Quick Reference Guide
Trusted Platform Module (TPM) Quick Reference Guide 5
However, migratable keys may not be the appropriate level of
protection needed for the application when the user wants the
data restricted to a single platform. This requires a non-
migratable key. Non-migratable keys carry with them a usage
deficit in that while the key may be backed up and restored
(protected from hard disk failure) they are not protected
against system or TPM failure. The very nature of a non-
migratable key is that they can be used on one and only one
TPM. In the event of a system or TPM failure, all non-
migratable keys and the data associated with them will be
inaccessible and unrecoverable.
The following precautions and procedures may assist in
recovering from any of the previously listed situations.
Failure to implement these security precautions and
procedures may result in unrecoverable data loss.
Password Procedures
The Wave* Systems EMBASSY* Security Center software allows
users to configure passwords from 8 to 255 characters.
A good password should consist of:
• At least one upper case letter (A to Z)
• At least one numerical character (0 to 9)
• At least one symbol character (!, @, &, etc.)
Example Passwords: “I wear a Brown hat 2 worK @ least once-
a-month” or “uJGFak&%)adf35a9m”
NOTE
Avoid using names or dates that can be easily guessed, such as
birthdays, anniversaries, family member names, or pet names.
All passwords associated with the EMBASSY Security Center
(owner, TPM Key Archive, and other archives) are NOT
RECOVERABLE and cannot be reset without the original text.
The system owner should document all passwords, store them
in a secured location (a vault, safe deposit box, or off-site
storage), and have them available for future use.
These documents should be updated after any password
changes are made.