9-6.2 Personal Identification Numbers

PINs are a specialized type of authenticator that are used in conjunction with unique identifiers to verify the identity of users before allowing them access to information resources. Use Postal Service 4-digit PINs only for limited interfaces such as the Integrated Voice Response (IVR) based non-sensitive applications. Do not use Postal Service 4-digit PINs for Human Resource self-service web-based applications.

Where technologically capable, use of PINs with increased complexity are mandatory in order to meet challenges posed by increasing information security threats and developing technological advancements. Where technically capable, these PINs must include the following composite design: eight-character minimum combination of numbers, letters, and special characters, with a defined window for expiration.

Like passwords, PINs must be treated as sensitive information and must not be disclosed. All personnel must comply with Postal Service policies regarding PIN management and usage and are directly responsible for all actions taken using an assigned identifier and PIN.

9-6.2.1 PIN Generation and Selection Requirements

To ensure that PINs retain integrity and confidentiality, PINs must be protected during generation and dissemination. All personnel are encouraged to change their PIN from the initial assignment. PINs must:

  1. Be a minimum of four characters in length, two of which are unique.
  2. Avoid obvious combinations or sequences.
  3. Avoid well-known or easily guessed combinations (e.g., social security number, telephone number, and house address).

9-6.2.2 PIN Distribution

Secure delivery methods include First Class Mail, an encrypted delivery system, or personal delivery to the user. New or replacement PINs must not be delivered by telephone, facsimile, or electronic mail to protect against unauthorized disclosure.

9-6.2.3 PIN Protection

PINs must be committed to memory or stored in a secure location. Information resources must store PIN data in an encrypted format that meets Postal Service encryption standards. All access, additions, modifications, and deletions to the PIN data must be logged and monitored. If PIN authentication is performed over an open network, such as the Internet, PINs must be encrypted during transmission according to Postal Service encryption standards.

9-6.2.4 Forgotten PINs

When requesting replacement of a forgotten PIN, the user must be prepared to provide some predetermined shared secret that only the user would know for validation purposes. All forgotten PINs must be replaced with securely delivered new PINs.

9-6.2.5 Suspension

When using a PIN for authentication, the information resource must be disconnected after three incorrect entries and the PIN account suspended after six incorrect entries. When a suspended PIN account is reactivated, the user must be assigned a new PIN that is delivered via secure methods.

9-6.2.6 PIN Cancellation and Destruction

A PIN suspected of compromise must be cancelled immediately and a new PIN generated and delivered via secure methods. Unauthorized users who no longer require access to the system must be removed immediately. All PIN data must be destroyed when the user no longer requires access to the system or leaves Postal Service employment.

9-6.2.7 PINs Used for Financial Transactions

PINs used for financial transactions must comply with American National Standards Institute Financial Services Technical Publication X9.8, PIN Management and Security. Financial transactions at high risk for fraud may not be suitable for reliance on PINs as the primary authentication mechanism.