set to DIGIPASS or Password (see Local authentication).
- As request method during challenge/response authentication (see Request methods and request keywords).
- As request method when using Virtual Mobile Authenticator (see Request methods and request keywords).
- For password replacement and auto-learn (see Back-end authentication).
- For back-end authentication, e.g. to retrieve RADIUS attributes (see Back-end authentication).
- For static password authentication during the grace period (see Looking up and checking the user account) or if the local authentication mode in the effective policy is set to DIGIPASS or Password (see Local authentication).
There are four mechanisms to set and update static passwords:
- By an administrator via the Administration Web Interface.
- By the user using password autolearn (see Password autolearning).
- Via Password Synchronization Manager. The password is automatically updated when changed in a Microsoft domain environment (see Static password management).
- Via password randomization. The static password is replaced with a random value unknown to the user. This prevents further use of the static password on the network after successful OTP and back-end authentication (see Static password randomization).