May 26, 2026

Password Specifications and Requirements

OVERVIEW: This article covers password specifications, requirements, and related credential guidelines across GlobalSign products and services.To manage your account login details or reset a password, refer to this page.

Pickup Password

The Pickup Password (or Temporary Pickup Password) is created during the certificate ordering process and is required to download your certificate. It verifies your identity as the certificate owner, protects your data, and is valid for a single-use only.

Password Requirements and Usage:

• Must contain at least 8 alphanumeric characters.
• Must NOT contain any special characters.
• Use this password to retrieve your certificate through the download link sent to your email..

For more information on Pickup Password, refer to this guide.

Certificate Password

The Certificate Password is created during the installation process after you are verified by your Pickup Password. It serves as a permanent password and is required to install your certificate.

INFORMATION: This applies to all certificates in PKCS12 (.pfx) format. 

NOTE: Special conditions.

• PersonalSign 1 - The certificate password is system generated. 
• PersonalSign 3 Pro - Requires atleast 12 alphanumeric characters.

Password Requirements and Usage:

• Must contain at least 8 alphanumeric characters.
• Must NOT contain any special characters.
• Enter this password when prompted by the Certificate Installation Wizard.

Special Characters

Special characters such as ( ) { } [ ] | \ ` ¬ ¦ ! " £ $ % ^ & * " < > : ; # ~ _ - + = , @ are NOT ALLOWED when creating a Pickup Password during the certificate ordering process.

NOTE: This rule only applies to Pickup Passwords.

SafeNet eToken

The SafeNet eToken requires the following passwords:

• Administrator Password

This password is used to configure and manage your hardware token or eToken.

Default Value: The factory default password is the number "0" entered forty-eight (48) times (specifically for the 5110 CC (940) model version provided by the manufacturer).

WARNING: If the Administrator Password is lost, forgotten, or entered incorrectly several times, the eToken will be permanently locked. In this event, a replacement hardware token must be purchased.

• eToken Password

You will need this password whenever you want to access your eToken certificate store. If you ever lose or forget it, you can set up a new one by reinitializing the device using your Administrator Password.

IMPORTANT: Reinitializing your eToken will delete all certificates currently installed on the token. If you have existing certificates on the eToken, they will be removed permanently and will have to be reissued and installed again. See Initialize SafeNet eToken 5110 CC (940) Version for reference.

• Digital Signature PIN and PUK

These login details add an extra layer of internal security to your device. Although they aren't used very often, they are still a necessary part of the setup process.

Default Value: The factory default password is the number "0" entered forty-eight (48) times (specifically for the 5110 CC (940) model version provided by the manufacturer).

WARNING:  If the Digital Signature PUK or PIN is lost, forgotten, or entered incorrectly several times, the eToken will be permanently locked. If a token is lost, blocked, or otherwise unusable due to customer actions, a replacement hardware token must be purchased.

Password Requirements and Usage

• Must contain at least 8 alphanumeric characters.
• Special characters such as ( ) { } [ ] | \ ` ¬ ¦ ! " £ $ % ^ & * " < > : ; # ~ _ - + = , @ are ALLOWED.