Home
Videos & Tutorials
Cybersecurity Beyond the Norm
Password Policy
WinCC OA offers two password policies. Learn about the differences between the WinCC OA Policy and the Active Directory Policy and some more benefits like MFA and SSO.

Videos & Tutorials
- Things to know about WinCC OA
- Cybersecurity Beyond the Norm
  - Introduction
    Welcome to our SIMATIC WinCC OA Security series. In this series, we focus on the importance of security in SCADA systems, especially in light of the EU Cyber Resilience Act.
  - WinCC OA Security Guideline
    The Security Guideline ensures WinCC OA clients stay safe. Think of it as your personal GPS for using WinCC OA securely in a productive environment. Watch this episode to learn more!
  - Security Certification
    WinCC OA meets all required security standards for IEC 62443 certification. Regular external audits every three years reinforce this commitment. Discover how you will benefit from this proactive approach to security!
  - Security by Default
    WinCC OA comes with its built-in expert knowledge and Secure by Default configuration. This is a development principle ensuring that security measures are enabled right from the installation. This episode will provide guidance on working with this ready-to-use security template.
  - Certificates
    Certificates serve as proof of identity and protect data communication in your WinCC OA project. Learn more about the ways to obtain certificates in the WinCC OA universe and why customization of default certificates is advisable.
  - Password Policy
    WinCC OA offers two password policies. Learn about the differences between the WinCC OA Policy and the Active Directory Policy and some more benefits like MFA and SSO.
  - Safety
    Safety is an essential aspect of industrial automation systems. Key points include IEC 61508 certification, emphasizing risk assessment and Safety Integrity Levels (SILs). Understand the concept of a safety related system and safety-certified components like WinCC OA and the benefits of our WinCC OA Safety Manual.
  - Server Side Authentication
    Authentication ensures that only authorized individuals, services, and applications can access company resources. In WinCC OA, we have adopted Server Side Authentication (SSA) as the default authentication method since version 3.17. Discover the top three advantages of SSA by tuning in to this episode.
  - Defense in Depth
    A single protection measure is not sufficient to defend against today’s dynamic and evolving threats. That’s why we have adopted a Defense in Depth strategy which leverages multiple security layers to safeguard your WinCC OA projects. Think of it as a series of concentric circles, each reinforcing the other. This video will give you a concise overview of this approach.
  - Security Workshop
    Certified engineers seeking to master WinCC OA security methods can deepen their technical expertise on security topics by participating in our WinCC OA Security Workshop. Explore this video to uncover the details.

Password Policy

WinCC OA offers two password policies. Learn about the differences between the WinCC OA Policy and the Active Directory Policy and some more benefits like MFA and SSO.

Video Information

Length: 2:50
Language: English

Transcript

Hello and welcome to our security series. I am Mounier, your host. In this video, we will talk about the importance and the key elements of a password policy.

A password policy defines and sets the rules for the password strength, and also if you need to change it and how often.

So, what rules apply to the WinCC OA password policy?

A password in WinCC OA must contain at least eight characters.
One of these characters must be an uppercase letter, and one must be a special character.
Do not use the same password twice.
Avoid character repetition, keyboard patterns, and dictionary words.
Refrain from utilizing data linked to the user or their account.

This password policy is valid only for users created in WinCC OA and can be modified according to current security requirements by an authorized user.

As an option to the WinCC OA password policy, it is possible to work with users existing in an Active Directory. WinCC OA offers the opportunity to synchronize these users with the WinCC OA project. The benefit of an Active Directory Authentication is that you only need to manage a single user database in the Active Directory, rather than maintaining separate databases in both systems -

in WinCC OA and in the Active Directory.

But bear in mind that by selecting the Active Directory option, the WinCC OA password policy is deactivated, and the Active Directory policy is active.

The main difference between the two methods is their approach to password management. For example, the Active Directory password policy includes features such as a cyclic and mandatory switch of passwords and is more comprehensive. Meanwhile, the WinCC OA password policy focuses on user-friendliness and simplicity in WinCC OA and is ideal for local and smaller-scale environments.

The best comes last; Multifactor authentication is enabled by logging in at the Operating System level AND identifying oneself on WinCC OA via Single Sign-On. Isn’t this cool?

OK, thank you for watching and stay secure! Don’t forget to follow us on LinkedIn and YouTube and be ready for our next episode of this video series.